Lucene search
K

39 matches found

CNNVD
CNNVD
added 2025/08/12 12:0 a.m.6 views

Microsoft Desktop Windows Manager 资源管理错误漏洞

Microsoft Desktop Windows Manager is a desktop window manager from Microsoft Corporation USA. A resource management error vulnerability exists in Microsoft Desktop Windows Manager. An attacker could exploit the vulnerability to elevate privileges. The following products and editions are...

7.8CVSS6.3AI score0.0043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.3 views

PT-2025-32817 · Microsoft · Desktop Windows Manager +1

Name of the Vulnerable Software and Affected Versions: Desktop Windows Manager affected versions not specified Description: A use after free issue exists in Desktop Windows Manager that could allow an authorized attacker to execute code locally. Recommendations: At the moment, there is no...

7.8CVSS7.4AI score0.00439EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 6:1 a.m.8 views

CVE-2023-28122

A local privilege escalation LPE vulnerability in UI Desktop for Windows Version 0.59.1.71 and earlier allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later...

7.8CVSS7.1AI score0.00157EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:54 p.m.13 views

CVE-2022-34292

Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647...

7.1CVSS6.9AI score0.00332EPSS
Exploits0References1
OSV
OSV
added 2024/07/09 5:15 p.m.4 views

CVE-2024-5652

In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode...

5.5CVSS5.8AI score0.00374EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/09/04 12:0 a.m.5 views

The vulnerability of the Zoom Desktop for Windows video conferencing software for clients relates to the use of an insecure search path, allowing attackers to escalate their privileges.

The vulnerability of the Zoom Desktop for Windows video conferencing software-related software lies in the use of an unreliable search path. Exploiting this vulnerability can allow attackers to increase their privileges...

7.3CVSS7.2AI score0.00287EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/31 12:0 a.m.5 views

The vulnerability of the Zoom Desktop software for Windows, a video conferencing application, stems from incorrect path restrictions for the access-controlled directory. This allows attackers to escalate their privileges.

The vulnerability of the Zoom Desktop video conferencing software for Windows clients is related to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

10CVSS7.7AI score0.01392EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/31 12:0 a.m.5 views

The vulnerability of the Zoom Desktop for Windows video conferencing software in relation to insufficient data authentication checks allows attackers to exploit their privileges.

The vulnerability of the Zoom Desktop for Windows video conferencing software-related software lies in insufficient verification of data authenticity. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

9CVSS7.5AI score0.00455EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/22 1:34 p.m.8 views

CVE-2023-35174 Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows

Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a livebook:// link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is...

8.6CVSS7.6AI score0.00979EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.6 views

The vulnerability of the CreateOrConfigureAsync function on the Docker Desktop for Windows development and delivery platform allows a malicious actor to gain read, modify, or delete access to data.

The vulnerability of the CreateOrConfigureAsync function on the Docker Desktop for Windows development and delivery platform is related to errors in handling symbolic links with the DataFolder parameter. Exploiting this vulnerability may allow an attacker to gain read, modify, or delete access to...

6.4CVSS7.1AI score0.00332EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/27 8:15 p.m.5 views

CVE-2022-37326

Docker Desktop for Windows before 4.6.0 allows attackers to delete or create any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation...

7.8CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.4 views

PT-2023-13527 · Docker · Docker Desktop For Windows

Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6.0 Description: The issue allows attackers to delete or create any file through the "dockerBackendV2 windowscontainers/start" API endpoint by controlling the pidfile field inside the DaemonJSON...

7.8CVSS6.9AI score0.00295EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.5 views

PT-2023-2594 · Docker · Docker Desktop For Windows

Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6.0 Description: The issue is related to a symlink attack on the hyperv/create dockerBackendV2 API, allowing attackers to overwrite any file by controlling the DataFolder parameter for...

7.1CVSS6.9AI score0.00332EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.6 views

PT-2023-2593 · Docker · Docker Desktop For Windows

Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6 Description: The issue is related to a race condition in the start function of the WindowsContainerStartRequest class in Docker Desktop for Windows, allowing an attacker to exploit a symlink...

7.5CVSS6.8AI score0.0029EPSS
Exploits0References7
OSV
OSV
added 2023/04/19 8:15 p.m.4 views

CVE-2023-28123

A permission misconfiguration in UI Desktop for Windows Version 0.59.1.71 and earlier could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later...

5.5CVSS6.1AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.4 views

PT-2023-21581 · Unknown · Ui Desktop For Windows

Name of the Vulnerable Software and Affected Versions: UI Desktop for Windows versions 0.59.1.71 and earlier Description: A permission misconfiguration could allow a user to hijack VPN credentials while UID VPN is starting. Recommendations: For versions 0.59.1.71 and earlier, update to version...

5.5CVSS5.4AI score0.00163EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.5 views

OpenText Brava! 缓冲区错误漏洞

OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An out-of-bounds write vulnerability exists in the parsing of DWF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...

7.8CVSS5.9AI score0.01419EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/25 6:9 a.m.3 views

Cybozu Desktop for Windows vulenerable to arbitrary code execution

Overview Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc. and...

9.8CVSS7.7AI score0.02932EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2018/05/12 6:45 a.m.3 views

Severe Bug Discovered in Signal Messaging App for Windows and Linux

Security researchers have discovered a severe vulnerability in the popular end-to-end encrypted Signal messaging app for Windows and Linux desktops which could allow remote attackers to execute malicious code on recipients system just by sending a message—without requiring any user interaction...

7.5AI score
Exploits0
Rows per page
Query Builder