Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-6401 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2024-05-17 | 4.3 MEDIUM | 7.8 HIGH |
A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-47452 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2024-02-05 | N/A | 7.8 HIGH |
An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. | |||||
CVE-2019-16294 | 2 Notepad-plus-plus, Scintilla | 2 Notepad\+\+, Scintilla | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. | |||||
CVE-2017-8803 | 2 Mh-nexus, Notepad-plus-plus | 2 Hex Editor, Notepad\+\+ | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a "Data from Faulting Address controls Code Flow" issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands. |