CVE-2024-29216

MEDIUM Year: 2024
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.

Related Vulnerabilities

CVE-2020-15157

MEDIUM
CVSS:6.1(Medium)

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schem...

CWE-5222020

CVE-2020-8339

MEDIUM
CVSS:6.1(Medium)

A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability cou...

CWE-5222020

CVE-2023-42955

MEDIUM
CVSS:6.1(Medium)

Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue ha...

CWE-5222023

CVE-2019-10205

MEDIUM
CVSS:6.0(Medium)

A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write cont...

CWE-5222019

CVE-2019-4693

MEDIUM
CVSS:6.0(Medium)

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.

CWE-5222019

CVE-2019-4239

MEDIUM
CVSS:6.2(Medium)

IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.

CWE-5222019