Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-3649

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Aug, 2017 | 16:00
Updated At-06 Aug, 2024 | 05:47
Rejected At-
Credits

The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Aug, 2017 | 16:00
Updated At:06 Aug, 2024 | 05:47
Rejected At:
▼CVE Numbering Authority (CNA)

The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39
x_refsource_MISC
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115
x_refsource_MISC
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/05/06/2
mailing-list
x_refsource_MLIST
http://www.securityfocus.com/bid/74469
vdb-entry
x_refsource_BID
http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
x_refsource_MISC
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39
Resource:
x_refsource_MISC
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115
Resource:
x_refsource_MISC
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25
Resource:
x_refsource_MISC
Hyperlink: http://www.openwall.com/lists/oss-security/2015/05/06/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/74469
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39
x_refsource_MISC
x_transferred
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115
x_refsource_MISC
x_transferred
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25
x_refsource_MISC
x_transferred
http://www.openwall.com/lists/oss-security/2015/05/06/2
mailing-list
x_refsource_MLIST
x_transferred
http://www.securityfocus.com/bid/74469
vdb-entry
x_refsource_BID
x_transferred
http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2015/05/06/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/74469
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Aug, 2017 | 16:29
Updated At:13 May, 2026 | 00:24

The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
open-uri-cached_project
open-uri-cached_project
>>open-uri-cached>>0.0.5
cpe:2.3:a:open-uri-cached_project:open-uri-cached:0.0.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/cve@mitre.org
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/05/06/2cve@mitre.org
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/74469cve@mitre.org
Third Party Advisory
VDB Entry
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115cve@mitre.org
Third Party Advisory
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25cve@mitre.org
Third Party Advisory
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39cve@mitre.org
Third Party Advisory
http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/05/06/2af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/74469af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2015/05/06/2
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/74469
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2015/05/06/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/74469
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

563Records found
CVE-2023-36719
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.79%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-09 Oct, 2025 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2022Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 11 version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows 10 Version 1809Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 11 version 22H3
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9547
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.35%
||
7 Day CHG~0.00%
Published-06 Dec, 2018 | 14:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8412
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.06% / 77.89%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." This affects Microsoft Office.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_for_macMicrosoft Office
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0526
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.36%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 20:02
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html

