Lucene search
+L

20 matches found

nvd
nvd
added yesterday7 views

CVE-2026-15029

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS0.00118EPSS
Exploits0References1
nvd
nvd
added yesterday8 views

CVE-2026-13585

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...

8.2CVSS0.00112EPSS
Exploits0References1
cve
cve
added yesterday11 views

CVE-2026-15029

The CVE-2026-15029 entry covers an Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager. The vulnerability permits a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests...

8.4CVSS6.2AI score0.00118EPSS
Exploits0References1
cve
cve
added yesterday9 views

CVE-2026-15030

The CVE-2026-15030 entry concerns ASUS components: System Control Interface v3, System Control Interface, and ASUS Business Manager. The weakness is an out-of-bounds read caused by a crafted IOCTL request that bypasses validation, enabling a local administrator to read memory regions beyond the i...

5.6CVSS6.1AI score0.00101EPSS
Exploits0References1
cvelist
cvelist
added yesterday30 views

CVE-2026-13585

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...

8.2CVSS0.00112EPSS
Exploits0References1
cve
cve
added yesterday11 views

CVE-2026-13585

The CVE-2026-13585 affects the ASUS System Control Interface (SCI) driver and ASUS Business Manager. The root cause is Allocation of Resources Without Limits and Throttling, leading to potential exposure of sensitive information via crafted IOCTL requests. A local administrator can leverage this ...

8.2CVSS6AI score0.00112EPSS
Exploits0References1
nvd
nvd
added 2026/07/03 3:16 a.m.12 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS0.00124EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/03 2:0 a.m.8 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References2
euvd
euvd
added 2026/07/03 2:0 a.m.8 views

EUVD-2026-41483

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/03 2:0 a.m.40 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS0.00124EPSS
Exploits0References1
cve
cve
added 2026/07/03 2:0 a.m.24 views

CVE-2026-8921

The CVE-2026-8921 entry concerns ASUS Business Manager. It describes an External Control of File Name or Path vulnerability that allows a local user to execute arbitrary code with SYSTEM privileges by sending a tampered IPC message. Affected product is ASUS Business Manager; the root cause is con...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/03 12:0 a.m.12 views

PT-2026-55492

Name of the Vulnerable Software and Affected Versions ASUS Business Manager affected versions not specified Description An External Control of File Name or Path issue allows a local user to execute arbitrary code with SYSTEM privileges. This is achieved by tampering with an Inter-Process...

8.5CVSS6.4AI score0.00124EPSS
Exploits0References5
zdi
zdi
added 2026/06/10 12:0 a.m.14 views

ASUS MyASUS Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ASUS Software Manage...

7.8CVSS6AI score0.00135EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/03 3:11 a.m.9 views

CVE-2025-13348

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...

8.5CVSS5.7AI score0.00104EPSS
Exploits0References1
euvd
euvd
added 2026/02/02 2:0 a.m.7 views

EUVD-2025-206616

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...

8.5CVSS5.7AI score0.00104EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/02 2:0 a.m.31 views

CVE-2025-13348

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...

8.5CVSS0.00104EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/02 2:0 a.m.4 views

CVE-2025-13348

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...

8.5CVSS6AI score0.00104EPSS
Exploits0References2
cve
cve
added 2026/02/02 2:0 a.m.22 views

CVE-2025-13348

Summary : CVE-2025-13348 describes an improper access control vulnerability in the ASUS Secure Delete Driver of ASUS Business Manager. A local attacker can trigger it with a crafted request, potentially enabling creation of arbitrary files in a specified path. This is tied to ASUS Security Adviso...

8.5CVSS6AI score0.00104EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/02/02 12:0 a.m.12 views

ASUS Business Manager 安全漏洞

ASUS Business Manager is a management tool suite provided by ASUS China. There is a security vulnerability in ASUS Business Manager, which stems from improper access control in the ASUS Secure Delete Driver. This vulnerability could allow local users to create arbitrary files at specified paths b...

8.5CVSS5.9AI score0.00104EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/02/02 12:0 a.m.9 views

PT-2026-5596

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...

8.5CVSS6AI score0.00104EPSS
Exploits0References2
Rows per page
Query Builder