Page 2 of 11 results (0.001 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++. • https://github.com/webraybtl/CVE-2023-40031 https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). • https://github.com/CDACesec/CVE-2022-31902 http://notepad.com • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files. El desbordamiento de búfer en la función Notepad_plus::addHotSpot en Notepad++ v8.4.3 y versiones anteriores permite a los atacantes bloquear la aplicación mediante dos archivos manipulados. • https://github.com/CDACesec/CVE-2022-31901 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. Notepad++ versiones 8.4.1 y anteriores, son vulnerables a un secuestro de DLL, donde un atacante puede reemplazar la dll vulnerable (UxTheme.dll) por su propia dll y ejecutar código arbitrario en el contexto de Notepad++ • https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e https://www.mend.io/vulnerability-database/CVE-2022-32168 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. La biblioteca SciLexer.dll en Scintilla en Notepad ++ (x64) versiones anteriores a 7.7, permite la ejecución de código remota o la denegación de servicio por medio de caracteres Unicode en un archivo .ml diseñado. Notepad++ (x64) versions prior to 7.7 allow remote code execution or denial of service via a crafted .ml file. • https://www.exploit-db.com/exploits/47393 http://packetstormsecurity.com/files/154706/Notepad-Code-Execution-Denial-Of-Service.html https://github.com/bi7s/CVE/tree/master/CVE-2019-16294 https://notepad-plus-plus.org/download/v7.7.html https://www.scintilla.org/ScintillaHistory.html • CWE-787: Out-of-bounds Write •