CVE-2022-41882 – Nextcloud Desktop vulnerable to code injection via malicious link
https://notcve.org/view.php?id=CVE-2022-41882
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. "vbs", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. • https://github.com/nextcloud/desktop/pull/5039 https://github.com/nextcloud/desktop/releases/tag/v3.6.1 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63 https://github.com/nextcloud/server/pull/34559 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-35257
https://notcve.org/view.php?id=CVE-2022-35257
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM. Una vulnerabilidad de escalada de privilegios local en UI Desktop para Windows (versión 0.55.1.2 y anteriores) permite a un actor malicioso con acceso local a un dispositivo Windows con UI Desktop ejecutar comandos arbitrarios como SYSTEM. • https://community.ui.com/releases/Security-Advisory-Bulletin-025-025/7fc92851-054d-46d3-bdb0-fbb8f7023fed •
CVE-2022-26877
https://notcve.org/view.php?id=CVE-2022-26877
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page. Asana Desktop versiones anteriores a 1.6.0, permite a atacantes remotos exfiltrar archivos locales si consiguen engañar a la aplicación de escritorio Asana para que cargue una página web maliciosa • https://asana.com https://forum.asana.com/t/asana-desktop-app-security-update/160477 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2022-23597 – Remote program execution with user interaction
https://notcve.org/view.php?id=CVE-2022-23597
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the best of our knowledge, the vulnerability has never been exploited in the wild. If you are using Element Desktop < 1.9.7, we recommend upgrading at your earliest convenience. • https://github.com/vector-im/element-desktop/commit/89b1e39b801655e595337708d4319ba4313feafa https://github.com/vector-im/element-desktop/security/advisories/GHSA-mjrg-9f8r-h3m7 • CWE-416: Use After Free •
CVE-2021-24038
https://notcve.org/view.php?id=CVE-2021-24038
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507. Debido a un bug en la administración de los manejadores en el archivo OVRServiceLauncher.exe, un atacante podría exponer un manejador de proceso privilegiado a un proceso no privilegiado, conllevando a una escalada de privilegios local. Este problema afecta a Oculus Desktop versiones posteriores a 1.39 y anteriores a 31.1.0.67.507. • https://www.facebook.com/security/advisories/cve-2021-24038 • CWE-269: Improper Privilege Management •