Vulnerabilities (CVE)

Filtered by vendor Nomachine Subscribe
Filtered by product Nomachine
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-7253 1 Nomachine 1 Nomachine 2024-11-26 N/A 7.8 HIGH
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within nxnode.exe. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-24039.
CVE-2023-39107 2 Apple, Nomachine 2 Macos, Nomachine 2024-11-21 N/A 9.1 CRITICAL
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
CVE-2022-34043 1 Nomachine 1 Nomachine 2024-11-21 4.4 MEDIUM 7.3 HIGH
Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code.
CVE-2021-33436 2 Microsoft, Nomachine 2 Windows, Nomachine 2024-11-21 6.2 MEDIUM 7.3 HIGH
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
CVE-2018-6947 2 Microsoft, Nomachine 4 Windows 10, Windows 7, Windows 8 and 1 more 2024-11-21 7.2 HIGH 7.8 HIGH
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
CVE-2018-20029 3 Dokan-dev, Microsoft, Nomachine 3 Dokanfs, Windows 10, Nomachine 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-17980 1 Nomachine 1 Nomachine 2024-11-21 6.8 MEDIUM 7.8 HIGH
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.).
CVE-2018-0664 1 Nomachine 1 Nomachine 2024-11-21 7.5 HIGH 9.8 CRITICAL
A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors.
CVE-2017-12763 3 Apple, Linux, Nomachine 3 Mac Os X, Linux Kernel, Nomachine 2024-11-21 9.0 HIGH 8.8 HIGH
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.