CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6401 – NotePad++ dbghelp.exe uncontrolled search path
https://notcve.org/view.php?id=CVE-2023-6401
30 Nov 2023 — A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. • https://vuldb.com/?ctiid.246421 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47452
https://notcve.org/view.php?id=CVE-2023-47452
30 Nov 2023 — An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. Una vulnerabilidad de ruta de búsqueda no confiable en notepad++ 6.5 permite a los usuarios locales obtener privilegios aumentados a través del archivo msimg32.dll en el directorio de trabajo actual. • https://github.com/xieqiang11/poc-1/tree/main • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40166 – Notepad++ heap buffer read overflow in FileManager::detectLanguageFromTextBegining
https://notcve.org/view.php?id=CVE-2023-40166
25 Aug 2023 — Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. • https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40164 – Notepad++ global buffer read overflow in nsCodingStateMachine::NextState
https://notcve.org/view.php?id=CVE-2023-40164
25 Aug 2023 — Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. • https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40036 – Notepad++ global buffer read overflow in CharDistributionAnalysis::HandleOneChar
https://notcve.org/view.php?id=CVE-2023-40036
25 Aug 2023 — Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. • https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-40031 – Notepad++ vulnerable to heap buffer write overflow in Utf8_16_Read::convert
https://notcve.org/view.php?id=CVE-2023-40031
25 Aug 2023 — Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++. • https://github.com/webraybtl/CVE-2023-40031 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31902
https://notcve.org/view.php?id=CVE-2022-31902
01 Feb 2023 — Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). • https://github.com/CDACesec/CVE-2022-31902 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31901
https://notcve.org/view.php?id=CVE-2022-31901
19 Jan 2023 — Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files. El desbordamiento de búfer en la función Notepad_plus::addHotSpot en Notepad++ v8.4.3 y versiones anteriores permite a los atacantes bloquear la aplicación mediante dos archivos manipulados. • https://github.com/CDACesec/CVE-2022-31901 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32168 – notepad-plus-plus - DLL Hijacking
https://notcve.org/view.php?id=CVE-2022-32168
28 Sep 2022 — Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. Notepad++ versiones 8.4.1 y anteriores, son vulnerables a un secuestro de DLL, donde un atacante puede reemplazar la dll vulnerable (UxTheme.dll) por su propia dll y ejecutar código arbitrario en el contexto de Notepad++ • https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2019-16294 – Notepad++ < 7.7 (x64) - Denial of Service
https://notcve.org/view.php?id=CVE-2019-16294
14 Sep 2019 — SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. La biblioteca SciLexer.dll en Scintilla en Notepad ++ (x64) versiones anteriores a 7.7, permite la ejecución de código remota o la denegación de servicio por medio de caracteres Unicode en un archivo .ml diseñado. Notepad++ (x64) versions prior to 7.7 allow remote code execution or denial of service via a crafted .ml file. • https://packetstorm.news/files/id/154706 • CWE-787: Out-of-bounds Write •