Filtered by vendor Nullsoft
Subscriptions
Filtered by product Nullsoft Scriptable Install System
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-37378 | 1 Nullsoft | 1 Nullsoft Scriptable Install System | 2023-11-07 | 5.3 Medium |
Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. | ||||
CVE-2015-9267 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2021-03-15 | 5.5 Medium |
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. | ||||
CVE-2015-9268 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2021-03-15 | 7.8 High |
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. |
Page 1 of 1.