nullsoft nullsoft_scriptable_install_system の CVE(5 件)

CVE 件数: 5 CPE versions: View versions table

概要

本ページは nullsoft nullsoft_scriptable_install_system に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。

表示中 15 / 5 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-42171 NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references). [email protected] 7.8 0.21% 2026-04-24 2026-06-17
CVE-2025-43715 Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag. [email protected] 8.1 0.18% 2025-04-16 2026-06-17
CVE-2023-37378 Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. [email protected] 5.3 0.73% 2023-07-03 2026-06-17
CVE-2015-9268 Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. [email protected] 7.8 1.52% 2018-10-01 2026-06-16
CVE-2015-9267 Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. [email protected] 5.5 0.39% 2018-10-01 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence