Vulnerabilities (CVE)

Filtered by CWE-176
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-24691 1 Zoom 4 Meeting Software Development Kit, Rooms, Vdi Windows Meeting Clients and 1 more 2024-10-04 N/A 9.8 CRITICAL
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
CVE-2024-47611 2024-10-04 N/A N/A
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don't exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected.
CVE-2023-39213 1 Zoom 2 Virtual Desktop Infrastructure, Zoom 2024-09-27 N/A 9.8 CRITICAL
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.
CVE-2024-8067 2024-09-26 N/A 9.4 CRITICAL
In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified.
CVE-2017-20190 2024-08-12 N/A N/A
Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability.