Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Nullsoft Subscribe
Filtered by product Nullsoft Scriptable Install System
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9267 2 Debian, Nullsoft 2 Debian Linux, Nullsoft Scriptable Install System 2021-03-15 3.6 LOW 5.5 MEDIUM
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
CVE-2015-9268 2 Debian, Nullsoft 2 Debian Linux, Nullsoft Scriptable Install System 2021-03-15 9.3 HIGH 7.8 HIGH
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.