CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1626 – Jianming Antivirus IoControlCode kvcore.sys memory corruption
https://notcve.org/view.php?id=CVE-2023-1626
A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been declared as critical. This vulnerability affects unknown code in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Attacking locally is a requirement. • https://drive.google.com/file/d/1soMFXUAYkCttFDA_icry6q-irb2jdAxw/view https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned31 https://vuldb.com/?ctiid.224008 https://vuldb.com/?id.224008 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-14955
https://notcve.org/view.php?id=CVE-2020-14955
In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440. En Jiangmin Antivirus versión 16.0.13.129, el archivo controlador (KVFG.sys) permite a usuarios locales causar una denegación de servicio (BSOD) o posiblemente tener otro impacto no especificado por no comprobar los valores de entrada desde IOCtl 0x220440 • https://github.com/intrigus-lgtm/CVE-2020-14955 https://github.com/y5s5k5/CVE-2020-14955 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6786
https://notcve.org/view.php?id=CVE-2018-6786
In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220840. En Jiangmin Antivirus 16.0.0.100, el archivo del controlador (KVFG.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x220840. • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KVFG_220840 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6785
https://notcve.org/view.php?id=CVE-2018-6785
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008254. En Jiangmin Antivirus 16.0.0.100, el archivo del controlador (KSysCall.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x9A008254. • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KSysCall_9A008254 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6782
https://notcve.org/view.php?id=CVE-2018-6782
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A0081DC. En Jiangmin Antivirus 16.0.0.100, el archivo del controlador (KSysCall.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x9A0081DC. • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KSysCall_9A0081DC • CWE-20: Improper Input Validation •