Total
1140 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35633 | 1 Microsoft | 3 Windows 10 1507, Windows Server 2008, Windows Server 2012 | 2024-05-29 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35624 | 1 Microsoft | 1 Azure Connected Machine Agent | 2024-05-29 | N/A | 7.3 HIGH |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||||
| CVE-2023-35379 | 1 Microsoft | 1 Windows Server 2008 | 2024-05-29 | N/A | 7.8 HIGH |
| Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability | |||||
| CVE-2023-32012 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 1 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-29351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 8.1 HIGH |
| Windows Group Policy Elevation of Privilege Vulnerability | |||||
| CVE-2023-29343 | 1 Microsoft | 1 Windows Sysmon | 2024-05-29 | N/A | 7.8 HIGH |
| SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | |||||
| CVE-2023-28222 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 7.1 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-24904 | 1 Microsoft | 1 Windows Server 2008 | 2024-05-29 | N/A | 7.1 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2024-26199 | 2024-05-29 | N/A | 7.8 HIGH | ||
| Microsoft Office Elevation of Privilege Vulnerability | |||||
| CVE-2024-21432 | 2024-05-29 | N/A | 7.0 HIGH | ||
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2024-21397 | 1 Microsoft | 1 Azure File Sync | 2024-05-29 | N/A | 5.3 MEDIUM |
| Microsoft Azure File Sync Elevation of Privilege Vulnerability | |||||
| CVE-2024-21329 | 1 Microsoft | 1 Azure Connected Machine Agent | 2024-05-29 | N/A | 7.3 HIGH |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-20656 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2024-05-29 | N/A | 7.8 HIGH |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2024-4454 | 2024-05-24 | N/A | 7.3 HIGH | ||
| WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035. | |||||
| CVE-2023-51636 | 2024-05-24 | N/A | 7.8 HIGH | ||
| Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21600. | |||||
| CVE-2024-30060 | 2024-05-17 | N/A | 7.8 HIGH | ||
| Azure Monitor Agent Elevation of Privilege Vulnerability | |||||
| CVE-2021-4287 | 1 Microsoft | 1 Binwalk | 2024-05-17 | N/A | 6.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876. | |||||
| CVE-2019-11879 | 1 Ruby-lang | 1 Webrick | 2024-05-17 | 2.1 LOW | 5.5 MEDIUM |
| The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem. | |||||
| CVE-2008-5135 | 1 Debian | 1 Os-prober | 2024-05-17 | 6.2 MEDIUM | N/A |
| os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users. | |||||
| CVE-2008-5034 | 1 A Mennucc1 | 1 Printfilters-ppd | 2024-05-17 | 6.9 MEDIUM | N/A |
| master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"' | |||||