Action-Not Available
Vendor-Intel Corporation
Product-nuc_kit_nuc7i5bnknuc_board_d34010wybnuc_kit_nuc8i7beknuc_kit_nuc7i5dnhenuc_8_enthusiast_pc_nuc8i7bekqa_firmwarenuc_7_enthusiast_pc_nuc7i7bnhxgnuc_kit_nuc7i3bnhx1_firmwarenuc_7_home_a_mini_pc_nuc7i3bnhxfnuc_8_mainstream-g_kit_nuc8i7inh_firmwarenuc_kit_nuc6i5syk_firmwarenuc_kit_nuc5i5ryk_firmwarecompute_stick_stk1a32sc_firmwarenuc_kit_nuc6i3syh_firmwarenuc_kit_nuc5i5myhenuc_8_mainstream-g_kit_nuc8i5inhnuc_kit_nuc5i5ryknuc_kit_nuc7i5bnhnuc_kit_nuc5i3myhenuc_kit_nuc7i7dnkenuc_kit_nuc7i3bnknuc_board_nuc5i3mybe_firmwarenuc_kit_nuc7i5dnke_firmwarenuc_kit_nuc5i7ryh_firmwarenuc_kit_nuc7i7bnhnuc_kit_nuc7i3bnh_firmwarenuc_8_home_pc_nuc8i3cysmnuc_kit_nuc7i3bnhx1nuc_8_business_pc_nuc8i7hnkqcnuc_kit_nuc6i7kyk_firmwarenuc_kit_de3815tykhenuc_7_home_a_mini_pc_nuc7i5bnhxf_firmwarenuc_board_nuc7i7dnbenuc_kit_nuc7i5bnh_firmwarenuc_board_de3815tybe_firmwarenuc_board_d54250wyb_firmwarecompute_stick_stk2m3w64cc_firmwarenuc_kit_nuc5i3ryhsnuc_kit_d34010wyknuc_7_home_a_mini_pc_nuc7i3bnhxf_firmwarecompute_stick_stck1a8lfc_firmwarecompute_stick_stk1aw32sc_firmwarecompute_stick_stk1aw32scnuc_kit_nuc6cayh_firmwarenuc_kit_nuc7i5bnhx1_firmwarenuc_kit_nuc7i3bnk_firmwarenuc_kit_nuc5i5ryh_firmwarenuc_8_mainstream-g_kit_nuc8i5inh_firmwarenuc_kit_nuc7i7bnhx1nuc_kit_nuc5i5myhe_firmwarenuc_kit_nuc5i3ryh_firmwarenuc_8_rugged_kit_nuc8cchkr_firmwarecompute_stick_stk2m364ccnuc_kit_nuc6cays_firmwarecompute_stick_stk2m364cc_firmwarenuc_kit_nuc7i7dnke_firmwarenuc_kit_nuc6i3syhnuc_board_nuc7i3dnbe_firmwarenuc_kit_nuc7i7dnhenuc_kit_d54250wyknuc_kit_nuc7i3dnhe_firmwarenuc_kit_nuc5i3myhe_firmwarecompute_stick_stck1a32wfcnuc_kit_nuc7i5dnkenuc_7_home_a_mini_pc_nuc7i5bnkp_firmwarenuc_8_mainstream-g_mini_pc_nuc8i7inh_firmwarenuc_kit_d54250wyk_firmwarenuc_kit_nuc7pjyhnuc_kit_de3815tykhe_firmwarecompute_stick_stk1a32scnuc_kit_nuc5i3ryknuc_8_mainstream-g_mini_pc_nuc8i7inhnuc_kit_nuc5i3ryhs_firmwarenuc_board_nuc8cchbnuc_board_nuc5i5mybenuc_kit_nuc8i7hnknuc_7_essential_pc_nuc7cjysalnuc_board_d54250wybcompute_stick_stk2m3w64ccnuc_board_nuc5i3mybenuc_7_essential_pc_nuc7cjysal_firmwarenuc_kit_nuc7i5bnhx1nuc_kit_nuc6i3syk_firmwarenuc_kit_nuc7i3dnhenuc_kit_nuc5i3ryk_firmwarenuc_board_nuc8cchb_firmwarenuc_kit_nuc7i5dnhe_firmwarenuc_kit_nuc8i7hnk_firmwarecompute_stick_stck1a8lfcnuc_8_home_pc_nuc8i3cysm_firmwarenuc_kit_d34010wykhnuc_kit_nuc7cjyhnuc_board_nuc5i5mybe_firmwarenuc_kit_d54250wykh_firmwarenuc_board_nuc7i5dnbenuc_kit_nuc5cpyhnuc_kit_nuc6caysnuc_board_nuc7i7dnbe_firmwarenuc_kit_nuc7i7bnh_firmwarenuc_kit_nuc7i3dnke_firmwarenuc_8_business_pc_nuc8i7hnkqc_firmwarenuc_8_enthusiast_pc_nuc8i7bekqanuc_kit_nuc6i5syhnuc_board_nuc7i3dnbenuc_kit_nuc5i3ryhnuc_kit_nuc6cayhnuc_kit_nuc5ppyhnuc_kit_nuc8i7bek_firmwarenuc_8_mainstream-g_kit_nuc8i7inhnuc_board_nuc7i5dnbe_firmwarenuc_board_d34010wyb_firmwarenuc_kit_nuc5i3ryhsn_firmwarenuc_kit_nuc5i7ryhnuc_kit_nuc5pgyh_firmwarenuc_kit_nuc7i5bnk_firmwarenuc_kit_nuc5i5ryhsnuc_kit_nuc7i7bnhx1_firmwarenuc_kit_nuc5pgyhnuc_8_rugged_kit_nuc8cchkrnuc_kit_nuc6i5syknuc_kit_nuc5i5ryhs_firmwarenuc_kit_nuc7cjyh_firmwarenuc_kit_nuc7pjyh_firmwarenuc_7_enthusiast_pc_nuc7i7bnhxg_firmwarenuc_kit_nuc6i5syh_firmwarenuc_kit_nuc5cpyh_firmwarenuc_kit_nuc5ppyh_firmwarenuc_kit_d54250wykhcompute_stick_stck1a32wfc_firmwarenuc_kit_d34010wyk_firmwarenuc_kit_nuc6i7kyknuc_kit_nuc7i7dnhe_firmwarenuc_7_home_a_mini_pc_nuc7i5bnhxfnuc_kit_nuc5i5ryhnuc_kit_nuc6i3syknuc_board_de3815tybenuc_kit_d34010wykh_firmwarenuc_7_home_a_mini_pc_nuc7i5bnkpnuc_kit_nuc7i3dnkenuc_kit_nuc7i3bnhnuc_kit_nuc5i3ryhsnIntel(R) NUC Firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8232
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.47%
||
7 Day CHG~0.00%
Published-11 Jul, 2018 | 00:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual Studio.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2017Microsoft Visual Studio
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5957
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.76%
||
7 Day CHG~0.00%
Published-21 Jan, 2018 | 22:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C.

Action-Not Available
Vendor-zillyan/a
Product-zillya\!_antivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6176
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.40%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4054
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9||CRITICAL
EPSS-0.05% / 14.40%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to successfully exploit this flaw.

Action-Not Available
Vendor-pixarTalos (Cisco Systems, Inc.)
Product-rendermanPixar Renderman
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0166
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 3.38%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:10
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of URI.java, there is a possible escalation of privilege due to missing validation in the parceling of URI information. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526860

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5441
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.14%
||
7 Day CHG~0.00%
Published-30 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.

