Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5834 | 1 Hashicorp | 1 Vagrant | 2024-11-21 | N/A | 3.8 LOW |
| HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0. | |||||
| CVE-2023-40623 | 1 Sap | 1 Businessobjects | 2024-11-21 | N/A | 6.2 MEDIUM |
| SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system. | |||||
| CVE-2023-32474 | 1 Dell | 1 Display Manager | 2024-11-21 | N/A | 6.6 MEDIUM |
| Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion | |||||
| CVE-2023-32470 | 1 Dell | 1 Digital Delivery | 2024-11-21 | N/A | 5.0 MEDIUM |
| Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). | |||||
| CVE-2023-32454 | 1 Dell | 1 Update Package Framework | 2024-11-21 | N/A | 6.3 MEDIUM |
| DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | |||||
| CVE-2023-23698 | 1 Dell | 2 Alienware Update, Command Update | 2024-11-21 | N/A | 5.5 MEDIUM |
| Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete. | |||||
| CVE-2022-42291 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | N/A | 8.2 HIGH |
| NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory. | |||||
| CVE-2024-7400 | 2024-09-30 | N/A | N/A | ||
| The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so. | |||||