Lucene search

K

Windows Installer Security Vulnerabilities

cve
cve

CVE-2024-27244

Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local...

6.7CVSS

7AI Score

0.0004EPSS

2024-05-15 09:15 PM
19
cve
cve

CVE-2024-24694

Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local...

5.9CVSS

6.9AI Score

0.0004EPSS

2024-04-09 06:15 PM
28
cve
cve

CVE-2024-24692

Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-03-13 08:15 PM
14
cve
cve

CVE-2024-24693

Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local...

7.2CVSS

6.7AI Score

0.0004EPSS

2024-03-13 08:15 PM
16
cve
cve

CVE-2024-21436

Windows Installer Elevation of Privilege...

7.8CVSS

7.9AI Score

0.0004EPSS

2024-03-12 05:15 PM
160
cve
cve

CVE-2023-3181

The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-01-25 04:15 PM
17
cve
cve

CVE-2024-0770

A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached....

7.1CVSS

6.9AI Score

0.0004EPSS

2024-01-21 11:15 PM
9
cve
cve

CVE-2023-22818

Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code.....

7.8CVSS

7.9AI Score

0.001EPSS

2023-11-15 08:15 PM
15
cve
cve

CVE-2023-36705

Windows Installer Elevation of Privilege...

7.8CVSS

7.9AI Score

0.0005EPSS

2023-11-14 06:15 PM
224
cve
cve

CVE-2016-1203

Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being...

8.1CVSS

7.9AI Score

0.001EPSS

2023-10-31 01:15 PM
30
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS

8AI Score

0.732EPSS

2023-10-10 02:15 PM
2903
In Wild
cve
cve

CVE-2022-47631

Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM.....

7.8CVSS

7.6AI Score

0.0004EPSS

2023-09-14 10:15 PM
8
cve
cve

CVE-2022-47637

The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative...

6.7CVSS

6.5AI Score

0.0004EPSS

2023-09-12 10:15 PM
18
cve
cve

CVE-2023-25773

Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-08-11 03:15 AM
11
cve
cve

CVE-2023-36540

Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-08-08 06:15 PM
15
cve
cve

CVE-2023-36536

Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local...

8.2CVSS

7.7AI Score

0.0004EPSS

2023-07-11 06:15 PM
9
cve
cve

CVE-2023-34119

Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local...

8.2CVSS

7.7AI Score

0.0004EPSS

2023-07-11 06:15 PM
11
cve
cve

CVE-2023-32053

Windows Installer Elevation of Privilege...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-07-11 06:15 PM
44
cve
cve

CVE-2023-32050

Windows Installer Elevation of Privilege...

7CVSS

6.8AI Score

0.0004EPSS

2023-07-11 06:15 PM
58
cve
cve

CVE-2023-32016

Windows Installer Information Disclosure...

5.5CVSS

5.9AI Score

0.0004EPSS

2023-06-14 12:15 AM
68
cve
cve

CVE-2023-34122

Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-06-13 06:15 PM
18
cve
cve

CVE-2023-28603

Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper...

7.7CVSS

6.8AI Score

0.0004EPSS

2023-06-13 06:15 PM
17
cve
cve

CVE-2019-16283

A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-06-09 06:15 PM
16
cve
cve

CVE-2023-2939

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity:...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-05-30 10:15 PM
231
cve
cve

CVE-2022-33963

Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-05-10 02:15 PM
17
cve
cve

CVE-2023-24904

Windows Installer Elevation of Privilege...

7.1CVSS

7.3AI Score

0.001EPSS

2023-05-09 06:15 PM
81
cve
cve

CVE-2023-25815

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext() function's implicit initialization...

3.3CVSS

5.3AI Score

0.0005EPSS

2023-04-25 08:15 PM
107
cve
cve

CVE-2023-0664

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the...

7.8CVSS

7.2AI Score

0.0004EPSS

2023-03-29 08:15 PM
64
cve
cve

CVE-2023-0213

Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL...

8.8CVSS

7.8AI Score

0.0004EPSS

2023-03-29 11:15 AM
26
cve
cve

CVE-2023-25143

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected...

9.8CVSS

9.5AI Score

0.004EPSS

2023-03-10 09:15 PM
24
cve
cve

CVE-2023-22743

Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This...

7.3CVSS

7.1AI Score

0.0004EPSS

2023-02-14 09:15 PM
56
cve
cve

CVE-2023-21800

Windows Installer Elevation of Privilege...

7.8CVSS

8AI Score

0.001EPSS

2023-02-14 08:15 PM
60
cve
cve

CVE-2022-31611

NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to...

7.3CVSS

7.5AI Score

0.0004EPSS

2023-02-07 03:15 AM
40
cve
cve

CVE-2022-42291

NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this...

8.2CVSS

5.9AI Score

0.0004EPSS

2023-02-07 03:15 AM
50
cve
cve

CVE-2022-47632

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed...

6.8CVSS

6.9AI Score

0.001EPSS

2023-01-27 03:15 PM
21
cve
cve

CVE-2023-21542

Windows Installer Elevation of Privilege...

7CVSS

6.8AI Score

0.0004EPSS

2023-01-10 10:15 PM
62
cve
cve

CVE-2022-36929

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-01-09 07:15 PM
31
cve
cve

CVE-2022-36924

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM...

8.8CVSS

7.8AI Score

0.0004EPSS

2022-11-17 11:15 PM
33
5
cve
cve

CVE-2022-36400

Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.7AI Score

0.0004EPSS

2022-11-11 04:15 PM
32
5
cve
cve

CVE-2022-36380

Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

7.3AI Score

0.0004EPSS

2022-11-11 04:15 PM
30
5
cve
cve

CVE-2022-36384

Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

7.3AI Score

0.0004EPSS

2022-11-11 04:15 PM
31
5
cve
cve

CVE-2022-41796

Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...

7.8CVSS

7.7AI Score

0.001EPSS

2022-10-24 02:15 PM
769
8
cve
cve

CVE-2010-1968

Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than...

7.1AI Score

0.001EPSS

2022-10-03 04:21 PM
21
cve
cve

CVE-2010-1967

Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown...

6.3AI Score

0.0004EPSS

2022-10-03 04:20 PM
23
cve
cve

CVE-2010-1971

Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than...

7.1AI Score

0.001EPSS

2022-10-03 04:20 PM
25
cve
cve

CVE-2010-1970

Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown...

6.5AI Score

0.0004EPSS

2022-10-03 04:20 PM
28
cve
cve

CVE-2022-41975

RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair...

7.8CVSS

7.8AI Score

0.0004EPSS

2022-09-30 06:15 PM
109
5
cve
cve

CVE-2022-38764

A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product...

7.8CVSS

7.5AI Score

0.0004EPSS

2022-09-19 06:15 PM
30
2
cve
cve

CVE-2022-37173

An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on...

7.8CVSS

7.7AI Score

0.0004EPSS

2022-08-30 09:15 PM
31
8
cve
cve

CVE-2016-15003

A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated....

7.8CVSS

7.9AI Score

0.001EPSS

2022-07-18 09:15 AM
23
4
Total number of security vulnerabilities238