CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1626 – Jianming Antivirus IoControlCode kvcore.sys memory corruption
https://notcve.org/view.php?id=CVE-2023-1626
A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been declared as critical. This vulnerability affects unknown code in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Attacking locally is a requirement. • https://drive.google.com/file/d/1soMFXUAYkCttFDA_icry6q-irb2jdAxw/view https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned31 https://vuldb.com/?ctiid.224008 https://vuldb.com/?id.224008 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-14955
https://notcve.org/view.php?id=CVE-2020-14955
In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440. En Jiangmin Antivirus versión 16.0.13.129, el archivo controlador (KVFG.sys) permite a usuarios locales causar una denegación de servicio (BSOD) o posiblemente tener otro impacto no especificado por no comprobar los valores de entrada desde IOCtl 0x220440 • https://github.com/intrigus-lgtm/CVE-2020-14955 https://github.com/y5s5k5/CVE-2020-14955 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6787
https://notcve.org/view.php?id=CVE-2018-6787
In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x221808. En Jiangmin Antivirus 16.0.0.100, el archivo del controlador (KVFG.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x221808. • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KVFG_221808 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6777
https://notcve.org/view.php?id=CVE-2018-6777
In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220400. En Jiangmin Antivirus 16.0.0.100, el archivo del controlador (KVFG.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x220400. • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KVFG_220400 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6781
https://notcve.org/view.php?id=CVE-2018-6781
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008264. En Jiangmin Antivirus 16.0.0.100, el archivo del controlador (KSysCall.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x9A008264. • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KSysCall_9A008264 • CWE-20: Improper Input Validation •