Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Installbuilder Security Vulnerabilities

cve
cve

CVE-2020-3946

InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).

7.5CVSS

7.5AI Score

0.001EPSS

2020-04-20 08:15 PM
28
cve
cve

CVE-2021-22037

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path I...

7.8CVSS

7.5AI Score

0.001EPSS

2021-10-29 12:15 PM
33
cve
cve

CVE-2021-22038

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a poten...

8.8CVSS

8.5AI Score

0.001EPSS

2021-10-29 12:15 PM
37