CVE-2022-31647
https://notcve.org/view.php?id=CVE-2022-31647
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. • https://docs.docker.com/desktop/release-notes/#docker-desktop-460 https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-40725 – PingID Desktop PIN attempt lockout bypass.
https://notcve.org/view.php?id=CVE-2022-40725
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated. • https://docs.pingidentity.com/r/en-us/pingid/desktop_app_1.7.4 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVE-2023-28122
https://notcve.org/view.php?id=CVE-2023-28122
A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. • https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4 •
CVE-2023-28123
https://notcve.org/view.php?id=CVE-2023-28123
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. • https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-28124
https://notcve.org/view.php?id=CVE-2023-28124
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later. • https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4 • CWE-326: Inadequate Encryption Strength •