18 results (0.005 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. Upgrading to version 2.0.148.0 is able to address this issue. • https://shareforall.notion.site/MSI-Dragon-Center-NTIOLib_X64-0xC3506104-MmMapIoSpace-DOS-15160437bb1e801daf58d4aea052970e https://vuldb.com/?ctiid.286959 https://vuldb.com/?id.286959 https://vuldb.com/?submit.456017 https://www.msi.com/Landing/dragon-center-download/nb • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •

CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0

MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. MSI Afterburner v4.6.5.16370 afectado por una vulnerabilidad de pérdida de memoria del kernel al activar el código IOCTL 0x80002040 del controlador RTCore64.sys. El manejo del conductor sólo se puede obtener mediante un proceso de alta integridad. • https://fluidattacks.com/advisories/mingus https://www.msi.com/Landing/afterburner/graphics-cards • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. MSI Afterburner v4.6.5.16370 afectado por una vulnerabilidad de denegación de servicio al activar el código IOCTL 0x80002000 del controlador RTCore64.sys. El manejo del conductor sólo se puede obtener mediante un proceso de alta integridad. • https://fluidattacks.com/advisories/coltrane https://www.msi.com/Landing/afterburner/graphics-cards • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates. Las versiones de EXEMSI MSI Wrapper anteriores a 10.0.50 y al menos desde la versión 6.0.91 introducirán una vulnerabilidad de escalada de privilegios local en los instaladores que cree. • http://exemsi.com http://msi.com https://improsec.com/tech-blog/privilege-escalation-vulnerability-in-ninjarmm •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. Un problema en el componente MSI.TerminalServer.exe de MSI Center v1.0.41.0 permite a los atacantes escalar privilegios a través de un paquete TCP manipulado. • http://msi.com https://patsch.dev/2022/07/08/cve-2022-31877-privilege-escalation-in-msi-centers-msi-terminalserver-exe • CWE-345: Insufficient Verification of Data Authenticity •