Desktop Client Security Vulnerabilities
Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network...
4.1CVSS
6.3AI Score
0.0004EPSS
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local...
5.5CVSS
6.8AI Score
0.0004EPSS
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local...
5.9CVSS
6.9AI Score
0.0004EPSS
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network...
6.8CVSS
6.3AI Score
0.0004EPSS
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network...
9.6CVSS
9.6AI Score
0.0004EPSS
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network...
6.8CVSS
6.3AI Score
0.0004EPSS
Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of...
6.7CVSS
4.5AI Score
0.0004EPSS
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such...
5.5CVSS
6.4AI Score
0.0004EPSS
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local...
8.8CVSS
7.7AI Score
0.0004EPSS
7.5CVSS
8.1AI Score
0.004EPSS
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.0005EPSS
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without...
9.8CVSS
9.3AI Score
0.001EPSS
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network...
7.5CVSS
7.5AI Score
0.001EPSS
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local...
5.5CVSS
5.3AI Score
0.0004EPSS
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local...
7.8CVSS
7.6AI Score
0.0004EPSS
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential...
7.8CVSS
7.8AI Score
0.0004EPSS
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network...
7.5CVSS
7.4AI Score
0.001EPSS
Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the...
6.9CVSS
6.5AI Score
0.0004EPSS
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS...
4.6CVSS
4.3AI Score
0.0004EPSS
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local...
8.8CVSS
7.3AI Score
0.0004EPSS
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.7AI Score
0.001EPSS
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network...
6.5CVSS
6.2AI Score
0.0005EPSS
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.7AI Score
0.001EPSS
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network...
6.1CVSS
5.3AI Score
0.0005EPSS
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network...
7.1CVSS
6.1AI Score
0.0005EPSS
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local...
7.8CVSS
7.9AI Score
0.0004EPSS
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.7AI Score
0.001EPSS
Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.0005EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
8.8CVSS
9AI Score
0.03EPSS
6.5CVSS
7.7AI Score
0.001EPSS
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper...
7.7CVSS
6.8AI Score
0.0004EPSS
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by...
8.7CVSS
8AI Score
0.0004EPSS
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
6.5CVSS
6.3AI Score
0.002EPSS
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...
6.9CVSS
5.8AI Score
0.001EPSS
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files....
6.5CVSS
6.1AI Score
0.001EPSS
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new...
6.7CVSS
6.2AI Score
0.001EPSS