| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. |
| Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally. |
| Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
| Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. |
| JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on predictable files inside a user-writable %TEMP% subdirectory without validating that the directory is trusted or resetting its ACLs when it already exists. A local, low-privileged attacker can pre-create the directory with weak permissions and leverage mount-point or symbolic-link redirection to (a) coerce arbitrary file writes to protected locations, leading to denial of service (e.g., by overwriting sensitive system files), or (b) win a race to redirect DeleteFileW() to attacker-chosen targets, enabling arbitrary file or folder deletion and local privilege escalation to SYSTEM. This issue is fixed in JumpCloud Remote Assist 0.317.0 and affects Windows systems where Remote Assist is installed and managed through the Agent lifecycle. |
| Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0. |
| Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information. |
| Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. |
| Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability |
| Clipboard Virtual Channel Extension Remote Code Execution Vulnerability |
| Visual Studio Code Remote Extension Elevation of Privilege Vulnerability |
| Remote Desktop Protocol Client Information Disclosure Vulnerability |
