Vulnerabilities > Nullsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-03 | CVE-2023-37378 | Unspecified vulnerability in Nullsoft Scriptable Install System Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. | 5.3 |
| 2018-10-01 | CVE-2015-9268 | Improper Input Validation vulnerability in multiple products Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. | 9.3 |
| 2018-10-01 | CVE-2015-9267 | Improper Privilege Management vulnerability in multiple products Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. | 3.6 |
| 2014-05-23 | CVE-2014-3442 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. | 4.3 |
| 2014-04-16 | CVE-2013-4694 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. | 7.5 |
| 2012-07-22 | CVE-2012-4045 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file. | 7.5 |
| 2012-07-11 | CVE-2012-3890 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. | 6.8 |
| 2012-07-11 | CVE-2012-3889 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. | 6.8 |
| 2011-12-16 | CVE-2011-4857 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. | 10.0 |
| 2011-12-16 | CVE-2011-3834 | Numeric Errors vulnerability in Nullsoft Winamp Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow. | 9.3 |