Nomachine Security Vulnerabilities
nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.
6.3AI Score
0.001EPSS
Unspecified vulnerability in nxconfigure.sh in NoMachine NX Node 3.x before 3.5.0-4 and NX Server 3.x before 3.5.0-5 allows local users to read arbitrary files via unknown vectors.
6.3AI Score
0.0004EPSS
nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file.
7.8AI Score
0.054EPSS
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
8.8CVSS
8.5AI Score
0.007EPSS
A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors.
9.8CVSS
9AI Score
0.002EPSS
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is execut...
7.8CVSS
7.7AI Score
0.003EPSS
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
5.5CVSS
5.3AI Score
0.0004EPSS
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
7.8CVSS
7.4AI Score
0.001EPSS
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT...
7.3CVSS
7.5AI Score
0.0004EPSS
NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
8.8CVSS
8.8AI Score
0.0004EPSS
NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
8.8CVSS
8.8AI Score
0.0004EPSS
NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/...
8.8CVSS
8.8AI Score
0.0004EPSS
NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I...
8.8CVSS
8.8AI Score
0.0004EPSS
NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request P...
8.8CVSS
8.7AI Score
0.0004EPSS
NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Pa...
8.8CVSS
8.8AI Score
0.0004EPSS
NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O ...
8.8CVSS
8.8AI Score
0.0004EPSS
NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O...
8.8CVSS
8.7AI Score
0.0004EPSS
Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code.
7.3CVSS
7.4AI Score
0.0005EPSS
An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.
5.3CVSS
5.8AI Score
0.0005EPSS
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
9.1CVSS
8.9AI Score
0.001EPSS