| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. |
| Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access. |
| Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering. |
| SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. |
| Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition. |
| Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647. |
| Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. |
| Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system. |
| An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server.
Important: In most installations, this risk is mitigated by the default Windows Server configuration, which typically restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log in to the local console of the Windows environment hosting the PaperCut NG/MF application server.
Note: This CVE has been split into two separate CVEs (CVE-2024-3037 and CVE-2024-8404) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard users on the host server. |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows Clip Service Elevation of Privilege Vulnerability |
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability |
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege. |
