CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010101
https://notcve.org/view.php?id=CVE-2019-1010101
19 Jul 2019 — Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379. Akeo Consulting Rufus versión 3.0 y anteriores están afectados por: Permisos No Seguros. • http://seclists.org/oss-sec/2018/q2/146 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010100
https://notcve.org/view.php?id=CVE-2019-1010100
19 Jul 2019 — Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427. Akeo Consulting Rufus versión 3.0 y anteriores, está afectado por: el secuestro de orden de búsqueda de DLL. • http://seclists.org/oss-sec/2018/q2/146 • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •