Vulnerabilities (CVE)

Filtered by CWE-59
Total 1156 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-43603 1 Microsoft 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more 2024-10-17 N/A 5.5 MEDIUM
Visual Studio Collector Service Denial of Service Vulnerability
CVE-2024-43551 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2024-10-17 N/A 7.8 HIGH
Windows Storage Elevation of Privilege Vulnerability
CVE-2024-38097 1 Microsoft 1 Azure Monitor Agent 2024-10-16 N/A 7.1 HIGH
Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2024-45316 2024-10-15 N/A 7.8 HIGH
The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack.
CVE-2024-27458 2024-10-07 N/A 8.8 HIGH
A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support.
CVE-2024-8404 1 Papercut 2 Papercut Mf, Papercut Ng 2024-10-03 N/A 7.8 HIGH
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split from CVE-2024-3037.
CVE-2024-46744 1 Linux 1 Linux Kernel 2024-09-30 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. squashfs_read_inode() is called to read the symbolic link from disk. This assigns the corrupted value 3875536935 to inode->i_size. 2. Later squashfs_symlink_read_folio() is called, which assigns this corrupted value to the length variable, which being a signed int, overflows producing a negative number. 3. The following loop that fills in the page contents checks that the copied bytes is less than length, which being negative means the loop is skipped, producing an uninitialised page. This patch adds a sanity check which checks that the symbolic link size is not larger than expected. -- V2: fix spelling mistake.
CVE-2024-44131 1 Apple 3 Ipados, Iphone Os, Macos 2024-09-24 N/A 5.5 MEDIUM
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.
CVE-2024-44178 1 Apple 1 Macos 2024-09-24 N/A 5.5 MEDIUM
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
CVE-2024-38188 1 Microsoft 1 Azure Network Watcher Agent 2024-09-17 N/A 7.1 HIGH
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2024-43470 1 Microsoft 1 Azure Network Watcher Agent 2024-09-17 N/A 7.3 HIGH
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2024-39578 1 Dell 1 Powerscale Onefs 2024-09-03 N/A 6.3 MEDIUM
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.
CVE-2023-43078 2024-08-28 N/A 6.7 MEDIUM
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
CVE-2024-5928 1 Vipre 1 Advanced Security 2024-08-23 N/A 7.8 HIGH
VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22315.
CVE-2024-38084 1 Microsoft 1 Officeplus 2024-08-16 N/A 7.8 HIGH
Microsoft OfficePlus Elevation of Privilege Vulnerability
CVE-2024-38098 1 Microsoft 1 Azure Connected Machine Agent 2024-08-16 N/A 7.8 HIGH
Azure Connected Machine Agent Elevation of Privilege Vulnerability