Vulnerabilities (CVE)

Filtered by CWE-59
Total 1156 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-28916 2024-11-21 N/A 8.8 HIGH
Xbox Gaming Services Elevation of Privilege Vulnerability
CVE-2024-28907 2024-11-21 N/A 7.8 HIGH
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-28189 2024-11-21 N/A 10.0 CRITICAL
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1.
CVE-2024-28185 2024-11-21 N/A 10.0 CRITICAL
Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox.
CVE-2024-27885 1 Apple 1 Macos 2024-11-21 N/A 6.3 MEDIUM
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5. An app may be able to modify protected parts of the file system.
CVE-2024-26238 2024-11-21 N/A 7.8 HIGH
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
CVE-2024-26216 2024-11-21 N/A 7.3 HIGH
Windows File Server Resource Management Service Elevation of Privilege Vulnerability
CVE-2024-26199 2024-11-21 N/A 7.8 HIGH
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-26158 2024-11-21 N/A 7.8 HIGH
Microsoft Install Service Elevation of Privilege Vulnerability
CVE-2024-23459 2024-11-21 N/A 7.1 HIGH
An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7.
CVE-2024-21447 2024-11-21 N/A 7.8 HIGH
Windows Authentication Elevation of Privilege Vulnerability
CVE-2024-21397 1 Microsoft 1 Azure File Sync 2024-11-21 N/A 5.3 MEDIUM
Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVE-2024-21329 1 Microsoft 1 Azure Connected Machine Agent 2024-11-21 N/A 7.3 HIGH
Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-20656 1 Microsoft 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more 2024-11-21 N/A 7.8 HIGH
Visual Studio Elevation of Privilege Vulnerability
CVE-2024-1329 1 Hashicorp 1 Nomad 2024-11-21 N/A 7.7 HIGH
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14.
CVE-2024-0206 2 Microsoft, Trellix 2 Windows, Anti-malware Engine 2024-11-21 N/A 7.1 HIGH
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files
CVE-2024-0068 2024-11-21 N/A 5.5 MEDIUM
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.
CVE-2023-7216 2 Gnu, Redhat 2 Cpio, Enterprise Linux 2024-11-21 N/A 5.3 MEDIUM
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
CVE-2023-6336 2 Apple, Hypr 2 Macos, Workforce Access 2024-11-21 N/A 7.2 HIGH
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
CVE-2023-6335 2 Hypr, Microsoft 2 Workforce Access, Windows 2024-11-21 N/A 6.4 MEDIUM
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.