Approved changes feed: RSS · Atom
cpe:2.3:a:akeo:rufus:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Akeo (0ad581b7-1242-5e58-b067-a3193460fc2d) |
|---|---|
| Product | Rufus (40841bd8-3a57-5f52-978f-4036872b763c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/pbatard/rufus |
purl2cpe | 2026-06-01 10:12:23.039049 |
pkg:sourceforge/rufus.mirror |
purl2cpe | 2026-06-01 10:12:23.039052 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-23988 |
vulnerable | 2026-06-08 07:51:16.496536 |
Rufus has Local Privilege Escalation via TOCTOU Race Condition in Fido Script Handling
HIGH (7.3)
Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition (TOCTOU) in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus runs with elevated privileges (Administrator) but writes the script to the %TEMP% directory (writeable by standard users) without locking the file, a local attacker can replace the legitimate script with a malicious one between the file write operation and the execution step. This allows arbitrary code execution with Administrator privileges. This issue has been fixed in version 4.12_BETA.
Published: 2026-01-22T21:52:26.925Z
Updated: 2026-01-23T20:13:25.446Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-1010101 |
vulnerable | 2026-06-08 05:12:21.604026 |
Details available
Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379.
Published: 2019-07-19T15:38:13.000Z
Updated: 2024-08-05T03:07:18.332Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-1010100 |
vulnerable | 2026-06-08 05:12:21.603627 |
Details available
Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.
Published: 2019-07-19T15:37:12.000Z
Updated: 2024-08-05T03:07:18.327Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.