CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Inetc Project: >> Inetc Security Vulnerabilities

CVE-2015-0941

The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a crafted certificate in a download session for Windows executable files.

CVSS Score

4.3

EPSS Score

0.003

Published

2015-03-22

Page 1

Vulnerabilities

Vulnerable Software

Inetc Project: >> Inetc Security Vulnerabilities

Products

Pricing

Contact Us