Action-Not Available
Vendor-n/aPhoenix Contact GmbH & Co. KG
Product-mguard_rs4000_tx\/tx_vpnmguard_rs4000_4g_vpn_firmwaremguard_delta_tx\/tx_firmwaremguard_smart2mguard_rs2000_3g_vpn_firmwaremguard_rs2000_3g_vpnmguard_rs4000_tx\/tx_vpn-mmguard_rs4000_tx\/tx-pmguard_rs4000_tx\/tx_vpn-m_firmwaremguard_smart2_firmwaremguard_core_tx_vpnmguard_rs2000_4g_vpnmguard_rs2000_tx\/tx_vpnmguard_rs4000_tx\/tx_vpn_firmwaremguard_smart2_vpn_firmwaremguard_rs2005_tx_vpn_firmwaremguard_rs4000_tx\/tx_firmwaremguard_centerport_firmwaremguard_centerportmguard_gt\/gtmguard_smart2_vpnmguard_rs4000_3g_vpnmguard_rs2000_tx\/tx_vpn_firmwaremguard_rs4000_tx\/tx-p_firmwaremguard_rs4000_4g_vpnmguard_rs2000_tx\/tx-b_firmwaremguard_delta_tx\/tx_vpnmguard_rs4004_tx\/dtxmguard_rs4004_tx\/dtx_vpn_firmwaremguard_delta_tx\/txmguard_rs2000_4g_vpn_firmwaremguard_gt\/gt_firmwaremguard_rs4004_tx\/dtx_vpnmguard_delta_tx\/tx_vpn_firmwaremguard_pcie4000_vpn_firmwaremguard_rs4000_tx\/txmguard_rs4004_tx\/dtx_firmwaremguard_gt\/gt_vpnmguard_pcie4000_vpnmguard_core_tx_vpn_firmwaremguard_rs4000_3g_vpn_firmwaremguard_pci4000_vpn_firmwaremguard_gt\/gt_vpn_firmwaremguard_pci4000_vpnmguard_rs2005_tx_vpnmguard_rs2000_tx\/tx-bPHOENIX CONTACT mGuard
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5279
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.48%
||
7 Day CHG~0.00%
Published-08 Jan, 2018 | 05:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).

Action-Not Available
Vendor-malwarebytesn/amalwarebytes
Product-malwarebytesn/amalwarebytes
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4992
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.92%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-creative_cloudCreative Cloud Desktop Application 4.4.1.298 and earlier versions
CWE ID-CWE-20
Improper Input Validation
CVE-2019-9441
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.21%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 21:46
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2018-3650
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.96%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 15:00
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.

Action-Not Available
Vendor-Intel Corporation
Product-distribution_for_pythonIntel Distribution for Python
CWE ID-CWE-20
Improper Input Validation
CVE-2018-3582
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.41%
||
7 Day CHG~0.00%
Published-12 Jun, 2018 | 20:00
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4006
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 11.64%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:35
Updated-05 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully.

Action-Not Available
Vendor-shimovpnn/a
Product-shimo_vpnShimo VPN
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4005
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 11.64%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:15
Updated-05 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.

Action-Not Available
Vendor-shimovpnn/a
Product-shimo_vpnShimo VPN
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30659
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 14.34%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30656
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 13.87%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30657
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 14.34%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31035
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 10.21%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 18:31
Updated-30 Aug, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100DGX A100dgx_a100_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30655
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 13.87%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30712
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 27.14%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 03:11
Updated-26 Sep, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38811
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-0.13% / 31.60%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 09:47
Updated-17 Sep, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code-execution vulnerability

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-fusionFusionfusion
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30663
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.56%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-31 Oct, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30664
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 13.87%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-31 Oct, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2018-20669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.26%
||
7 Day CHG~0.00%
Published-18 Mar, 2019 | 16:33
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kernelcn1610hci_management_nodecn1610_firmwaresnapprotectsolidfiren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.75%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenserverxenn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31008
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.08% / 22.66%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:55
Updated-24 Sep, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29495
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.28%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:03
Updated-09 May, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_8_mainstream-g_kit_nuc8i5inhnuc_8_mainstream-g_kit_nuc8i5inh_firmwarenuc_8_mainstream-g_kit_nuc8i7inhnuc_8_mainstream-g_kit_nuc8i7inh_firmwareIntel NUC BIOS firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29359
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 38.59%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GDI Elevation of Privilege Vulnerability

GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38052
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.21% / 87.20%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-10 Feb, 2026 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29371
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.24% / 79.52%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Elevation of Privilege Vulnerability

Windows GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28574
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9||CRITICAL
EPSS-0.06% / 18.48%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-02 Aug, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Core

