CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39107
https://notcve.org/view.php?id=CVE-2023-39107
04 Aug 2023 — An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. Una vulnerabilidad de sobrescritura arbitraria de archivos en NoMachine Free Edition y Enterprise Client para macOS antes de v8.8.1 permite a los atacantes sobrescribir archivos propiedad de root mediante el uso de hardlinks. • https://kb.nomachine.com/SU07U00247 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48074
https://notcve.org/view.php?id=CVE-2022-48074
03 Feb 2023 — An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. • https://kb.nomachine.com/SU11T00239 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34043
https://notcve.org/view.php?id=CVE-2022-34043
29 Jun 2022 — Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. Unos permisos incorrectos para la carpeta C:\ProgramData\NSinMachine\Ndesinstalación de Nomachine versión v7.9.2, permite a atacantes llevar a cabo un ataque de secuestro de DLL y ejecutar código arbitrario • https://github.com/ycdxsb/Vuln/tree/main/Nomachine-Incorrect-Folder-Permission • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33436
https://notcve.org/view.php?id=CVE-2021-33436
28 Apr 2022 — NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM. NoMachine para Windows versiones anteriores a 6.15.1 y 7.5.2, sufre una escalada de privilegios local debido a una falta de carga segura de DLL. Esta vulnerabilidad permite a usuarios locales no... • https://github.com/active-labs/Advisories/blob/master/2021/ACTIVE-2021-001.md •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-20029
https://notcve.org/view.php?id=CVE-2018-20029
10 Dec 2018 — The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read. El controlador nxfs.sys en la biblioteca DokanFS 0.6.0 en NoMachine en versiones anteriores a la 6.4.6 en Windows 10 permite que los usuarios locales provoquen una denegación de servicio (BSOD) debido a que se puede leer la memoria no inicializada. • https://www.nomachine.com/TR11P08975 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 4CVE-2018-17980 – NoMachine < 5.3.27 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-17980
12 Oct 2018 — NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.). NoMachine en versiones anteriores a la 5.3.27 y versiones 6.x anteriores a la 6.3.6 permite que los atacantes obtengan privilegi... • https://packetstorm.news/files/id/149784 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0664
https://notcve.org/view.php?id=CVE-2018-0664
04 Sep 2018 — A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors. Una vulnerabilidad en NoMachine App para Android 5.0.63 y anteriores permite que los atacantes alteren las variables de entorno mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN14451678/index.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 3CVE-2018-6947 – NoMachine < 6.0.80 (x86) - 'nxfuse' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-6947
23 Feb 2018 — An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10. Una variable de pila no inicializada en el componente nxfuse de la biblioteca Open Source DokanFS incluida en NoMachine, en versiones 6.0.66_2 y anteriores, permite que un usuario local con pocos privilegios eleve sus privil... • https://packetstorm.news/files/id/146544 • CWE-665: Improper Initialization •
CVSS: 9.0EPSS: 6%CPEs: 3EXPL: 1CVE-2017-12763 – NoMachine 5.3.9 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-12763
29 Aug 2017 — An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. Una utilidad del servidor sin especificar en NoMachine en versiones anteriores a la 5.3.10 en Mac OS X y Linux permite que usuarios autenticados obtengan privilegios obteniendo acceso a archivos locales. • https://www.exploit-db.com/exploits/42460 • CWE-276: Incorrect Default Permissions •