Category Archives: Advisories

CVE-2020-12775

Read Time:12 Second

Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service.

Read More

USN-5309-1: virglrenderer vulnerabilities

Read Time:19 Second

It was discovered that virglrenderer incorrectly handled memory. An
attacker inside a guest could use this issue to cause virglrenderer to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-0135)

It was discovered that virglrenderer incorrectly initialized memory. An
attacker inside a guest could possibly use this issue to obtain sensitive
host information. (CVE-2022-0175)

Read More

Dll Hijacking Vulnerability found in Rufus-3.17.1846 from Akeo Consulting

Read Time:24 Second

Posted by YEUNG, Tsz Ko on Feb 28

Hi all,

I would like to disclose a vulnerability that I just found today.

Details below:

Vulnerable Software and Version:

1. Rufus 3.17.1846 executable
2. Rufus 3.17.1846 portable executable

Vulnerable software download link:
https://rufus.ie/en/

https://github.com/pbatard/rufus/releases/tag/v3.17

Date discovered and reported:
25 Feb 2022

Description:
Both Rufus 3.17.1846 executable AND portable executable are suffering from DLL…

Read More