21 matches found
CVE-2023-53984
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing...
CVE-2023-53984
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing...
CVE-2023-53984 HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing...
CVE-2023-53984
The CVE-2023-53984 entry concerns Clevo HotKey Clipboard version 2.1.0.6, which is affected by an unquoted service path in the HKClipSvc service. This misconfiguration allows local non-privileged users to potentially execute code with SYSTEM privileges by placing malicious executables in specific...
PT-2026-2416
Name of the Vulnerable Software and Affected Versions Clevo HotKey Clipboard version 2.1.0.6 Description The Clevo HotKey Clipboard software version 2.1.0.6 has an issue with the HKClipSvc service. A misconfigured service path could allow local users without administrative privileges to potential...
Clevo HotKey Clipboard 代码问题漏洞
Clevo HotKey Clipboard is a clipboard enhancement tool from Blue Sky Computer Clevo of Taiwan, China. A code issue vulnerability exists in Clevo HotKey Clipboard version 2.1.0.6, which stems from an unquoted service path, and could lead to a local, unprivileged user executing code with system...
CVE-2025-11577
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...
EUVD-2025-34225
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...
CVE-2025-11577
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...
CVE-2025-11577
CVE-2025-11577 concerns Clevo UEFI firmware updates that were found to contain private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposed keys could allow an attacker to sign malicious firmware that would be validated as trusted during pre-boot, potentially compro...
CVE-2025-11577 Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...
CVE-2025-11577 Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...
PT-2025-41852
Name of the Vulnerable Software and Affected Versions Clevo UEFI firmware update packages, including B10717.exe Description The UEFI firmware update packages inadvertently included private signing keys used for Boot Guard and Boot Policy Manifest verification. Exposure of these keys could allow...
Clevo UEFI 安全漏洞
Clevo UEFI is a firmware interface from Blue Sky Computer Clevo of Taiwan, China. A security vulnerability exists in Clevo UEFI that stems from the inclusion of a private signing key in firmware update packages, which could lead to malicious firmware being trusted...
Clevo UEFI firmware embedded BootGuard keys compromising Clevo's implementation of BootGuard
Overview Clevo’s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo’s Boot Guard trust chain, potentially compromising the pre-boot...
HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path
Exploit Title: HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path Date: 2023/01/17 Exploit Author : Wim Jaap van Vliet Vendor Homepage: www.clevo.com.tw Software Link: https://enstrong.blob.core.windows.net/en-driver/PDXXPNX1/Others/CC301006.zip Version: 2.1.0.6 Tested on:...
HotKey Clipboard 2.1.0.6 Unquoted Service Path
Exploit Title: HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path Date: 2023/01/17 Exploit Author : Wim Jaap van Vliet Vendor Homepage: www.clevo.com.tw Software Link: https://enstrong.blob.core.windows.net/en-driver/PDXXPNX1/Others/CC301006.zip Version: 2.1.0.6 Tested on:...
HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path Vulnerability
Exploit Title: HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path Exploit Author : Wim Jaap van Vliet Vendor Homepage: www.clevo.com.tw Software Link: https://enstrong.blob.core.windows.net/en-driver/PDXXPNX1/Others/CC301006.zip Version: 2.1.0.6 Tested on: Windows 11 Pro...
clevo.com.tw Cross Site Scripting vulnerability OBB-2916066
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
clevo.com.tw Cross Site Scripting vulnerability OBB-2626284
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...