Memory corruption in core services when Diag handler receives a command to configure event listeners.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830sxr2230p_firmwareqca8337qam8650pqfw7124sg8275p_firmwarewcn785x-5qam8775pqru1052qcn6224_firmwarewsa8840wcn3950_firmwareqca6595au_firmwaresnapdragon_x70_modem-rf_systemwcd9370ssg2115pqdu1110wcn685x-1wcn3990_firmwaresnapdragon_8_gen_2_mobile_platformqamsrv1hwcd9385_firmwarewcn3950qcn6024_firmwareqamsrv1h_firmwaresa9000p_firmwareqca6320_firmwaresnapdragon_835_mobile_pc_platform_firmwaresnapdragon_4_gen_2_mobile_platformqca6595auqca8081_firmwarewsa8845h_firmwareqfw7114qca6310snapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwaresnapdragon_x70_modem-rf_system_firmwarewsa8840_firmwareqca6698aqqcs8550_firmwaresc8380xp_firmwarewcn3988_firmwareqru1062_firmwaresrv1hwcd9340wsa8810_firmwareqcn6224wsa8845hsnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresnapdragon_x75_5g_modem-rf_systemwcd9335qdu1000_firmwareqca8081wcd9395_firmwareqca6698aq_firmwareqcm4490wcn685x-1_firmwarewcd9385wcd9341qam8775p_firmwaresa8255pqca6696_firmwareqca6797aqar8035qru1052_firmwarewcd9390qcc710_firmwarewsa8830_firmwarewcn3988wsa8815_firmwarewsa8835_firmwarewcn6750_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcn785x-1qca8337_firmwarewcd9380_firmwaressg2125pwcn3990qca6595qru1032qcm8550snapdragon_835_mobile_pc_platformqdu1010_firmwareqdx1011qdu1000wsa8835sxr1230p_firmwareqdu1110_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwareqcn6274wcd9380snapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwarewcn685x-5_firmwaresxr1230psg8275pqca6310_firmwarewcn6750wcd9335_firmwareqfw7114_firmwareqru1062wsa8845sa8650psa9000pwcd9340_firmwarewsa8815sxr2230pqca6320qru1032_firmwarewsa8845_firmwaresc8380xpsd835qcn9024wcn785x-5_firmwareqcm4490_firmwareqcn6274_firmwareqcs4490_firmwaresnapdragon_x65_5g_modem-rf_systemsa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwaresrv1h_firmwarewcn685x-5qca6797aq_firmwareqdu1010wcn785x-1_firmwareqdx1011_firmwareqcn9024_firmwarewcd9341_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8810wsa8832qdx1010_firmwaresm8550psnapdragon_ar2_gen_1_platformsd835_firmwareqam8650p_firmwareqcc710qcs4490qca6595_firmwarewcd9395qca6696qcs8550wcd9370_firmwaresm8550p_firmwareqdx1010wcd9390_firmwareqcn6024qdu1210ssg2115p_firmwareqfw7124_firmwareqam8255pqdu1210_firmwarear8035_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-28738
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.60%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:03
Updated-21 Oct, 2024 | 12:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_kit_nuc7cjyhn_firmwarenuc_kit_nuc7cjysalnuc_kit_nuc7cjyhnuc_kit_nuc7cjyh_firmwarenuc_kit_nuc7cjyhnnuc_kit_nuc7pjyh_firmwarenuc_kit_nuc7cjysal_firmwarenuc_kit_nuc7pjyhn_firmwarenuc_kit_nuc7pjyhnnuc_7_essential_nuc7cjysamnnuc_kit_nuc7pjyhnuc_7_essential_nuc7cjysamn_firmwareIntel NUC BIOS firmwareintel_nuc_bios_firmware
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5780
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.63%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Apple Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoramacosenterprise_linux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28578
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.07% / 21.27%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Services

