Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Windows Client
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-26362 |
HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. Published: April 10, 2024; 5:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24694 |
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. Published: April 09, 2024; 2:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2017-20190 |
Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability. Published: March 26, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28252 |
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can happen. When a client established a connection to the service and sends no data, the service will wait indefinitely for the client to initiate the NetFraming session handshake. Additionally, once a client has established a session, if the client doesn't send any requests for the period of time configured in the binding ReceiveTimeout, the connection is not properly closed as part of the session being aborted. The bindings affected by this behavior are NetTcpBinding, NetNamedPipeBinding, and UnixDomainSocketBinding. Only NetTcpBinding has the ability to accept non local connections. The currently supported versions of CoreWCF are v1.4.x and v1.5.x. The fix can be found in v1.4.2 and v1.5.2 of the CoreWCF packages. Users are advised to upgrade. There are no workarounds for this issue. Published: March 15, 2024; 3:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24693 |
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. Published: March 13, 2024; 4:15:07 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-24692 |
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. Published: March 13, 2024; 4:15:07 PM -0400 |
V3.1: 4.7 MEDIUM V2.0:(not available) |
CVE-2024-24964 |
Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed. Published: March 12, 2024; 4:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-21805 |
Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is installed. In case the file is a specially crafted DLL file, arbitrary code may be executed with SYSTEM privilege. Published: March 12, 2024; 4:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24278 |
An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function. Published: March 05, 2024; 6:15:07 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24276 |
Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components. Published: March 05, 2024; 6:15:07 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24275 |
Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function. Published: March 05, 2024; 6:15:07 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1470 |
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6. Published: February 28, 2024; 8:43:51 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0819 |
Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account. Published: February 27, 2024; 9:15:27 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-7016 |
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access. Published: February 27, 2024; 6:15:07 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-5993 |
A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access. Published: February 27, 2024; 6:15:07 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24697 |
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access. Published: February 13, 2024; 7:15:47 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24696 |
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. Published: February 13, 2024; 7:15:47 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24695 |
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. Published: February 13, 2024; 7:15:47 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24691 |
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. Published: February 13, 2024; 7:15:47 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-21342 |
Windows DNS Client Denial of Service Vulnerability Published: February 13, 2024; 1:15:49 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |