Advisories

January 8, 2025 – Our colleagues Frederik Reiter and Jan-Luca Gruber found a vulnerability in the Damage Cleanup Engine of Trend Micro Apex One, which allows and attacker to delete a folder with high privileges. This can be leveraged to escalate privileges in the context of SYSTEM.

October 4, 2024 – The HP HotKey Support (HPHKS) software provides the support for handling the Hotkeys (fixed notebook buttons that provide quick access to a particular function when pressed) for HP’s business Notebooks.

September 12, 2024
AVG Internet Security is an antivirus software marketed to consumers.

July 15, 2024
The baramundi Management Agent is used for software distribution in enterprise environments.

May 1, 2024
Checkpoint Harmony is an enterprise security software protecting customers from malware.

May 1, 2024
Webroot Antivirus is an antivirus software. The vulnerability existed in both the end user product and the enterprise product.

April 1, 2024
Bitdefender produces different antivirus products. The privilege escalation vulnerability existed in Bitdefender Total Security, Internet Security, Antivirus Plus and Antivirus Free.

November 7, 2023
Sumatra PDF is an Open-Source PDF Reader. The vulnerability in this case was found in the installer for this product shipped by neo42 for Matrix 42 Unified Endpoint Management.

November 6, 2023
Bytello Share is a software used to share the screen of a device. The vulnerability was found in the installation process of the software.

November 5, 2023
OwnCloud offers file sharing and collaboration.

February 3, 2023
VMware Workstation is a virtualization software that allows to run several virtual machines in parallel on one device. These virtual machines can be managed via the software VMware Workstation Player or VMware Workstation Pro, which is installed on all systems used for managing virtual machines.

September 30, 2022 – During research, cirosec found a vulnerability in the remote access software from RealVNC.