Total
1345 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32012 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 1 more | 2025-01-01 | 7.8 High |
| Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-21722 | 1 Microsoft | 22 .net Framework, Windows 10 1507, Windows 10 1511 and 19 more | 2025-01-01 | 5 Medium |
| .NET Framework Denial of Service Vulnerability | ||||
| CVE-2023-21567 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-01-01 | 5.6 Medium |
| Visual Studio Denial of Service Vulnerability | ||||
| CVE-2023-21760 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-01 | 7.1 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2023-21725 | 1 Microsoft | 1 Windows Malicious Software Removal Tool | 2025-01-01 | 6.3 Medium |
| Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | ||||
| CVE-2023-21678 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2025-01-01 | 7.8 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2023-21542 | 1 Microsoft | 9 Windows 10 1607, Windows 7, Windows 8.1 and 6 more | 2025-01-01 | 7 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2024-43470 | 1 Microsoft | 1 Azure Network Watcher Agent | 2024-12-31 | 7.3 High |
| Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||
| CVE-2024-38188 | 1 Microsoft | 1 Azure Network Watcher Agent | 2024-12-31 | 7.1 High |
| Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||
| CVE-2024-52050 | 1 Trendmicro | 2 Apexone Op, Apexone Saas | 2024-12-31 | 7.8 High |
| A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-7234 | 1 Avg | 2 Anti-virus, Antivirus | 2024-12-19 | 7.8 High |
| AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22260. | ||||
| CVE-2024-7235 | 1 Avg | 1 Antivirus | 2024-12-19 | 5.5 Medium |
| AVG AntiVirus Free Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. . Was ZDI-CAN-22803. | ||||
| CVE-2024-7236 | 1 Avg | 1 Antivirus | 2024-12-19 | 5.5 Medium |
| AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Installer. By creating a symbolic link, an attacker can abuse the update functionality to create a file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. Was ZDI-CAN-22942. | ||||
| CVE-2024-7237 | 1 Avg | 2 Anti-virus, Antivirus | 2024-12-19 | 7.8 High |
| AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22960. | ||||
| CVE-2023-43078 | 1 Dell | 699 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 696 more | 2024-12-19 | 6.7 Medium |
| Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service. | ||||
| CVE-2024-56074 | 2024-12-16 | 5.5 Medium | ||
| gitingest before 9996a06 mishandles symbolic links that point outside of the base directory. | ||||
| CVE-2024-44132 | 1 Apple | 1 Macos | 2024-12-12 | 8.4 High |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox. | ||||
| CVE-2024-37143 | 2024-12-11 | 10 Critical | ||
| Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2024-7232 | 1 Avast | 1 Free Antivirus | 2024-12-11 | 7.8 High |
| Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22963. | ||||
| CVE-2024-7238 | 1 Vipre | 1 Advanced Security | 2024-12-11 | 7.8 High |
| VIPRE Advanced Security SBAMSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22238. | ||||