79 matches found
CVE-2020-14032
ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM...
Privilege escalation
ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM...
CVE-2020-14032
CVE-2020-14032 affects ASRock 4x4 BOX-R1000 BIOS prior to P1.40. The root cause is a lack of validation for ArgsStruct data in the SMM SmiGetVariable handling (SMI 0xEF), allowing an attacker to write to SMRAM and achieve code execution in SMM, leading to privilege escalation. CVSS metrics in NVD...
CVE-2020-14032
ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM...
ASRock 4x4 BOX-R1000 安全漏洞
ASRock Industrial 4x4 BOX-R1000 is a fan-shaped embedded box computer from ASRock Industrial. A security vulnerability exists in ASRock 4x4 BOX-R1000 BIOS versions prior to P1.40, which allows attackers to elevate privileges via code execution in SMM...
Exploit for CVE-2020-15368
How to exploit a vulnerable windows driver Exploit and Proof...
Unauthorized Access Vulnerability in Terminal Security Management System of ASRock
ASRock Terminal Security Management System is an integrated terminal security product solution for governmental and enterprise organizations. The product integrates anti-virus, terminal security control, terminal access, terminal audit, peripheral control, EDR and other functions, and is compatib...
SQL Injection Vulnerability in ASRock Terminal Security Management System
ASRock Terminal Security Management System is an integrated terminal security product solution for governmental and enterprise organizations. The product integrates anti-virus, terminal security control, terminal access, terminal audit, peripheral control, EDR and other functions, and is compatib...
Unauthorized Access Vulnerability in ASRock DAYS Disaster Recovery Software (CNVD-2021-17379)
ASRock DAYS disaster recovery software belongs to DAYS series of optional products, which integrates disaster recovery, fault tolerance, backup and query functions, and provides one-stack infrastructure, the same disaster recovery management, elasticity, multi-layer data protection, smooth...
Weak Password Vulnerability in ASRock DAYS Disaster Recovery Software
ASRock DAYS disaster recovery software belongs to DAYS series of optional products, which integrates disaster recovery, fault tolerance, backup and query functions, and provides one-stack infrastructure, the same disaster recovery management, elasticity, multi-layer data protection, smooth...
File Upload Vulnerability in WaveRock DAYS Disaster Recovery Software
ASRock DAYS disaster recovery software belongs to DAYS series of optional products, which integrates disaster recovery, fault tolerance, backup and query functions, and provides one-stack infrastructure, the same disaster recovery management, elasticity, multi-layer data protection, smooth...
asrock.com Cross Site Scripting vulnerability OBB-1220288
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Unspecified Vulnerability in ASRock RGB Driver
ASRock RGB Driver is a RGB three primary colors light mode light driver from ASRock Taiwan, China. A security vulnerability exists in the AsrDrv103.sys file in ASRock RGB Driver, which originates from the program's failure to properly restrict access from user space. No details of the vulnerabili...
CVE-2020-15368
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3...
Design/Logic Flaw
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3...
CVE-2020-15368
CVE-2020-15368 involves ASRock RGB Driver’s AsrDrv103.sys, which fails to restrict user-space access. The Red Hat advisory and other sources confirm the issue can be triggered via a crafted request to CR3, enabling kernel-level code execution (e.g., triple fault scenario) and potential post-explo...
CVE-2020-15368
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2020-15368
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3...
PT-2020-6648
Name of the Vulnerable Software and Affected Versions ASRock RGB Driver versions with AsrDrv103.sys affected versions not specified Description The issue is related to the AsrDrv103.sys driver in the ASRock RGB Driver, which does not properly restrict access from user space. This can be...
CVE-2020-15368
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3...