1734 matches found
K7 AntiVirus Null Pointer Dereference Vulnerability (CNVD-2018-00251)
K7 Antivirus is a suite of anti-virus software from the Indian company K7 Computing.K7Sentry.sys is one of the kernel-mode drivers used in K7 Computing's security products. A security vulnerability exists in K7 Antivirus version 15.1.0309 in K7Sentry.sys version 15.1.0.59. An attacker can exploit...
Race condition
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur...
Google Android NVIDIA component elevation of privilege vulnerability (CNVD-2017-36938)
Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and NVIDIA driver is a graphics driver developed by NVIDIA. An elevation of privilege vulnerability exists in the NVIDIA driver for Android, which stems from the program's failure to...
Symantec Encryption Desktop And Endpoint Encryption Local Privilege Escalation
Vulnerabilities in Symantec Encryption Desktop and Endpoint Encryption allow an attacker to attain arbitrary hard disk read and write access at sector level, and subsequently infect the target and gain low level persistence MBR/VBR. They also allow the attacker to execute code in the context of t...
Buffer overflow
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range...
Interface Aware Fuzzing for Kernel Drivers: DIFUZE
Device drivers are an essential part in modern Unix-like systems to handle operations on physical devices, from hard disks and printers to digital cameras and Bluetooth speakers. The surge of new hardware, particularly on mobile devices, introduces an explosive growth of device drivers in system...
CPUID CPU-Z Arbitrary Read/Write Privilege Elevation Vulnerability
CPUID CPU-Z is a free software package for collecting information about system devices. A security vulnerability exists in versions of CPUID CPU-Z prior to 1.43, which originates from a program that can send ioctl 0x9C402430 calls to the kernel mode driver to exploit the vulnerability by writing ...
CVE-2017-15303
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine while CPU-Z is running can issue an ioctl 0x9C402430 call to the kernel-mode driver e.g., cpuz141x64.sys for version 1.41...
CVE-2017-15302
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver e.g., cpuz143x64.sys for version 1.43 that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on t...
CVE-2017-8694
The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to...
Security Bulletin: NVIDIA Shield TV and Tablet contain multiple vulnerabilities
Vulnerability Details The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS. CVE-2016-6790 NVIDIA OpenMax Component contains a vulnerability in LIBNVRM where an input buffer is copied to an output buffer without checking the size of the input...
CVE-2017-11000
In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write...
Out-of-bounds
In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write...
CVE-2017-14344
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...
CVE-2017-14344
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...
Code injection
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...
CVE-2017-14344
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...
Code injection
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...
CVE-2017-14075
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...
CVE-2017-14153
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...