In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file.
7.8CVSS
8.2AI Score
0.0004EPSS
Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installin...
7.8CVSS
7.6AI Score
0.0004EPSS
Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.
5.5CVSS
5.5AI Score
0.0004EPSS
Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere.
7.8CVSS
7.5AI Score
0.001EPSS