PT-2023-16685 · Unknown · Filmfd.Sys +1

Name of the Vulnerable Software and Affected Versions: Twister Antivirus version 8.17 Description: A denial of service issue affects the IoControlCode Handler component in the filmfd.sys library. The manipulation with the function 0x801120E4 leads to denial of service. An attack must be approache...

PT-2023-16609 · Filseclab · Filseclab Twister Antivirus

Name of the Vulnerable Software and Affected Versions: Filseclab Twister Antivirus version 8.17 Description: A problematic issue has been found in the IoControlCode Handler component, specifically affecting the function 0x220017 in the ffsmon.sys library. This issue leads to denial of service and...

SUSE CVE-2018-5278

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce the issu...

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2815)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a...

curl: Incorrect handling of control code characters in cookies

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

Callback Technologies CBFS Filter 代码问题漏洞

Callback Technologies CBFS Filter is an interceptor from Callback Technologies, USA. Allows you to intercept and react to file system, registry and process manager operations as they occur. A code issue vulnerability exists in Callback Technologies CBFS Filter version 20.0.8317, which stems from ...

ROS-20221007-01

The cURL command line utility vulnerability is related to how cookies with control codes byte values less than 32 are processed. codes byte values less than 32. Exploitation of the vulnerability could allow an attacker acting remotely to send a cookie containing such control codes to a remote use...

Internet Bug Bounty: CVE-2022-35252: control code in cookie denial of service

https://hackerone.com/reports/1613943 Impact control code in cookie denial of service...

PT-2022-23983 · Uniwill · Sparkio.Sys

Name of the Vulnerable Software and Affected Versions: Uniwill SparkIO.sys driver version 1.0 Description: The issue is related to a stack-based buffer overflow in the Uniwill SparkIO.sys driver. This overflow can be triggered via IOCTL 0x40002008. Recommendations: For Uniwill SparkIO.sys driver...

Micro Star International Center 安全漏洞

Micro Star International Center is a new platform from Micro Star Technology Micro Star Inc. of Taiwan, China that combines all of MSI's exclusive features. Micro Star International Center has a security vulnerability that originates from an elevation of privilege LPE/EoP vulnerability in multipl...

CVE-2020-22061

SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140...

CVE-2021-42683

A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

CVE-2021-42682

An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

CVE-2021-42973

NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

CVE-2021-42980

NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request...

CVE-2021-43000

Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient = v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Reques...

CVE-2021-42994

Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

Eltima Usb Network Gate安全漏洞

Eltima Usb Network Gate is a powerful software from United Arab Emirates. It is used for remote Usb access via Internet or Lan. A security vulnerability exists in Eltima Usb Network Gate, which originates from the IOCTL handler 0x22001B in USB Network Gate above 7.0.1370 and below 9.2.2420 that c...

MAC1100 PLC Information Disclosure Vulnerability

The MAC1100 PLC is an industrial control product PLC. The MAC1100 PLC is vulnerable to an information disclosure vulnerability that could allow an attacker to remotely download control code from the PLC.The control code in the PLC could be a core company secret...