Total
1156 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-28916 | 2024-11-21 | N/A | 8.8 HIGH | ||
Xbox Gaming Services Elevation of Privilege Vulnerability | |||||
CVE-2024-28907 | 2024-11-21 | N/A | 7.8 HIGH | ||
Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||
CVE-2024-28189 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1. | |||||
CVE-2024-28185 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox. | |||||
CVE-2024-27885 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 6.3 MEDIUM |
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5. An app may be able to modify protected parts of the file system. | |||||
CVE-2024-26238 | 2024-11-21 | N/A | 7.8 HIGH | ||
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | |||||
CVE-2024-26216 | 2024-11-21 | N/A | 7.3 HIGH | ||
Windows File Server Resource Management Service Elevation of Privilege Vulnerability | |||||
CVE-2024-26199 | 2024-11-21 | N/A | 7.8 HIGH | ||
Microsoft Office Elevation of Privilege Vulnerability | |||||
CVE-2024-26158 | 2024-11-21 | N/A | 7.8 HIGH | ||
Microsoft Install Service Elevation of Privilege Vulnerability | |||||
CVE-2024-23459 | 2024-11-21 | N/A | 7.1 HIGH | ||
An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7. | |||||
CVE-2024-21447 | 2024-11-21 | N/A | 7.8 HIGH | ||
Windows Authentication Elevation of Privilege Vulnerability | |||||
CVE-2024-21397 | 1 Microsoft | 1 Azure File Sync | 2024-11-21 | N/A | 5.3 MEDIUM |
Microsoft Azure File Sync Elevation of Privilege Vulnerability | |||||
CVE-2024-21329 | 1 Microsoft | 1 Azure Connected Machine Agent | 2024-11-21 | N/A | 7.3 HIGH |
Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||||
CVE-2024-20656 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
Visual Studio Elevation of Privilege Vulnerability | |||||
CVE-2024-1329 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 7.7 HIGH |
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14. | |||||
CVE-2024-0206 | 2 Microsoft, Trellix | 2 Windows, Anti-malware Engine | 2024-11-21 | N/A | 7.1 HIGH |
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files | |||||
CVE-2024-0068 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1. | |||||
CVE-2023-7216 | 2 Gnu, Redhat | 2 Cpio, Enterprise Linux | 2024-11-21 | N/A | 5.3 MEDIUM |
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks. | |||||
CVE-2023-6336 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2024-11-21 | N/A | 7.2 HIGH |
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | |||||
CVE-2023-6335 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2024-11-21 | N/A | 6.4 MEDIUM |
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. |