Desktop For Windows Security Vulnerabilities
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local...
5.9CVSS
6.9AI Score
0.0004EPSS
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network...
6.8CVSS
6.3AI Score
0.0004EPSS
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network...
9.6CVSS
9.6AI Score
0.0004EPSS
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network...
6.8CVSS
6.3AI Score
0.0004EPSS
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local...
8.8CVSS
7.7AI Score
0.0004EPSS
7.5CVSS
8.1AI Score
0.004EPSS
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the...
5.5CVSS
5.5AI Score
0.0004EPSS
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.0005EPSS
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network...
7.5CVSS
7.5AI Score
0.001EPSS
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local...
5.5CVSS
5.3AI Score
0.0004EPSS
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low...
5CVSS
5.1AI Score
0.0005EPSS
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low...
5.6CVSS
5.5AI Score
0.0005EPSS
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local...
8.8CVSS
7.3AI Score
0.0004EPSS
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.7AI Score
0.001EPSS
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network...
6.5CVSS
6.2AI Score
0.0005EPSS
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.7AI Score
0.001EPSS
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local...
7.8CVSS
7.9AI Score
0.0004EPSS
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.7AI Score
0.001EPSS
Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.0005EPSS
8.8CVSS
9AI Score
0.03EPSS
6.5CVSS
7.7AI Score
0.001EPSS
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by...
8.7CVSS
8AI Score
0.0004EPSS
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
5.3CVSS
6AI Score
0.001EPSS
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to...
7.1CVSS
6.9AI Score
0.0004EPSS
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in...
6.3CVSS
6.2AI Score
0.0004EPSS
Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege...
7.8CVSS
7.6AI Score
0.0004EPSS
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is...
7.3CVSS
6.2AI Score
0.0004EPSS
A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and...
7.8CVSS
7.7AI Score
0.0004EPSS
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and...
5.5CVSS
5.3AI Score
0.0004EPSS
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and...
5.5CVSS
5.4AI Score
0.0004EPSS
6.5CVSS
6.3AI Score
0.002EPSS
No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user...
4.3CVSS
4.7AI Score
0.0005EPSS
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious...
8.3CVSS
7.7AI Score
0.001EPSS
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted....
7.5CVSS
7AI Score
0.001EPSS
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch...
7.1CVSS
6.9AI Score
0.0004EPSS
A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects the function 0x222010/0x222018 in the library ftwebcam.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally...
5.5CVSS
5.6AI Score
0.0004EPSS
A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is the function 0x222018 in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached...
5.5CVSS
5.6AI Score
0.0004EPSS
A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack.....
5.5CVSS
5.5AI Score
0.0004EPSS
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat...
8.8CVSS
8.6AI Score
0.001EPSS
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...
7.8CVSS
7.5AI Score
0.001EPSS
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional...
9.6CVSS
9.2AI Score
0.002EPSS
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as...
7.8CVSS
7.8AI Score
0.0004EPSS
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional...
9.6CVSS
6.8AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.017EPSS
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update...
7.8CVSS
7.7AI Score
0.0004EPSS
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update...
7.8CVSS
7.7AI Score
0.0004EPSS
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update...
7.8CVSS
7.7AI Score
0.0004EPSS
6.5CVSS
6.7AI Score
0.031EPSS