22 matches found
CVE-2025-64994
CVE-2025-64994 describes a privilege-escalation flaw in TeamViewer DEX (formerly 1E DEX) tied to the 1E-Nomad-SetWorkRate instruction prior to V17.1. The issue arises from improper handling of executable search paths, which could allow local attackers with write access to a PATH directory to esca...
CVE-2025-64988
Mode C: CVE-2025-64988 describes a command-injection in TeamViewer DEX (formerly 1E DEX) prior to V19.2, within the 1E-Nomad-GetCmContentLocations instruction. The root cause is improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands, enab...
CVE-2025-44016
CVE-2025-44016 – TeamViewer DEX Client (NomadBranch.exe) affects TeamViewer DEX Client Content Distribution Service on Windows prior to 25.11. A crafted request can bypass file integrity validation by supplying a valid hash for a malicious file, causing Nomad Branch to treat the file as trusted a...
CVE-2025-64986
TeamViewer DEX (formerly 1E DEX) is affected by a command injection vulnerability in the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior to V21. The root cause is improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands, w...
CVE-2025-64993
Summary: CVE-2025-64993 affects TeamViewer DEX (formerly 1E DEX). The issue is a command-injection in the 1E-ConfigMgrConsoleExtensions instructions caused by improper input validation. Impact: authenticated attackers with Actioner privileges can inject arbitrary commands, enabling remote executi...
CVE-2025-46266
CVE-2025-46266 describes a flaw in TeamViewer DEX Client (formerly 1E Client) – Content Distribution Service (NomadBranch.exe) prior to version 25.11 on Windows. The issue allows a malicious actor to coerce the NomadBranch service into transmitting data to an arbitrary internal IP address, potent...
CVE-2026-23571
CVE-2026-23571 concerns TeamViewer DEX (formerly 1E DEX). The vulnerability lies in the 1E-Nomad-RunPkgStatusRequest instruction, where improper input validation allows authenticated attackers with actioner privilege to inject and run elevated arbitrary commands on connected hosts. Affected conte...
CVE-2025-64992
CVE-2025-64992 describes a command injection in TeamViewer DEX (formerly 1E DEX), specifically in the 1E-Nomad-PauseNomadJobQueue instruction before version V25. The root cause is improper input validation that allows authenticated attackers with Actioner privileges to inject arbitrary commands, ...
CVE-2025-64989
CVE-2025-64989 describes a command-injection flaw in TeamViewer DEX (formerly 1E DEX), within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior to V21.1. The issue stems from improper input validation that allows authenticated attackers with Actioner privileges to inject and exe...
CVE-2026-23566
CVE-2026-23566 affects TeamViewer DEX Client (formerly 1E Client) Content Distribution Service (NomadBranch.exe) on Windows, with vulnerability in the UDP network handler that allows an adjacent-network attacker to inject, tamper with, or forge entries in the Nomad Branch.log. Suspected impact is...
CVE-2025-64995
CVE-2025-64995 affects TeamViewer DEX (formerly 1E DEX). The vulnerability is a privilege-escalation in the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior to version 3.4, caused by improper protection of the execution path on the local device. This issue could allow an at...
CVE-2026-23569
The CVE-2026-23569 issue affects TeamViewer DEX Client (NomadBranch.exe) on Windows, with affected versions prior to 26.1. It is described as an out-of-bounds read that allows a remote attacker to leak stack memory and cause a denial of service, with potential ASLR bypass. Impact is a denial of s...
CVE-2025-12687
CVE-2025-12687 affects TeamViewer DEX Client (Content Distribution Service, NomadBranch.exe) for Windows, with vulnerable versions prior to 25.11. A crafted command can cause an application crash, leading to service termination (Denial of Service). Multiple sources confirm the impact is an availa...
CVE-2025-64987
CVE-2025-64987 applies to TeamViewer DEX (formerly 1E DEX). The issue is a command injection in the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction caused by improper input validation. Authenticated attackers with Actioner privileges can inject arbitrary commands, enabling remote execution of ...
CVE-2026-23564
The CVE-2026-23564 entry describes a vulnerability in TeamViewer DEX Client (former 1E Client) – Content Distribution Service (NomadBranch.exe) on Windows, affecting versions prior to 26.1. The underlying issue enables an attacker on an adjacent network to coerce normally encrypted UDP traffic in...
CVE-2025-64991
CVE-2025-64991 describes a command injection vulnerability in TeamViewer DEX (formerly 1E DEX). The issue occurs in the 1E-PatchInsights-Deploy instruction before V15 due to improper input validation, enabling authenticated attackers with Actioner privileges to inject arbitrary commands and poten...
CVE-2026-23567
CVE-2026-23567 affects the TeamViewer DEX Client (Content Distribution Service, NomadBranch.exe) on Windows, prior to version 26.1. The issue is an integer underflow in the UDP command handler that can trigger a heap-based buffer overflow, leading to a denial-of-service (service crash) when proce...
CVE-2026-23570
The CVE-2026-23570 vulnerability affects the TeamViewer DEX Client (former 1E Client) Content Distribution Service, specifically NomadBranch.exe prior to version 26.1 on Windows. It arises from missing validation of a user-controlled value, allowing an adjacent network attacker to tamper with log...
CVE-2026-23565
The CVE-2026-23565 entry concerns TeamViewer DEX Client’s Content Distribution Service (NomadBranch.exe) on Windows, prior to version 26.1. The vulnerability allows an attacker on an adjacent network to cause the NomadBranch.exe process to terminate by sending crafted requests, resulting in a den...
CVE-2026-23568
The CVE-2026-23568 issue affects TeamViewer DEX Client (NomadBranch.exe) on Windows, described as an out-of-bounds read in versions prior to 26.1. A attacker on an adjacent network can send a specially crafted packet to trigger information disclosure or denial-of-service, with leaked memory poten...
CVE-2025-64990
TeamViewer DEX (formerly 1E DEX) contains a command injection in the 1E-Explorer-TachyonCore-LogoffUser instruction prior to V21.1. Root cause: improper input validation. Impact: authenticated attackers with Actioner privileges can inject arbitrary commands, enabling remote execution of elevated ...
CVE-2026-23563
Summary: CVE-2026-23563 affects TeamViewer DEX - 1E Client on Windows prior to 26.1, due to improper link resolution before file access. The bug is triggered by the 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction and allows a low‑privileged, local attacker to delete protected system files vi...