| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
|
| Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
|
| A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1. |
| An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking. |
| Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system. |
| An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.
To exploit this vulnerability, an attacker would require unprivileged execution on the victim system.
The security update addresses the vulnerability by correctly validating folder shortcuts. |
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing.
The security update addresses the vulnerability by correcting how the Windows User Profile Service handles symlinks. |
| Improper link resolution before file access ('Link Following') for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPath API, which can be exploited by attackers to manipulate temporary file paths, potentially leading to unauthorized access and privilege escalation. The affected public API in the Qt Framework is QDir::tempPath() and anything that uses it, such as QStandardPaths with TempLocation, QTemporaryDir, and QTemporaryFile.This issue affects all version of Qt up to and including 5.15.18, from 6.0.0 through 6.5.8, from 6.6.0 through 6.8.1. It is fixed in Qt 5.15.19, Qt 6.5.9, Qt 6.8.2, 6.9.0 |
| Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. |
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability |
| Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Windows Remote Desktop Services Remote Code Execution Vulnerability |
| WmsRepair Service Elevation of Privilege Vulnerability |
| Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
