CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7253 – NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7253
01 Aug 2024 — NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within nxnode.exe. The process loads a library from an unsecured location. • https://kb.nomachine.com/TR07V11184 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39107
https://notcve.org/view.php?id=CVE-2023-39107
04 Aug 2023 — An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. Una vulnerabilidad de sobrescritura arbitraria de archivos en NoMachine Free Edition y Enterprise Client para macOS antes de v8.8.1 permite a los atacantes sobrescribir archivos propiedad de root mediante el uso de hardlinks. • https://kb.nomachine.com/SU07U00247 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48074
https://notcve.org/view.php?id=CVE-2022-48074
03 Feb 2023 — An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. • https://kb.nomachine.com/SU11T00239 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34043
https://notcve.org/view.php?id=CVE-2022-34043
29 Jun 2022 — Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. Unos permisos incorrectos para la carpeta C:\ProgramData\NSinMachine\Ndesinstalación de Nomachine versión v7.9.2, permite a atacantes llevar a cabo un ataque de secuestro de DLL y ejecutar código arbitrario • https://github.com/ycdxsb/Vuln/tree/main/Nomachine-Incorrect-Folder-Permission • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33436
https://notcve.org/view.php?id=CVE-2021-33436
28 Apr 2022 — NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM. NoMachine para Windows versiones anteriores a 6.15.1 y 7.5.2, sufre una escalada de privilegios local debido a una falta de carga segura de DLL. Esta vulnerabilidad permite a usuarios locales no... • https://github.com/active-labs/Advisories/blob/master/2021/ACTIVE-2021-001.md •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42986
https://notcve.org/view.php?id=CVE-2021-42986
07 Dec 2021 — NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. NoMachine Enterprise Client está afectado por un desbordamiento de enteros. IOCTL Handler 0x22001B en NoMachine Enterprise Client versiones posteriores de 4.0.346 y anteriores a 7.7.4, permite a a... • https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42983
https://notcve.org/view.php?id=CVE-2021-42983
07 Dec 2021 — NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. NoMachine Enterprise Client está afectado por un Desbordamiento del Búfer. IOCTL Handler 0x22001B en NoMachine Enterprise Client versiones posteriores de 4.0.346 y anteriores a 7.7.4, permite a ata... • https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42980
https://notcve.org/view.php?id=CVE-2021-42980
07 Dec 2021 — NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. NoMachine Cloud Server está afectado por un Desbordamiento del Búfer. IOCTL Handler 0x22001B en NoMachine Cloud Server versiones posteriores de 4.0.346 y anteriores a 7.7.4, permite a atacantes locales ejecu... • https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42979
https://notcve.org/view.php?id=CVE-2021-42979
07 Dec 2021 — NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. NoMachine Cloud Server está afectado por un desbordamiento de enteros. IOCTL Handler 0x22001B en NoMachine Cloud Server versiones posteriores de 4.0.346 y anteriores a 7.7.4, permite a atacantes locales eje... • https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42977
https://notcve.org/view.php?id=CVE-2021-42977
07 Dec 2021 — NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. NoMachine Enterprise Desktop está afectado por un desbordamiento de enteros. IOCTL Handler 0x22001B en NoMachine Enterprise Desktop versiones posteriores de 4.0.346 y anteriores a 7.7.4, permite... • https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services • CWE-190: Integer Overflow or Wraparound •