CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 5CVE-2017-6008 – HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow
https://notcve.org/view.php?id=CVE-2017-6008
13 Sep 2017 — A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call. • https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 77%CPEs: 1EXPL: 5CVE-2017-9769 – Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess
https://notcve.org/view.php?id=CVE-2017-9769
22 Jul 2017 — A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. • http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess •
CVSS: 7.3EPSS: 0%CPEs: 38EXPL: 2CVE-2017-1297 – IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-1297
26 Jun 2017 — IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. ... IBM DB2 para Linux, Unix y Windows 9.2, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) es vulnerable a un buffer overflow basado en pila --stack-- causado por una inapropiada verificación de límites lo que podría permitir a un atacante local ejecutar códig... • https://packetstorm.news/files/id/143145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 9%CPEs: 3EXPL: 2CVE-2017-4916 – VMware Workstation 12 Pro - Denial of Service
https://notcve.org/view.php?id=CVE-2017-4916
22 May 2017 — VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine. ... La explotación con éxito de este problema puede permitir a los usuarios del host con privilegios de usuario normal desencadenar una denegación de servicio en una máquina host de Windows. VMware Workstation version 12 Pro suffers... • https://packetstorm.news/files/id/142868 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 15%CPEs: 12EXPL: 3CVE-2017-0263 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-0263
12 May 2017 — The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." Los controladores del modo kernel en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows versión 8.1, Windows<... • https://www.exploit-db.com/exploits/44478 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 1CVE-2017-7293 – Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7293
24 Apr 2017 — An example affected driver is Realtek Audio Driver 6.0.1.7898 on a Lenovo P50. ... Un ejemplo de controlador afectado es el Realtek Audio Driver 6.0.1.7898 en un Lenovo P50. The DAX2API service installed as part of the Realtek Audio Driver on Windows 10 is vulnerable to a privilege escalation vulnerability which allows a normal user to get arbitrary system privileges. • https://www.exploit-db.com/exploits/41933 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-3563 – Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-3563
20 Apr 2017 — The process hardening implemented by the VirtualBox driver can be circumvented to load arbitrary code inside a VirtualBox process giving access to the VBoxDrv driver which can allow routes to elevation of privilege from a normal user. • https://packetstorm.news/files/id/142230 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-0312 – NVIDIA Driver 375.70 - DxgkDdiEscape 0x100008b Out-of-Bounds Read/Write
https://notcve.org/view.php?id=CVE-2017-0312
15 Feb 2017 — All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en el controlador de la capa del modo kernel (nvlddmkm.sys) para DxgkDdiEscapeID 0x100008b, donde la entrada proporciona... • https://www.exploit-db.com/exploits/41364 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-0313 – NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission
https://notcve.org/view.php?id=CVE-2017-0313
15 Feb 2017 — All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges. Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en la implementación de la capa de modo kernel (nvld... • https://www.exploit-db.com/exploits/41365 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-8823
https://notcve.org/view.php?id=CVE-2016-8823
16 Dec 2016 — All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en el controlador de la capa de modo kernel para DxgDdiEscape donde el tamaño de un búfer de entrada no se valida conduciendo a una denegación de servicio ... • https://github.com/SpiralBL0CK/NDAY_CVE_2016_8823 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •