CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44425
https://notcve.org/view.php?id=CVE-2021-44425
12 Sep 2022 — An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port). Se ha detectado un problema en AnyDesk versiones anteriores a 6.2.6 y en versiones 6.3.x anter... • https://anydesk.com/en/downloads/windows •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44426
https://notcve.org/view.php?id=CVE-2021-44426
12 Sep 2022 — An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim. Se ha detectado un problema en AnyDesk versiones anteriores a 6.2.6 y versiones 6.3.x anteriores a 6.3.5. Es posible s... • https://anydesk.com/en/downloads/windows • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40854
https://notcve.org/view.php?id=CVE-2021-40854
14 Oct 2021 — AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications. AnyDesk versiones anteriores a 6.2.6 y versiones 6.3.x anteriores a 6.3.3, permite a un usuario local alcanzar privilegios de administrador al usar la función Open Chat Log para lanzar un proceso privilegiado del Bloc de notas que puede lanzar otras aplicaciones • https://anydesk.com/cve/2021-40854 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35483
https://notcve.org/view.php?id=CVE-2020-35483
11 Jan 2021 — AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file. AnyDesk versiones anteriores a 6.1.0 en Windows, cuando se ejecuta en modo portátil en un sistema donde el atacante presenta acceso de escritura al directorio de la aplicación, permite a este atacante comprometer una cuenta de usuario local por medio de una co... • https://anydesk.com/cve/2020-35483 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27614
https://notcve.org/view.php?id=CVE-2020-27614
09 Dec 2020 — AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation. AnyDesk para macOS versiones 6.0.2 y anteriores, presentan una vulnerabilidad en la interfaz XPC que no comprueba apropiadamente unas peticiones de clientes y permite una escalada de privilegios locales • https://anydesk.com/cve/2020-27614 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 77%CPEs: 3EXPL: 6CVE-2020-13160 – AnyDesk 5.5.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-13160
09 Jun 2020 — AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. AnyDesk versiones anteriores a 5.5.3 en Linux y FreeBSD presenta una vulnerabilidad de cadena de formato que puede ser explotada para una ejecución de código remota AnyDesk version 5.5.2 suffers from a remote code execution vulnerability. • https://packetstorm.news/files/id/161628 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-13102
https://notcve.org/view.php?id=CVE-2018-13102
03 Jul 2018 — AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. AnyDesk en versiones anteriores a la 12.06.2018 - 4.1.3 en Windows 7 SP1 tiene una vulnerabilidad de precarga de DLL. • https://download.anydesk.com/changelog.txt • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14397
https://notcve.org/view.php?id=CVE-2017-14397
12 Sep 2017 — AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. AnyDesk en versiones anteriores a la 3.6.1 en Windows tiene una vulnerabilidad de inyección DLL. • https://download.anydesk.com/changelog.txt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •