39 matches found
Microsoft Desktop Windows Manager 资源管理错误漏洞
Microsoft Desktop Windows Manager is a desktop window manager from Microsoft Corporation USA. A resource management error vulnerability exists in Microsoft Desktop Windows Manager. An attacker could exploit the vulnerability to elevate privileges. The following products and editions are...
PT-2025-32817 · Microsoft · Desktop Windows Manager +1
Name of the Vulnerable Software and Affected Versions: Desktop Windows Manager affected versions not specified Description: A use after free issue exists in Desktop Windows Manager that could allow an authorized attacker to execute code locally. Recommendations: At the moment, there is no...
CVE-2023-28122
A local privilege escalation LPE vulnerability in UI Desktop for Windows Version 0.59.1.71 and earlier allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later...
CVE-2022-34292
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647...
CVE-2024-5652
In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode...
The vulnerability of the Zoom Desktop for Windows video conferencing software for clients relates to the use of an insecure search path, allowing attackers to escalate their privileges.
The vulnerability of the Zoom Desktop for Windows video conferencing software-related software lies in the use of an unreliable search path. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the Zoom Desktop software for Windows, a video conferencing application, stems from incorrect path restrictions for the access-controlled directory. This allows attackers to escalate their privileges.
The vulnerability of the Zoom Desktop video conferencing software for Windows clients is related to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerability of the Zoom Desktop for Windows video conferencing software in relation to insufficient data authentication checks allows attackers to exploit their privileges.
The vulnerability of the Zoom Desktop for Windows video conferencing software-related software lies in insufficient verification of data authenticity. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
CVE-2023-35174 Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a livebook:// link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is...
The vulnerability of the CreateOrConfigureAsync function on the Docker Desktop for Windows development and delivery platform allows a malicious actor to gain read, modify, or delete access to data.
The vulnerability of the CreateOrConfigureAsync function on the Docker Desktop for Windows development and delivery platform is related to errors in handling symbolic links with the DataFolder parameter. Exploiting this vulnerability may allow an attacker to gain read, modify, or delete access to...
CVE-2022-37326
Docker Desktop for Windows before 4.6.0 allows attackers to delete or create any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation...
PT-2023-13527 · Docker · Docker Desktop For Windows
Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6.0 Description: The issue allows attackers to delete or create any file through the "dockerBackendV2 windowscontainers/start" API endpoint by controlling the pidfile field inside the DaemonJSON...
PT-2023-2594 · Docker · Docker Desktop For Windows
Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6.0 Description: The issue is related to a symlink attack on the hyperv/create dockerBackendV2 API, allowing attackers to overwrite any file by controlling the DataFolder parameter for...
PT-2023-2593 · Docker · Docker Desktop For Windows
Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6 Description: The issue is related to a race condition in the start function of the WindowsContainerStartRequest class in Docker Desktop for Windows, allowing an attacker to exploit a symlink...
CVE-2023-28123
A permission misconfiguration in UI Desktop for Windows Version 0.59.1.71 and earlier could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later...
PT-2023-21581 · Unknown · Ui Desktop For Windows
Name of the Vulnerable Software and Affected Versions: UI Desktop for Windows versions 0.59.1.71 and earlier Description: A permission misconfiguration could allow a user to hijack VPN credentials while UID VPN is starting. Recommendations: For versions 0.59.1.71 and earlier, update to version...
OpenText Brava! 缓冲区错误漏洞
OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An out-of-bounds write vulnerability exists in the parsing of DWF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...
Cybozu Desktop for Windows vulenerable to arbitrary code execution
Overview Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc. and...
Severe Bug Discovered in Signal Messaging App for Windows and Linux
Security researchers have discovered a severe vulnerability in the popular end-to-end encrypted Signal messaging app for Windows and Linux desktops which could allow remote attackers to execute malicious code on recipients system just by sending a message—without requiring any user interaction...