21 matches found
EUVD-2015-9110
Malware in sbrugna...
EUVD-2023-41280
Malicious code in bioql PyPI...
CVE-2025-43715
Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...
CVE-2025-43715
CVE-2025-43715 affects the Nullsoft Scriptable Install System (NSIS) prior to 3.11 on Windows. The root cause is that the temporary plugins directory is created under %WINDIR%\temp and an unprivileged user can win a race by placing a crafted executable, because EW_CREATEDIR does not consistently ...
CVE-2025-43715
Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...
CVE-2025-43715
Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...
CVE-2025-43715
Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...
Fedora: Security Advisory for mingw-nsis (FEDORA-2023-dfb6cc599f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : mingw-nsis (2023-dfb6cc599f)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-dfb6cc599f advisory. Update to 3.09, fixes CVE-2023-37378. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...
CVE-2023-37378
Nullsoft Scriptable Install System NSIS before 3.09 mishandles access control for an uninstaller directory...
Directory traversal
Nullsoft Scriptable Install System NSIS before 3.09 mishandles access control for an uninstaller directory...
CVE-2023-37378
Nullsoft Scriptable Install System NSIS before 3.09 mishandles access control for an uninstaller directory...
CVE-2023-37378
Nullsoft Scriptable Install System NSIS before 3.09 mishandles access control for an uninstaller directory...
Design/Logic Flaw
Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...
CVE-2015-9268
Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...
CVE-2015-9267
Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...
CVE-2015-9267
Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...
MGASA-2017-0271 Updated mingw-nsis packages fix security vulnerability
The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...
Updated mingw-nsis packages fix security vulnerability
The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...
CVE-2015-0941
The Inetc plugin for Nullsoft Scriptable Install System NSIS, as used in CERT/CC Failure Observation Engine FOE and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a craft...