Memory corruption in Core Services while executing the command for removing a single event listener.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwareimmersive_home_214sd865_5gqca6595ipq6028_firmwareqca8081_firmwareqcn9001snapdragon_670_mobilesnapdragon_x50_5g_modem-rf_systemwcd9340_firmwareipq5028_firmwarewcd9395_firmwareqcn6024ar9380qcc710_firmwareqca6426snapdragon_8\+_gen_1_mobilefastconnect_6700qcn6422_firmwareqcn5124_firmwaresnapdragon_782g_mobile_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_665_mobile_firmwaresc8180xp-aaabqca6574au_firmwareipq8078a_firmwareqam8295pwcd9341sd626_firmwareipq5312snapdragon_x12_lte_modemsnapdragon_888\+_5g_mobile_firmwarewsa8810_firmwaresd730_firmwarewsa8845h_firmwaresa9000p_firmwaresc8180xp-acafsnapdragon_850_mobile_computefastconnect_6800_firmwarefsm10055sd835_firmwarevideo_collaboration_vc1_platform_firmwaresa8770pqcn9000snapdragon_678_mobile_firmwaresa8540pqsm8250_firmwareqsm8350_firmwareqcn6432video_collaboration_vc1_platformqep8111sa7255psnapdragon_730_mobile_firmwarewcd9385_firmwareqca6421vision_intelligence_200qca6310ipq8074a_firmwareipq8076awcd9360snapdragon_680_4g_mobilesa6155pqca6564au_firmwareqca8075qam8650pvideo_collaboration_vc5_platform_firmwaresa9000psnapdragon_835_mobilesnapdragon_888_5g_mobile_firmwaresnapdragon_662_mobile_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwaresd835snapdragon_4_gen_2_mobile_firmwareqca6436_firmwareipq8070a_firmwareqcn5021_firmwareqcn9070snapdragon_695_5g_mobile_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwareqca6420wcn3910csrb31024snapdragon_x70_modem-rf_system_firmwaremdm9250_firmwaresnapdragon_712_mobilesnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_835_mobile_firmwarewcn3660bqca6574aqca6174awcd9340qcs8250_firmwareqcm2290qdu1210snapdragon_auto_5g_modem-rf_gen_2qcn6122_firmwareqcn5154_firmwaresm8550p_firmwareqcm8550wcn3988snapdragon_765_5g_mobile_firmwareqcn5122_firmwareqcn9024pmp8074vision_intelligence_300_firmwareqca6574snapdragon_x75_5g_modem-rf_systemqamsrv1hqcn6412_firmwaresdx57mqcs410qcm2290_firmwarevision_intelligence_100sa8155pqca8072_firmwaresnapdragon_765g_5g_mobile_firmwarewsa8830smart_display_200_firmwareipq5312_firmwaresm8550pqcf8000_firmwaresa6145psnapdragon_625_mobile_firmwareimmersive_home_318_firmwareqcn6122sa8255p_firmwaresnapdragon_4_gen_2_mobilesnapdragon_7c_compute_firmwareqrb5165m_firmwaresa8650p_firmwareimmersive_home_216_firmwareqca9985immersive_home_316snapdragon_865\+_5g_mobile_firmwareipq8071aqcn6112wcn3950_firmwareqrb5165nfastconnect_6200sm7325p_firmwaresd460wcd9360_firmwaresc8180x-acaf_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_660_mobile_firmwareqdx1011snapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwarerobotics_rb3_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwaresnapdragon_8_gen_3_mobilesnapdragon_855_mobilesc8180xp-acaf_firmwareqcn9072qcn6224_firmwarevision_intelligence_100_firmwareqca6431sd660_firmwaresnapdragon_480_5g_mobilesnapdragon_750g_5g_mobile_firmwaresdx57m_firmwareimmersive_home_216srv1msxr2130_firmwaresnapdragon_860_mobile_firmwarear8035_firmwaresnapdragon_778g\+_5g_mobileqrb5165msc8380xpqca6320qca4024_firmwareqca0000_firmwaresd888_firmwareqcs6125_firmwareqca9992_firmwareqca9990ipq8070qcn9074wsa8815_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareipq8173snapdragon_665_mobilesm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_730g_mobile_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq5028qca9986qcn9070_firmwaresnapdragon_778g\+_5g_mobile_firmwaresa8295p_firmwaresmart_audio_400_firmwaresd_675_firmwareqca9984ipq5010_firmwareqcn9022_firmwaresnapdragon_720g_mobilesm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresc8180x-acafsd888fsm10055_firmwareqru1062_firmwarefsm10056sd460_firmwaresnapdragon_675_mobile_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_768g_5g_mobilesc8380xp_firmwareipq8065qru1062qca6310_firmwaresd626fastconnect_6800qcs7230snapdragon_865_5g_mobile_firmwareipq5302_firmwareqcn9001_firmwarewcd9371fastconnect_6900_firmwarerobotics_rb5_firmwareqca8075_firmwareqcf8000sc8180x-aaab_firmwarevideo_collaboration_vc3_platformqca9980_firmwareqca9985_firmwareqca6431_firmwareqcn6402_firmwareqca6698aq_firmwareqcs2290qcs2290_firmwaresnapdragon_xr2\+_gen_1_firmwarewcn3615wcn3999_firmwaresa8255pqcs7230_firmwarewcd9390_firmwareqcn5024qep8111_firmwareqca6430snapdragon_855\+_mobilesnapdragon_765_5g_mobileimmersive