Anydesk ≫ Anydesk

AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on...

AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.

AnyDesk 7.0.8 allows remote Denial of Service.

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthoriz...

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an atta...

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.

AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.

AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file...

AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation.

AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.