Vulnerabilities > Nomachine

DATE CVE VULNERABILITY TITLE RISK
2021-12-07 CVE-2021-42983 Classic Buffer Overflow vulnerability in Nomachine Enterprise Client
NoMachine Enterprise Client is affected by Buffer Overflow.
local
low complexity
nomachine CWE-120
7.2
2021-12-07 CVE-2021-42986 Integer Overflow or Wraparound vulnerability in Nomachine Enterprise Client
NoMachine Enterprise Client is affected by Integer Overflow.
local
low complexity
nomachine CWE-190
7.2
2018-12-10 CVE-2018-20029 Use of Uninitialized Resource vulnerability in multiple products
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
local
low complexity
dokan-dev nomachine microsoft CWE-908
4.9
2018-10-15 CVE-2018-17980 Untrusted Search Path vulnerability in Nomachine
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed.
network
nomachine CWE-426
6.8
2018-09-04 CVE-2018-0664 Improper Input Validation vulnerability in Nomachine 5.0.63
A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors.
network
low complexity
nomachine CWE-20
7.5
2018-02-28 CVE-2018-6947 Improper Initialization vulnerability in multiple products
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
local
low complexity
nomachine microsoft CWE-665
7.2
2017-08-29 CVE-2017-12763 Incorrect Default Permissions vulnerability in Nomachine
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
network
low complexity
nomachine apple linux CWE-276
critical
9.0
2012-09-19 CVE-2012-5003 Improper Authentication vulnerability in Nomachine NX web Companion
nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file.
network
nomachine CWE-287
6.8
2011-10-04 CVE-2011-3977 Local Privilege Escalation vulnerability in NX Server 'nxconfigure.sh'
Unspecified vulnerability in nxconfigure.sh in NoMachine NX Node 3.x before 3.5.0-4 and NX Server 3.x before 3.5.0-5 allows local users to read arbitrary files via unknown vectors.
local
low complexity
nomachine
7.2
2007-01-31 CVE-2007-0625 Remote Denial Of Service vulnerability in NoMachine NX Server NXCONFIGURE.SH
nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.
local
low complexity
nomachine
4.9