Lucene search
+L
Clash ProjectClash

4 matches found

CVE
CVE
added 2022/03/27 11:15 p.m.74 views

CVE-2022-26255

CVE-2022-26255 affects Clash for Windows v0.19.8. The issue allows arbitrary code execution via a crafted payload injected into the Proxies name column. Connected sources corroborate the impact across multiple records (Red Hat, NVD, OSV, CNNVD, PT Security) without specifying a vendor-provided pa...

9.8CVSS9.6AI score0.01674EPSS
CVE
CVE
added 2023/02/23 12:0 a.m.69 views

CVE-2023-24205

CVE-2023-24205 affects Clash for Windows v0.20.12, with a remote code execution (RCE) vulnerability exploitable via overwriting the configuration file (cfw-setting.yaml). The NVD/NVD-derived metrics assign CVSSv3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). Root cau...

9.8CVSS9.9AI score0.01287EPSS
CVE
CVE
added 2022/09/29 11:48 a.m.68 views

CVE-2022-40126

CVE-2022-40126 describes a misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 that allows privilege escalation and arbitrary command execution when Service Mode is activated. Public sources consistently identify the affected software as Clash for Windows and the v...

7.8CVSS8.1AI score0.00318EPSS
CVE
CVE
added 2022/03/21 2:48 p.m.66 views

CVE-2020-24772

Affected software: Dreamacro Clash for Windows v0.11.4. The vulnerability arises when an attacker embeds a malicious iframe in a website with a crafted URL that launches the Clash Windows client and forces it to open a remote SMB share. Windows will perform NTLM authentication when accessing the ...

8.8CVSS8.8AI score0.00634EPSS