Skip to main content

Client

13 CVEs product

Monthly

CVE-2023-45160 HIGH This Week

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Microsoft Client
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45159 HIGH This Week

1E Client installer can perform arbitrary file deletion on protected files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-3892 HIGH This Week

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

XXE Assistant Client
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2020-27645 HIGH This Week

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Client
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-27644 HIGH This Week

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Client
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-27643 MEDIUM This Month

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Client
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-16268 HIGH This Week

The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Client
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2018-7687 HIGH This Week

The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Client
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-0799 CRITICAL Emergency

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.5% and no vendor patch available.

OpenSSL Denial Of Service Buffer Overflow Client Steel Belted Radius
NVD
CVSS 3.0
9.8
EPSS
43.5%
CVE-2016-0800 MEDIUM POC THREAT This Month

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 90.4%.

OpenSSL Information Disclosure Oracle Client Steel Belted Radius
NVD
CVSS 3.0
5.9
EPSS
90.4%
Threat
5.4
CVE-2013-3705 MEDIUM This Month

The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Client
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-3956 HIGH POC Act Now

The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Client
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
2.2%
CVE-2013-3697 HIGH POC This Week

Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Client
NVD
CVSS 2.0
7.2
EPSS
0.0%
EPSS 1% CVSS 8.8
HIGH This Week

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

1E Client installer can perform arbitrary file deletion on protected files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

XXE Assistant Client
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Client
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Client
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Client
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Client
NVD
EPSS 44% CVSS 9.8
CRITICAL Emergency

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.5% and no vendor patch available.

OpenSSL Denial Of Service Buffer Overflow +2
NVD
EPSS 90% 5.4 CVSS 5.9
MEDIUM POC THREAT This Month

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 90.4%.

OpenSSL Information Disclosure Oracle +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Client
NVD
EPSS 2% CVSS 7.2
HIGH POC Act Now

The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Client
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH POC This Week

Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Client
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy