Page 2 of 14 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++. • https://github.com/webraybtl/CVE-2023-40031 https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475. • https://gitee.com/cxasm/notepad--/issues/I6C80Z https://vuldb.com/?ctiid.221475 https://vuldb.com/?id.221475 • CWE-404: Improper Resource Shutdown or Release •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). • https://github.com/CDACesec/CVE-2022-31902 http://notepad.com • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files. El desbordamiento de búfer en la función Notepad_plus::addHotSpot en Notepad++ v8.4.3 y versiones anteriores permite a los atacantes bloquear la aplicación mediante dos archivos manipulados. • https://github.com/CDACesec/CVE-2022-31901 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. Notepad++ versiones 8.4.1 y anteriores, son vulnerables a un secuestro de DLL, donde un atacante puede reemplazar la dll vulnerable (UxTheme.dll) por su propia dll y ejecutar código arbitrario en el contexto de Notepad++ • https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e https://www.mend.io/vulnerability-database/CVE-2022-32168 • CWE-427: Uncontrolled Search Path Element •