CVE-2024-7979

HIGH Year: 2024
CVSS v3 Score
7.0
High
Weakness Type
CWE-345
View all →

Vulnerability Description

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)

Related Vulnerabilities

CVE-2021-20271

HIGH
CVSS:7.0(High)

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature h...

CWE-3452021

CVE-2023-44402

HIGH
CVSS:7.0(High)

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoa...

CWE-3452023

CVE-2021-20267

HIGH
CVSS:7.1(High)

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonat...

CWE-3452021

CVE-2023-47630

HIGH
CVSS:7.1(High)

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker t...

CWE-3452023

CVE-2024-43428

HIGH
CVSS:7.1(High)

To address a cache poisoning risk in Moodle, additional validation for local storage was required.

CWE-3452024

CVE-2025-24807

MEDIUM
CVSS:7.1(High)

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per d...

CWE-3452025