Vulnerabilities > Nomachine > Nomachine > 4.4.6

DATE CVE VULNERABILITY TITLE RISK
2023-08-04 CVE-2023-39107 Link Following vulnerability in Nomachine
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
network
low complexity
nomachine CWE-59
critical
9.1
2023-02-03 CVE-2022-48074 Unspecified vulnerability in Nomachine
An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.
local
low complexity
nomachine
5.3
2018-12-10 CVE-2018-20029 Use of Uninitialized Resource vulnerability in multiple products
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
local
low complexity
dokan-dev nomachine microsoft CWE-908
4.9
2018-10-15 CVE-2018-17980 Untrusted Search Path vulnerability in Nomachine
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed.
network
nomachine CWE-426
6.8
2018-02-28 CVE-2018-6947 Improper Initialization vulnerability in multiple products
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
local
low complexity
nomachine microsoft CWE-665
7.2
2017-08-29 CVE-2017-12763 Incorrect Default Permissions vulnerability in Nomachine
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
network
low complexity
nomachine apple linux CWE-276
critical
9.0