CVE-2024-23458

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-346
View all →

Vulnerability Description

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.

Related Vulnerabilities

CVE-1999-1549

HIGH
CVSS:7.8(High)

Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that...

CWE-3461999

CVE-2018-6764

HIGH
CVSS:7.8(High)

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary...

CWE-3462018

CVE-2019-1235

HIGH
CVSS:7.8(High)

An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Serv...

CWE-3462019

CVE-2020-1449

HIGH
CVSS:7.8(High)

A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'.

CWE-3462020

CVE-2020-16951

HIGH
CVSS:7.8(High)

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnera...

CWE-3462020

CVE-2020-16952

HIGH
CVSS:7.8(High)

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnera...

CWE-3462020