4 matches found
CVE-2019-1010100
CVE-2019-1010100 affects Akeo Consulting Rufus 3.0 and earlier. The vulnerability is DLL search order hijacking in executable installers/portable executables on the site. Root cause: DLL search order issue leading to Arbitrary code execution with escalation of privilege. Documented attack referen...
CVE-2019-1010101
CVE-2019-1010101 affects Akeo Consulting Rufus 3.0 and earlier. The vulnerability is described as Insecure Permissions that enable arbitrary code execution with elevation of privilege. Affected component is the Executable installer and portable executable (ALL executables). Attack vectors are CWE...
CVE-2017-13083
CVE-2017-13083 relates to Akeo Consulting Rufus (pre-2.17.1187) failing to securely validate downloads over HTTP, allowing a MITM to cause arbitrary code execution via manipulated updates. Affected: Rufus before 2.17.1187. Root cause: update integrity checked but not validated against a trusted C...
CVE-2026-23988
CVE-2026-23988 affects Rufus 4.11 and earlier. A TOCTOU race in the Fido PowerShell script handling (in src/net.c) occurs while the script is created, validated, and executed. Rufus runs with Administrator privileges but writes the script to %TEMP% (writable by standard users) without proper lock...