Desktop Security Vulnerabilities
Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.8AI Score
0.0004EPSS
DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation...
7.8CVSS
7.8AI Score
0.0004EPSS
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local...
8.8CVSS
7.3AI Score
0.0004EPSS
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.7AI Score
0.001EPSS
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network...
6.5CVSS
6.2AI Score
0.0005EPSS
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.7AI Score
0.001EPSS
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network...
6.1CVSS
5.3AI Score
0.0005EPSS
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network...
7.1CVSS
6.1AI Score
0.0005EPSS
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local...
7.8CVSS
7.9AI Score
0.0004EPSS
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.7AI Score
0.001EPSS
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network...
7.5CVSS
7.5AI Score
0.001EPSS
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code...
6.8CVSS
6.7AI Score
0.001EPSS
8.8CVSS
9.2AI Score
0.026EPSS
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information...
4.7CVSS
6.6AI Score
0.0004EPSS
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in...
7.8CVSS
7.7AI Score
0.0004EPSS
8.8CVSS
9.2AI Score
0.026EPSS
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive...
5.5CVSS
6.9AI Score
0.001EPSS
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
6.5CVSS
6.4AI Score
0.0004EPSS
Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while...
7.8CVSS
7.9AI Score
0.001EPSS
A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT...
7.8CVSS
7.7AI Score
0.001EPSS
Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.0005EPSS
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential...
7CVSS
7.2AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
8.8CVSS
9AI Score
0.03EPSS
6.5CVSS
7.7AI Score
0.001EPSS
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper...
7.7CVSS
6.8AI Score
0.0004EPSS
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by...
8.7CVSS
8AI Score
0.0004EPSS
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's...
4.4CVSS
5AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be...
5.5CVSS
5.5AI Score
0.0004EPSS
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...
7.5CVSS
7.8AI Score
0.001EPSS
Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and...
9.1CVSS
9.1AI Score
0.002EPSS
Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of...
9.1CVSS
9.1AI Score
0.001EPSS
Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of...
7.5CVSS
7.7AI Score
0.001EPSS
Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a...
6.1CVSS
6.6AI Score
0.001EPSS
Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code...
8.8CVSS
8.8AI Score
0.001EPSS
Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of...
7.5CVSS
8.3AI Score
0.001EPSS
Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of...
5.9CVSS
6.5AI Score
0.001EPSS