CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2884
https://notcve.org/view.php?id=CVE-2014-2884
19 Mar 2018 — The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call. La función ProcessVolumeDeviceControlIrp en Ntdriver.c en TrueCrypt 7.1a permite que usuarios locales omitan las restricciones de acceso y obtengan información sensible sobre archivos arbitrarios mediante una llamada (1) TC_IOCTL_OPEN_TEST o (2) TC_IOC... • http://www.openwall.com/lists/oss-security/2014/04/17/7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2885
https://notcve.org/view.php?id=CVE-2014-2885
19 Mar 2018 — Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c. Múltiples desbordamientos de enteros en TrueCrypt 7.1a permiten que usuarios locales (1) obtengan información sensible median... • http://www.openwall.com/lists/oss-security/2014/04/17/7 • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2016-1281 – VeraCrypt 1.17 DLL Hijacking
https://notcve.org/view.php?id=CVE-2016-1281
18 Jul 2016 — Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application directory", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs. Vulnerabilidad de ruta de búsqueda no confiable en el instalador para TrueCrypt 7.2 y 7.1a, VerCrypt en versiones anteriores a... • http://seclists.org/fulldisclosure/2016/Jan/22 • CWE-426: Untrusted Search Path •