Total
1318 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4052 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. | |||||
| CVE-2023-46655 | 1 Jenkins | 1 Cloudbees Cd | 2024-11-21 | N/A | 6.5 MEDIUM |
| Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server. | |||||
| CVE-2023-46654 | 1 Jenkins | 1 Cloudbees Cd | 2024-11-21 | N/A | 8.1 HIGH |
| Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system. | |||||
| CVE-2023-43590 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 7.8 HIGH |
| Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2023-43116 | 1 Buildkite | 1 Elastic Ci Stack | 2024-11-21 | N/A | 7.8 HIGH |
| A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | |||||
| CVE-2023-42844 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 7.5 HIGH |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks. | |||||
| CVE-2023-42137 | 1 Paxtechnology | 9 A50, A6650, A77 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability. | |||||
| CVE-2023-41971 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Windows: before 3.7. | |||||
| CVE-2023-41968 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files. | |||||
| CVE-2023-40028 | 1 Ghost | 1 Ghost | 2024-11-21 | N/A | 4.9 MEDIUM |
| Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-39246 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation | |||||
| CVE-2023-39107 | 2 Apple, Nomachine | 2 Macos, Nomachine | 2024-11-21 | N/A | 9.1 CRITICAL |
| An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. | |||||
| CVE-2023-38175 | 1 Microsoft | 1 Windows Defender | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||
| CVE-2023-37206 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.5 MEDIUM |
| Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-36903 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows System Assessment Tool Elevation of Privilege Vulnerability | |||||
| CVE-2023-36876 | 1 Microsoft | 1 Windows Server 2008 | 2024-11-21 | N/A | 7.1 HIGH |
| Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability | |||||
| CVE-2023-36758 | 1 Microsoft | 1 Visual Studio 2022 | 2024-11-21 | N/A | 7.8 HIGH |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2023-36737 | 1 Microsoft | 1 Azure Network Watcher | 2024-11-21 | N/A | 7.8 HIGH |
| Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | |||||
| CVE-2023-36723 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-36711 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | |||||