PT-2026-2937

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.20.1 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A heap use-after-free condition exists in the irp thread func function because the IRP is freed by irp-Complete and subsequently...

SUSE CVE-2020-11089

In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions parallelprocessirpcreate, serialprocessirpcreate, driveprocessirpwrite, printerprocessirpwrite, rdpeirecvpdu, serialprocessirpwrite. This has been fixed in 2.1.0...

CVE-2022-43588

A null pointer dereference vulnerability exists in the handleioctl83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet IRP can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability...

CVE-2021-43006

AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools = v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request...

CVE-2021-42986

NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O...

CVE-2021-42977

NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I...

Buffer overflow

NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/...

CVE-2021-42687

CVE-2021-42687 affects Accops HyWorks Windows Client prior to v3.2.8.200. The IOCTL Handler 0x22005B vulnerability allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packets. Impact: kerne...

CVE-2021-43638

The CVE-2021-43638 entry affects the Amazon WorkSpaces agent. The issue is an Integer Overflow in the IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537, allowing local attackers to execute arbitrary kernel‑mode code or cause a denial of service (memory corruption and OS cras...

Hunting for Bugs in Windows Mini-Filter Drivers

Posted by James Forshaw, Project Zero In December Microsoft fixed 4 issues in Windows in the Cloud Filter and Windows Overlay Filter WOF drivers CVE-2020-17103, CVE-2020-17134, CVE-2020-17136, CVE-2020-17139. These 4 issues were 3 local privilege escalations and a security feature bypass, and the...

NZXT CAM elevation of privilege vulnerability (CNVD-2020-73165)

NZXT CAM is a performance monitoring software for gaming computers from NZXT USA. The software can be used to manage computer performance, temperature, and devices to ensure that the computer is at optimal performance. NZXT CAM version 4.8.0 has an authorization issue vulnerability that stems fro...

CVE-2020-13519

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability...

CVE-2020-13510

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at ...