25 matches found
EUVD-2015-9110
Malware in sbrugna...
EUVD-2023-41280
Malicious code in bioql PyPI...
CVE-2025-43715
Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...
DEBIAN-CVE-2025-43715
Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...
CVE-2025-43715
Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...
CVE-2025-43715
CVE-2025-43715 affects the Nullsoft Scriptable Install System (NSIS) prior to 3.11 on Windows. The root cause is that the temporary plugins directory is created under %WINDIR%\temp and an unprivileged user can win a race by placing a crafted executable, because EW_CREATEDIR does not consistently ...
CVE-2025-43715
Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...
CVE-2025-43715
Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...
Fedora: Security Advisory for mingw-nsis (FEDORA-2023-dfb6cc599f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : mingw-nsis (2023-dfb6cc599f)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-dfb6cc599f advisory. Update to 3.09, fixes CVE-2023-37378. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...
CVE-2023-37378
Nullsoft Scriptable Install System NSIS before 3.09 mishandles access control for an uninstaller directory...
Directory traversal
Nullsoft Scriptable Install System NSIS before 3.09 mishandles access control for an uninstaller directory...
CVE-2023-37378
Nullsoft Scriptable Install System NSIS before 3.09 mishandles access control for an uninstaller directory...
CVE-2023-37378
Nullsoft Scriptable Install System NSIS before 3.09 mishandles access control for an uninstaller directory...
GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry
E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for...
Design/Logic Flaw
Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...
CVE-2015-9268
Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...
UBUNTU-CVE-2015-9268
Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...
CVE-2015-9267
Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...
CVE-2015-9267
Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...