CVE-2022-32450
- EPSS 0.12%
- Veröffentlicht 18.07.2022 13:15:10
- Zuletzt bearbeitet 21.11.2024 07:06:22
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.
CVE-2021-40854
- EPSS 0.12%
- Veröffentlicht 14.10.2021 05:15:07
- Zuletzt bearbeitet 21.11.2024 06:24:56
AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.
CVE-2020-35483
- EPSS 0.05%
- Veröffentlicht 11.01.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:27:23
AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file...
CVE-2020-27614
- EPSS 0.03%
- Veröffentlicht 09.12.2020 00:15:13
- Zuletzt bearbeitet 21.11.2024 05:21:28
AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation.
CVE-2020-13160
- EPSS 77.94%
- Veröffentlicht 09.06.2020 17:15:10
- Zuletzt bearbeitet 21.11.2024 05:00:46
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
CVE-2018-13102
- EPSS 0.26%
- Veröffentlicht 03.07.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:46:26
AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability.
CVE-2017-14397
- EPSS 0.49%
- Veröffentlicht 12.09.2017 21:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.