CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Nullsoft 1Nullsoft Scriptable Install System May 18, 2026 Apr 24, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return...Show more |
1Nullsoft 1Nullsoft Scriptable Install System Nov 21, 2024 Jul 3, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. |
2Debian Nullsoft2Debian Linux Nullsoft Scriptable Install SystemNov 21, 2024 Oct 1, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriat...Show more |
2Debian Nullsoft2Debian Linux Nullsoft Scriptable Install SystemNov 21, 2024 Oct 1, 2018 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be...Show more |