_home_326qdx1011_firmwaresnapdragon_860_mobilesc8180xp-ad_firmwaresnapdragon_auto_5g_modem-rfflight_rb5_5g_firmwaressg2125pqru1052csra6640_firmwareqamsrv1mqam8650p_firmwarevideo_collaboration_vc5_platformqca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqdu1010_firmwareipq8068qcs4290_firmwarecsra6620qca8081sd660wsa8815qam8775pqca9377snapdragon_ar2_gen_1_firmwareqcm4325_firmwareqcn6412qcm4290_firmwaresnapdragon_720g_mobile_firmwareqca9888_firmwareqca9889qcn5024_firmwareqcn9002_firmwareimmersive_home_318ipq5010qcn9274_firmwaresnapdragon_710_mobilesg4150p_firmwareqru1052_firmwarecsra6620_firmwareqcs8550ipq8068_firmwaresa8650psnapdragon_626_mobileqam8775p_firmwaresd865_5g_firmwarepmp8074_firmwaresnapdragon_xr1wcd9375qca9889_firmwaresnapdragon_ar2_gen_1snapdragon_636_mobilesa8145psd_675snapdragon_8\+_gen_1_mobile_firmwarecsr8811smart_display_200qdx1010wcn3680b_firmwaresnapdragon_8_gen_1_mobile_firmwareqcm8550_firmwareqcs410_firmwarerobotics_rb3sa6150p_firmwaresw5100pipq9574qcn9000_firmwareqcn6102_firmwaresxr1120qcn9022qcs610_firmwarewcd9335wcd9370qca8072snapdragon_7c_gen_2_compute_firmwareqca6696wcd9341_firmwareqcn9003_firmwareipq8076wcn6740_firmwareipq6018_firmwaresnapdragon_750g_5g_mobileqca9984_firmwareqcn6023snapdragon_685_4g_mobilesnapdragon_780g_5g_mobilevision_intelligence_200_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqca9994_firmwareqdu1110snapdragon_auto_4g_modemipq8078asnapdragon_690_5g_mobile_firmwareqca6574auwcd9390csra6640snapdragon_778g_5g_mobile_firmwaresrv1hqcn9100_firmwarewcn3660b_firmwareqcn5122sd730snapdragon_690_5g_mobileqcn6024_firmwaresnapdragon_636_mobile_firmwareqca9886_firmwaresnapdragon_712_mobile_firmwaresnapdragon_625_mobileqcm6125_firmwarec-v2x_9150ssg2115pqcc710qcn6132_firmwaresnapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresxr1120_firmwareqcn5054315_5g_iot_modem_firmwarefastconnect_6900qcn6402snapdragon_w5\+_gen_1_wearable_firmwareimmersive_home_326_firmwareqru1032_firmwareipq5332_firmwareqcn5052fsm10056_firmwareqca9980qfw7114315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwareipq8064sa8155_firmwareqcn5164qca6335qcs4490snapdragon_730_mobilemdm9250wsa8845snapdragon_626_mobile_firmwareqcn6100_firmwareqca6421_firmwareqcm6125sc8180x-adcsr8811_firmwarewsa8810qcn5021qdu1000_firmwareqsm8250srv1h_firmwareqcn6100qca6595ausnapdragon_888_5g_mobilesm7315_firmwareqdu1010wcd9326_firmwaresnapdragon_845_mobile_firmwarewsa8840srv1m_firmwareqcs8550_firmwaresnapdragon_730g_mobilesnapdragon_782g_mobileqdu1210_firmwareqca9986_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwareqcn9012wcd9371_firmwareqcs4490_firmwarewcn3910_firmwaresdx71msnapdragon_460_mobilesnapdragon_8_gen_2_mobilewcd9370_firmwareqdu1110_firmwareqdu1000sa7255p_firmwareipq9570snapdragon_8\+_gen_2_mobilesa8195pqca6335_firmwareqcm6490ipq5302sa8540p_firmwaresnapdragon_662_mobileqcn9274ipq8076a_firmwaresa8775pipq9570_firmwaresxr2230p_firmwarear9380_firmwaresd675_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwareqcn9011sa8775p_firmwaresmart_audio_400qcn9024_firmwarewsa8845hsa6150pwcd9326sa8155p_firmwaresnapdragon_630_mobileqca6564aqcn9074_firmwaresnapdragon_768g_5g_mobile_firmwaresnapdragon_7c_gen_2_computeipq8174sc8180x\+sdx55_firmwareipq8174_firmwarear8035ipq8072aqamsrv1m_firmwaresa6155qcm4325qcn6224sc8180x\+sdx55qca6698aqssg2125p_firmwaresm6250snapdragon_480\+_5g_mobilesd670wcn3680bsa8145p_firmwaresa8150p_firmwarefastconnect_6700_firmwarewcn3990qcn9002ipq8078qcs6490qcs8250snapdragon_695_5g_mobileipq9554_firmwaresnapdragon_778g_5g_mobilefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwaresnapdragon_460_mobile_firmwareqca6678aq_firmwareqca8386_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqca6678aqqcn6432_firmwareqcn5022_firmwaresc8180xp-aaab_firmwareqca9992ipq9554qca6564ausc8180xp-adsm6250p_firmwaresc8280xp-abbbsa8195p_firmwareqcm4290qcn5054_firmwareqca9888ipq5332sd_455_firmwarear8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwareipq8072a_firmwaresnapdragon_xr2\+_gen_1sm4125qcm4490_firmwareqru1032vision_intelligence_400_firmwareqcn6112_firmwareqcs6125flight_rb5_5gsnapdragon_870_5g_mobile_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_732g_mobilesnapdragon_870_5g_mobilesnapdragon_678_mobilesd_455qca9886qcn6132sm6250_firmwaresc8180x-ad_firmwaresnapdragon_7c_computeqcn6102qca6584auqca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwarewcn6740snapdragon_780g_5g_mobile_firmwaresnapdragon_845_mobilesnapdragon_8_gen_3_mobile_firmwareqfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareqcn6422snapdragon_675_mobileimmersive_home_214_firmwareipq8070awcd9380sa6145p_firmwareqam8255psa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_xr2_5gsa8150pqcn9003immersive_home_3210qcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x35_5g_modem-rf_systemsc8180x-aaabsxr1230psd662_firmwareipq6010sw5100aqt1000snapdragon_4_gen_1_mobile_firmwarec-v2x_9150_firmwareqam8295p_firmwaresd855wcn3990_firmwaresm7315snapdragon_660_mobileqca6564a_firmwarewcd9385qca9994qsm8350snapdragon_888\+_5g_mobilesnapdragon_8_gen_1_mobilesnapdragon_630_mobile_firmwaresd662snapdragon_680_4g_mobile_firmwareqcs4290sxr1230p_firmwaresnapdragon_865\+_5g_mobilesg8275psdx71m_firmwaresm6250psdx55_firmwareipq8071a_firmwarewcn3615_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_480\+_5g_mobile_firmwarerobotics_rb5qca6174a_firmwaresm7325psnapdragon_732g_mobile_firmwaresnapdragon_670_mobile_firmwareaqt1000_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274qfw7124qca6595au_firmwareqca0000sw5100p_firmwareqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150psd_8_gen1_5gqcn5124ipq8064_firmwareqca6797aqqcn5152ipq8065_firmwareqca6574a_firmwaresdx55qcn9072_firmwaresnapdragon_4_gen_1_mobilesnapdragon_865_5g_mobileipq8074aimmersive_home_3210_firmwaresd675snapdragon_855\+_mobile_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwareqca8386qca6391snapdragon_x70_modem-rf_systemipq8173_firmwareqcn9012_firmwaresa8770p_firmwaresa8295psnapdragon_x50_5g_modem-rf_system_firmwaresc8280xp-abbb_firmwarefastconnect_7800snapdragon_8\+_gen_2_mobile_firmwareipq8078_firmwarevision_intelligence_300snapdragon_765g_5g_mobilewcn3988_firmwareimmersive_home_316_firmwareqamsrv1h_firmwareipq8070_firmwareqcn5154sd_8cxvision_intelligence_400ssg2115p_firmwarewsa8835_firmwareqcn5022snapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_w5\+_gen_1_wearableqcs610Snapdragonsnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_720g_mobile_platform_firmwarequalcomm_video_collaboration_vc1_platform_firmwarewsa8832_firmwareqca6431_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareflight_rb5_5g_platform_firmwareipq8070_firmwareqcn6102_firmwaresd888_firmwareqcn9024_firmwareqcn9070_firmwarewsa8835_firmwareqcn6422_firmwaresd670_firmwarecsr8811_firmwarefastconnect_6700_firmwareipq8076a_firmwaresnapdragon_x12_lte_modem_firmwareqcn9022_firmwaremdm9250_firmwaresa8155p_firmwareqcn6224_firmwareqca6420_firmwareqcn5052_firmwareqcn5164_firmwarecsrb31024_firmwareimmersive_home_3210_platform_firmwareqca9994_firmwareqca9377_firmwaresd626_firmwaresm7315_firmwareqcn6100_firmwareqcn6402_firmwarevision_intelligence_400_platform_firmwaresd835_firmwarewcd9385_firmwareqca9990_firmwarefastconnect_7800_firmwarepmp8074_firmwareipq8078_firmwaressg2125p_firmwarewcd9360_firmwarecsra6620_firmwaresa8155_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn6024_firmwareqamsrv1m_firmwareipq8070a_firmwareqcn6274_firmwareipq5302_firmwareqcn5152_firmwareqam8650p_firmwarec-v2x_9150_firmwareqsm8250_firmwarewcn3950_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqcn6432_firmwaresrv1m_firmwareimmersive_home_316_platform_firmwareqrb5165n_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqcn5024_firmwaresa8195p_firmwareqcn9003_firmwareipq8173_firmwarewcn3910_firmwareqcn9012_firmwaresd_8cx_firmwareqcn9100_firmwareqdx1011_firmwaresw5100_firmwaresa9000p_firmwarear8035_firmwaresnapdragon_695_5g_mobile_platform_firmware315_5g_iot_modem_firmwarewsa8845_firmwaresd660_firmwareqca8075_firmwareqca6574au_firmwaresdx71m_firmwareqcn9274_firmwareipq8071a_firmwareqca6678aq_firmwaresm4125_firmwareqcn5122_firmwareipq8068_firmwarewcn3980_firmwareqca4024_firmwaresnapdragon_626_mobile_platform_firmwareqcn9000_firmwareqcm6125_firmwarewcn3660b_firmwareqca6696_firmwareimmersive_home_326_platform_firmwareqsm8350_firmwareqcn5054_firmwaresnapdragon_xr1_platform_firmwareqca8337_firmwareqca9985_firmwareqcn5154_firmwarefsm10056_firmwareqca6595au_firmwareqamsrv1h_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_ar2_gen_1_platform_firmwareipq9570_firmwarewcd9395_firmwareqdu1010_firmwaresg4150p_firmwareqca6174a_firmwareqcn9072_firmwareqca6391_firmwaresnapdragon_x70_modem-rf_system_firmwareipq6010_firmwarewcd9370_firmwarewsa8840_firmwareqam8775p_firmwarewcd9371_firmwarerobotics_rb3_platform_firmwareqca9986_firmwaresw5100