CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

CVE-2024-12668 Velocidex WinPmem Out of Bounds Write Vulnerability

Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the...