CVE-2017-6952

Integer overflow in the cswinkernelmalloc function in winkernelmm.c in Capstone 3.0.4 and earlier allows attackers to cause a denial of service heap-based buffer overflow in a kernel driver or possibly have unspecified other impact via a large value...

CVE-2017-6952

Integer overflow in the cswinkernelmalloc function in winkernelmm.c in Capstone 3.0.4 and earlier allows attackers to cause a denial of service heap-based buffer overflow in a kernel driver or possibly have unspecified other impact via a large value...

Cirrus VGA Heap overflow via display refresh

ISSUE DESCRIPTION When a graphics update command gets passed to the VGA emulator, there are 3 possible modes that can be used to update the display: blank - Clears the display text - Treats the display as showing text graph - Treats the display as showing graphics After the display geometry gets...

[ASA-201703-8] linux: privilege escalation

Arch Linux Security Advisory ASA-201703-8 ========================================= Severity: High Date : 2017-03-14 CVE-ID : CVE-2017-2636 Package : linux Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-192 Summary ======= The package linux before version 4.10.2...

Linux kernel local privilege escalation flaw in n_hdlc（CVE-2017-2636）

This article discloses the exploitation of CVE-2017-2636, which is a race condition in the nhdlc Linux kernel driver drivers/tty/nhdlc.c. The described exploit gains root privileges bypassing Supervisor Mode Execution Protection SMEP. This driver provides HDLC serial line discipline and comes as ...

CVE-2017-0520

An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

Multiple Cisco Products Cisco TelePresence Software Input Validation Vulnerability

Cisco TelePresence Software is the United States Cisco Cisco company's set of video conferencing solutions known as & ldquo; telepresence & rdquo; system. The program provides audio, video space and other components that can provide remote participants with a & ldquo; face-to-face & rdquo; virtua...

CVE-2017-3792

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit MCU Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability is due to improper size validation when...

Cumulative update for Windows 10: February 9, 2016

Cumulative update for Windows 10: February 9, 2016 Summary This security update includes improvements in the functionality of Windows 10 and resolves the following vulnerabilities in Windows: 3137893 MS16-022: Security update for the .NET Framework to address denial of service: February 9, 2016...

CVE-2016-4307

A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to...

CVE-2016-4304

A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run progra...

CVE-2016-4305

A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to...

CVE-2016-4307

A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system’s kernel mode driver is related to deficiencies in access control for certain functions. Exploiting this vulnerability can allow a local attacker to enhance their privileges through a specially created application...

The vulnerability of the Windows operating system, which allows a perpetrator to disclose protected information

The vulnerability of the Windows operating system’s kernel mode driver is related to deficiencies in access control for certain functions. Exploiting this vulnerability can allow a local attacker to disclose sensitive information through a specially created application...

Avira Free Antivirus ssmdrv Kernel Driver Memory Corruption Privilege Escalation Vulnerability

This vulnerability allows attackers to escalate privileges on vulnerable installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of...

Microsoft Windows Kernel 'Win32k.sys' local elevation of privilege vulnerability (CNVD-2016-12463)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A local elevation of privilege vulnerability exists in the Microsoft Windows Kernel 'Win32k.sys'. An attacker could exploit this vulnerability to run arbitrary code in kernel mode...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system’s kernel mode driver is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating locally, to enhance their privileges through a specially created application...

Security feature bypass

A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode SMM services. This could lead to a denial of service attack or allow certain BIOS variables or...

CVE-2016-8222

CVE-2016-8222 concerns a signed kernel driver in Lenovo ThinkPad BIOS enabling a local attacker with Windows administrator privileges to call System Management Mode (SMM) services. This can cause denial of service or allow alteration of certain BIOS variables/settings (e.g., boot sequence); BIOS ...