CVE-2020-5898

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \.\urvpndrv device causing the Windows kernel to crash...

CVE-2012-0952

A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53...

DEBIAN-CVE-2012-0952

A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53...

CVE-2012-0952

A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53...

AMD ATI atillk64.sys Elevation of Privilege Vulnerability

AMD ATI atillk64.sys is an American AMD driver that enables Windows to control computer hardware. A security vulnerability exists in AMD ATI atillk64.sys version 5.11.9.0. The vulnerability can be exploited by an attacker to gain NT AUTHORITYSYSTEM privileges with the help of DeviceIoControl call...

Buffer Overflow Vulnerability in AC9V3.0 Upgrade Software of Shenzhen Jixiang Tengda Technology Co.

AC9V3.0 upgrade software is a Gigabit Ethernet port wireless router from Shenzhen Jixiang Tengda Technology Co. Ltd. AC9V3.0 upgrade software has a buffer overflow vulnerability, which can be exploited by an attacker to cause a denial of service overwrite the return value of a function, and the...

Buffer overflow vulnerability in AC9V3.0 upgrade software of Shenzhen Jixiang Tengda Technology Co.(CNVD-2020-29381)

AC9V3.0 upgrade software is a Gigabit Ethernet port wireless router from Shenzhen Jixiang Tengda Technology Co. Ltd. AC9V3.0 upgrade software has a buffer overflow vulnerability, which can be exploited by an attacker to cause a denial of service overwrite the return value of a function, and the...

Buffer overflow vulnerability in AC9V3.0 upgrade software of Shenzhen Jixiang Tengda Technology Co.(CNVD-2020-29380)

AC9V3.0 upgrade software is a Gigabit Ethernet port wireless router from Shenzhen Jixiang Tengda Technology Co. Ltd. AC9V3.0 upgrade software has a buffer overflow vulnerability, which can be exploited by an attacker to cause a denial of service overwrite the return value of a function, and the...

Buffer overflow vulnerability in AC9V3.0 upgrade software of Shenzhen Jixiang Tengda Technology Co.(CNVD-2020-29378)

AC9V3.0 upgrade software is a wireless router with gigabit network port from Shenzhen Jixiang Tengda Technology Co. Ltd. AC9V3.0 upgrade software has a buffer overflow vulnerability, which can be exploited by an attacker to cause a denial of service overwrite the return value of a function, and t...

PT-2020-13060

Name of the Vulnerable Software and Affected Versions atillk64.sys version 5.11.9.0 Description The issue allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process...

Unspecified Vulnerability in Evenroute IQrouter

Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in Evenroute IQrouter 3.3.1 and earlier versions that stems from incorrect access control. An attacker can exploit the vulnerability to take control of the device reboot the network, upgrade, reset, etc...

CVE-2020-11967

In IQrouter through 3.3.1, remote attackers can control the device restart network, reboot, upgrade, reset because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

CVE-2020-11967

In IQrouter through 3.3.1, remote attackers can control the device restart network, reboot, upgrade, reset because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

D-Link DSL-2640B B2 Trust Management Issue Vulnerability

The D-Link DSL-2640B B2 is a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DSL-2640B B2 EU4.01B version, which comes with hard-coded accounts in the router. The vulnerability can be exploited by an attacker to log in to the management interface,...

CVE-2020-9279

An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device...

CVE-2020-9279

An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device...

Vastgota-Data ProVide Input Validation Error Vulnerability

Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A security vulnerability exists in Vastgota-Data ProVide version 13.1 and earlier. An attacker can exploit the vulnerability to bypass sandbox restrictions and take full control of the devi...

CRLF Injection

Xterm is vulnerable to CRLF Injection. A flaw was found in the xterm handling of Device Control Request Status String DECRQSS escape sequences. An attacker could create a malicious text file or log entry, if unfiltered that could run arbitrary commands if read by a victim inside an xterm window...

CVE-2020-10263

CVE-2020-10263 affects Xiaomi Xiao AI Speaker Pro LX06 with firmware 1.52.4. Multiple sources describe a local UART-accessible remote-root capability, enabling an attacker to: read Wi‑Fi SSID/password, access user dialogues, abuse TTS voice to spoof, eavesdrop, modify system files, issue IR codes...

CVE-2020-7628

umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization...