11 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. • https://vuldb.com/?ctiid.246421 https://vuldb.com/?id.246421 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. Una vulnerabilidad de ruta de búsqueda no confiable en notepad++ 6.5 permite a los usuarios locales obtener privilegios aumentados a través del archivo msimg32.dll en el directorio de trabajo actual. • https://github.com/xieqiang11/poc-1/tree/main • CWE-427: Uncontrolled Search Path Element •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. • https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. • https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. • https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •