ReportizFlow
Filtered by vendor Clash Project
Subscriptions
Filtered by product Clash
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24205 | 1 Clash Project | 1 Clash | 2024-11-21 | 9.8 Critical |
| Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | ||||
| CVE-2022-40126 | 1 Clash Project | 1 Clash | 2024-11-21 | 7.8 High |
| A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. | ||||
| CVE-2022-26255 | 1 Clash Project | 1 Clash | 2024-11-21 | 9.8 Critical |
| Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. | ||||
| CVE-2020-24772 | 1 Clash Project | 1 Clash | 2024-11-21 | 8.8 High |
| In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking). | ||||
Page 1 of 1.