Total
1267 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21274 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-27 | N/A | 5.5 MEDIUM |
| Windows Event Tracing Denial of Service Vulnerability | |||||
| CVE-2024-3037 | 2 Microsoft, Papercut | 3 Windows, Papercut Mf, Papercut Ng | 2025-01-27 | N/A | 7.8 HIGH |
| An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which typically restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log in to the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split into two separate CVEs (CVE-2024-3037 and CVE-2024-8404) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard users on the host server. | |||||
| CVE-2023-36874 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-23 | N/A | 7.8 HIGH |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||
| CVE-2025-21331 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-21 | N/A | 7.3 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2025-0377 | 2025-01-21 | N/A | 7.5 HIGH | ||
| HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. | |||||
| CVE-2024-26238 | 1 Microsoft | 2 Windows 10 21h2, Windows 10 22h2 | 2025-01-16 | N/A | 7.8 HIGH |
| Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | |||||
| CVE-2023-27529 | 2 Apple, Wacom | 2 Macos, Tablet Driver Installer | 2025-01-16 | N/A | 7.8 HIGH |
| Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege. | |||||
| CVE-2023-33245 | 1 Minecraft | 1 Minecraft | 2025-01-10 | N/A | 8.8 HIGH |
| Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. | |||||
| CVE-2023-34204 | 1 Imapsync Project | 1 Imapsync | 2025-01-10 | N/A | 6.5 MEDIUM |
| imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it. | |||||
| CVE-2024-25953 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | N/A | 6.0 MEDIUM |
| Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | |||||
| CVE-2024-25952 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | N/A | 6.0 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | |||||
| CVE-2024-29989 | 1 Microsoft | 1 Azure Monitor Agent | 2025-01-09 | N/A | 8.4 HIGH |
| Azure Monitor Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-28916 | 1 Microsoft | 1 Xbox Gaming Services | 2025-01-08 | N/A | 8.8 HIGH |
| Xbox Gaming Services Elevation of Privilege Vulnerability | |||||
| CVE-2024-21447 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Authentication Elevation of Privilege Vulnerability | |||||
| CVE-2024-30033 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 1 more | 2025-01-08 | N/A | 7.0 HIGH |
| Windows Search Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-26216 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-01-08 | N/A | 7.3 HIGH |
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-7233 | 1 Avast | 1 Free Antivirus | 2025-01-08 | N/A | 7.8 HIGH |
| Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23731. | |||||
| CVE-2024-49059 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-01-08 | N/A | 7.0 HIGH |
| Microsoft Office Elevation of Privilege Vulnerability | |||||
| CVE-2024-49107 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-08 | N/A | 7.3 HIGH |
| WmsRepair Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-33865 | 1 Renderdoc | 1 Renderdoc | 2025-01-07 | N/A | 7.8 HIGH |
| RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership. | |||||