VulnCheck KEV: CVE-2023-36033

Microsoft Windows Desktop Window Manager DWM Core Library contains an unspecified vulnerability that allows for privilege escalation...

Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability

Microsoft Windows Desktop Window Manager DWM Core Library contains an unspecified vulnerability that allows for privilege escalation...

CVE-2023-21348

In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati...

CVE-2023-21348

In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati...

Information disclosure

In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati...

CVE-2023-21348

In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati...

CVE-2023-21348

The CVE-2023-21348 entry concerns Android Window Manager side-channel leakage that allows an app to be detected as installed without query permissions, causing local information disclosure. Connected sources corroborate the issue as an information-disclosure vulnerability (Framework category) wit...

PT-2023-18124 · Unknown · Window Manager

Name of the Vulnerable Software and Affected Versions: Window Manager affected versions not specified Description: The issue allows an attacker to determine whether an app is installed without query permissions, due to side channel information disclosure. This could lead to local information...

mutter bug fix update

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mutter is a compositing window manager that displays and manages desktop throu...

September 12, 2023—KB5030216 (OS Build 20348.1970)

September 12, 2023—KB5030216 OS Build 20348.1970 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out...

mutter bug fix update

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mutter is a compositing window manager that displays and manages desktop throu...

July 11, 2023—KB5028186 (OS Build 10240.20048) - EXPIRED

July 11, 2023—KB5028186 OS Build 10240.20048 - EXPIRED EXPIRATION NOTICEIMPORTANT As of January 27, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 12/8/20 For...

CVE-2023-21177

In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21177

In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

PT-2023-17965 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a missing permission check in the requestAppKeyboardShortcuts function of WindowManagerService.java. This could allow an attacker to infer the app a user is interacting with,...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, Inc. in the United States. Google Pixel suffers from a security vulnerability that originates in requestAppKeyboardShortcuts in WindowManagerService.java, where a lack of permission checking allows users to interact with the application, which could lead ...

OESA-2023-1263 screen security update

Screen is a full-screen window manager that multiplexes a physical terminal between several processes,typically interactive shells. Security Fixes: socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to...

April 25, 2023—KB5025297 (OS Build 19045.2913) Preview

April 25, 2023—KB5025297 OS Build 19045.2913 Preview 3/21/23 REMINDER After March 21, 2023, there are no more optional, non-security preview releases for the supported editions of Windows 10, version 20H2 and Windows 10, version 21H2. Only cumulative monthly security updates known as the "B" or...

CVE-2023-21026

In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Denial Of Service (DoS)

Google Chrome is vulnerable to Denial Of Service DoS. The vulnerability exists due to the integer overflow in Window Manager, which allows an attacker to convince a user to engage in specific UI interactions to perform an out-of-bounds memory write via crafted UI interaction, leading to an...