Filtered by CWE-782
Total 18 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-20562 3 Amd, Linux, Microsoft 4 Amd Uprof, Uprof Tool, Linux Kernel and 1 more 2024-10-10 7.8 High
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
CVE-2023-20556 3 Amd, Linux, Microsoft 3 Amd Uprof, Linux Kernel, Windows 2024-10-10 5.5 Medium
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.
CVE-2023-20561 3 Amd, Linux, Microsoft 3 Amd Uprof, Linux Kernel, Windows 2024-10-10 5.5 Medium
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.
CVE-2021-21551 1 Dell 1 Dbutil 2 3.sys 2024-09-17 8.8 High
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
CVE-2024-33219 2024-08-20 7.8 High
An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
CVE-2021-25695 1 Teradici 1 Pcoip 2024-08-03 7.8 High
The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver.
CVE-2021-21786 1 Iobit 1 Advanced Systemcare Ultimate 2024-08-03 7.8 High
A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.
CVE-2021-21785 1 Iobit 1 Advanced Systemcare Ultimate 2024-08-03 5.5 Medium
An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.
CVE-2021-21788 1 Iobit 1 Advanced Systemcare Ultimate 2024-08-03 8.8 High
A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. A local attacker can send a malicious IRP to trigger this vulnerability.
CVE-2021-21787 1 Iobit 1 Advanced Systemcare Ultimate 2024-08-03 8.8 High
A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer is the device port to write to and the byte at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users.
CVE-2021-21792 1 Iobit 1 Advanced Systemcare Ultimate 2024-08-03 5.5 Medium
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read four bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.
CVE-2021-21791 1 Iobit 1 Advanced Systemcare Ultimate 2024-08-03 5.5 Medium
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.
CVE-2021-21790 1 Iobit 1 Advanced Systemcare Ultimate 2024-08-03 5.5 Medium
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.
CVE-2021-21789 1 Iobit 1 Advanced Systemcare Ultimate 2024-08-03 8.8 High
A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in the input buffer is the device port to write to and the dword at offset 4 is the value to write via the OUT instruction. A local attacker can send a malicious IRP to trigger this vulnerability.
CVE-2023-35841 1 Phoenix 1 Winflash Driver 2024-08-02 7.8 High
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.
CVE-2024-33218 1 Asus 1 Usb3.0 Boost Storage Driver 2024-08-02 7.8 High
An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
CVE-2024-33221 1 Asus 1 Bios Flash Driver 2024-08-02 7.8 High
An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
CVE-2024-32370 1 Hsc 1 Mailinspector 2024-08-02 9.8 Critical
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.