Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.001EPSS
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading...
7.8CVSS
7.8AI Score
0.001EPSS
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure...
5.5CVSS
6.7AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This....
7.8CVSS
8.2AI Score
0.0004EPSS
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege...
7.8CVSS
6.5AI Score
0.001EPSS
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege...
7.8CVSS
6.5AI Score
0.001EPSS
An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege...
7.8CVSS
8.5AI Score
0.0004EPSS
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege...
7.8CVSS
6.5AI Score
0.001EPSS
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer...
7.8CVSS
6.7AI Score
0.001EPSS
An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This....
7.8CVSS
8.2AI Score
0.0004EPSS
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842,...
5.5CVSS
6.4AI Score
0.001EPSS
An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This....
7.8CVSS
8.2AI Score
0.0004EPSS
An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL...
7.8CVSS
7.8AI Score
0.001EPSS
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial...
7CVSS
6.9AI Score
0.001EPSS
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same...
7.8CVSS
7.3AI Score
0.0004EPSS
Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID:...
7.5CVSS
7.1AI Score
0.001EPSS
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure...
5.5CVSS
6.3AI Score
0.001EPSS
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from...
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from...
Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
6.9AI Score
0.0004EPSS
A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code...
7.8CVSS
7.8AI Score
0.001EPSS
A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code...
7.5CVSS
7.9AI Score
0.002EPSS
A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code...
7.5CVSS
7.9AI Score
0.002EPSS
Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure...
3.3CVSS
5.8AI Score
0.001EPSS
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege...
7.8CVSS
8.5AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege...
5.5CVSS
7AI Score
0.0004EPSS
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary...
7CVSS
7.3AI Score
0.0004EPSS
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected...
9.8CVSS
9.2AI Score
0.003EPSS
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before...
5.5CVSS
5.5AI Score
0.0004EPSS
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the...
5.3CVSS
5.6AI Score
0.0004EPSS
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the...
7.8CVSS
7.8AI Score
0.0004EPSS
An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege...
5.5CVSS
6.6AI Score
0.001EPSS
Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current...
7.8CVSS
7.4AI Score
0.001EPSS
The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure...
7.8CVSS
7.5AI Score
0.001EPSS
Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer...
7.8CVSS
7.5AI Score
0.0004EPSS
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll...
7.8CVSS
7.9AI Score
0.002EPSS
Creative Cloud Desktop Application (installer) versions 4.7.0.400 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege...
7.8CVSS
7.4AI Score
0.001EPSS
Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local...
6.7CVSS
6.7AI Score
0.0004EPSS
Untrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...
7.8CVSS
7.7AI Score
0.001EPSS
Untrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...
7.8CVSS
7.7AI Score
0.001EPSS
Untrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...
7.8CVSS
7.7AI Score
0.001EPSS
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code...
Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...
7.8CVSS
7.7AI Score
0.001EPSS
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which...
5.5CVSS
5.4AI Score
0.0004EPSS
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...
7.8CVSS
7.7AI Score
0.001EPSS