CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0819 – Incomplete protection of personal password settings
https://notcve.org/view.php?id=CVE-2024-0819
Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account. La inicialización incorrecta de la configuración predeterminada en TeamViewer Remote Client, versión anterior a 15.51.5 para Windows, Linux y macOS, permite a un usuario con pocos privilegios elevar sus privilegios cambiando la configuración de la contraseña personal y estableciendo una conexión remota a una cuenta de administrador que haya iniciado sesión. • https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2024-1001 • CWE-269: Improper Privilege Management •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0837
https://notcve.org/view.php?id=CVE-2023-0837
An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration. Una comprobación de autorización incorrecta de la configuración del dispositivo local en TeamViewer Remote entre las versiones 15.41 y 15.42.7 para Windows y macOS permite a un usuario sin privilegios cambiar la configuración básica del dispositivo local aunque las opciones estuvieran bloqueadas. Esto puede dar lugar a cambios no deseados en la configuración. • https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001 • CWE-285: Improper Authorization •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23242 – TeamViewer Linux - Deletion command not properly executed after process crash
https://notcve.org/view.php?id=CVE-2022-23242
TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password. TeamViewer Linux versiones anteriores a 15.28, no ejecutan correctamente un comando de borrado de la contraseña de conexión en caso de bloqueo del proceso. El conocimiento del evento de bloqueo y el ID de TeamViewer, así como la posesión de la contraseña de conexión anterior al bloqueo o el acceso local autenticado a la máquina, habrían permitido establecer una conexión remota al reusar la contraseña de conexión no eliminada correctamente • https://www.teamviewer.com/en/trust-center/security-bulletins/TV-2022-1001 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35005 – TeamViewer Improper Validation of Array Index Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-35005
This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. • https://community.teamviewer.com/English/discussion/117794/august-updates-security-patches https://www.zerodayinitiative.com/advisories/ZDI-22-082 • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-34859 – TeamViewer TVS File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-34859
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://community.teamviewer.com/English/discussion/117794/august-updates-security-patches/p1 https://www.zerodayinitiative.com/advisories/ZDI-21-1003 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •