An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
Max CVSS
9.1
EPSS Score
0.06%
Published
2023-08-04
Updated
2023-08-10
An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.
Max CVSS
5.3
EPSS Score
0.04%
Published
2023-02-03
Updated
2023-02-10
Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code.
Max CVSS
7.3
EPSS Score
0.05%
Published
2022-06-29
Updated
2022-07-08
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
Max CVSS
7.3
EPSS Score
0.04%
Published
2022-04-28
Updated
2022-05-07
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
Max CVSS
5.5
EPSS Score
0.04%
Published
2018-12-10
Updated
2020-08-24
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.).
Max CVSS
7.8
EPSS Score
0.28%
Published
2018-10-15
Updated
2019-01-22
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
Max CVSS
7.8
EPSS Score
0.09%
Published
2018-02-28
Updated
2019-10-03
A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors.
Max CVSS
9.8
EPSS Score
0.22%
Published
2018-09-04
Updated
2018-11-13
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
Max CVSS
9.0
EPSS Score
0.66%
Published
2017-08-29
Updated
2019-10-03
9 vulnerabilities found