p_firmwareqcm4325_firmwaresnapdragon_865_5g_mobile_platform_firmwarewsa8830_firmwareqam8295p_firmwareqca6320_firmwareqca6574_firmwaresd_675_firmwareqca9984_firmwarewcd9335_firmwaresnapdragon_630_mobile_platform_firmwareqcn6112_firmwarear8031_firmwareqcm4490_firmwareqcn6023_firmwareqca8072_firmwareqcm2290_firmwaresnapdragon_480_5g_mobile_platform_firmwaresnapdragon_662_mobile_platform_firmwareipq5028_firmwareqdx1010_firmwareqcs610_firmwareipq6028_firmwarewsa8815_firmwareipq8072a_firmwarewcn3990_firmwareipq9574_firmwareqrb5165m_firmwareqca6430_firmwaresd865_5g_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqca6426_firmwaresnapdragon_auto_4g_modem_firmwaresc8380xp_firmwaresdx55_firmwaresmart_audio_400_platform_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca6421_firmwarefsm10055_firmwareimmersive_home_214_platform_firmwareqam8255p_firmwareqca6310_firmwaresa8650p_firmwarear9380_firmwareqcn6132_firmwareqcn6412_firmwareqca6574a_firmwaresd_455_firmwareqcs4490_firmwareqcn5124_firmwareipq8065_firmwaresdx57m_firmwaresa8150p_firmwareqcs7230_firmwaresrv1h_firmwaresd855_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresa8255p_firmwaresm7325p_firmwarewcn3988_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_855_mobile_platform_firmwareqcm6490_firmwareipq8064_firmwareipq8076_firmwareipq8074a_firmwarefastconnect_6200_firmwareqca8386_firmwaresm6250_firmwaresa6155_firmwaresm7250p_firmwaresnapdragon_675_mobile_platform_firmwareqca6698aq_firmwareqca8081_firmwaresnapdragon_680_4g_mobile_platform_firmwaresa8770p_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_636_mobile_platform_firmwarecsra6640_firmwaresxr1120_firmwarewcd9341_firmwarewsa8845h_firmwareqca9992_firmwareqcm8550_firmwareqdu1110_firmwareqca6436_firmwaresd662_firmwareqca6595_firmwareqca0000_firmwaresa7255p_firmwarewcd9326_firmwareqcn9011_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarevision_intelligence_300_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6564a_firmwareqca6335_firmwareqca9889_firmwaresnapdragon_625_mobile_platform_firmwareipq6018_firmwaresnapdragon_690_5g_mobile_platform_firmwareipq9554_firmwareqca9980_firmwarewcd9340_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6800_firmwareqcn5022_firmwareqcs6125_firmwareqcc710_firmwareqcf8000_firmwaresa6155p_firmwareqcn9002_firmwareqcn9074_firmwarewcn6740_firmwaresd_8_gen1_5g_firmwareqcs8550_firmwaresa8540p_firmwareipq5312_firmwareqca6564au_firmwaresnapdragon_xr2_5g_platform_firmwareqcn9001_firmwaresm6250p_firmwareqep8111_firmwareqcn6122_firmwaresa8775p_firmwareimmersive_home_318_platform_firmwarewcn3615_firmwarewcd9390_firmwareaqt1000_firmwaresm8550p_firmwarewcn3999_firmwareqcs6490_firmwaresnapdragon_850_mobile_compute_platform_firmwaresd675_firmwareipq8078a_firmwaresa6145p_firmwaresnapdragon_835_mobile_pc_platform_firmwaresa8295p_firmwaresnapdragon_845_mobile_platform_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa6150p_firmwaresxr1230p_firmwareqfw7124_firmwareipq8174_firmwarefastconnect_6900_firmwareqdu1000_firmwareqca9888_firmwaresxr2130_firmwarewcd9380_firmwareqca6584au_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8810_firmwareimmersive_home_216_platform_firmwareqcn5021_firmwareqfw7114_firmwaresd730_firmwaresxr2230p_firmwaressg2115p_firmwaresg8275p_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresa8145p_firmwaresd460_firmwareqru1052_firmwarequalcomm_video_collaboration_vc3_platform_firmwarerobotics_rb5_platform_firmwareqdu1210_firmwareqcs4290_firmwareqca9886_firmwareqru1062_firmwareqcs2290_firmwaresnapdragon_460_mobile_platform_firmwareqca6797aq_firmwarewcn3680b_firmwareipq5010_firmwaresnapdragon_712_mobile_platform_firmwaresnapdragon_665_mobile_platform_firmwareqru1032_firmwareqcs410_firmwareipq5332_firmwareqcm4290_firmwareqcs8250_firmwarewcd9375_firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-48624
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.08%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 16:57
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27519
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-11 Jun, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-optane_memory_h20_with_solid_state_storageoptane_ssd_dc_p4800x_firmwareoptane_ssd_dc_p4801x_firmwareoptane_ssd_905poptane_ssd_900poptane_ssd_dc_p4801xoptane_memory_h20_with_solid_state_storage_firmwareoptane_ssd_dc_p4800xoptane_ssd_905p_firmwareoptane_ssd_900p_firmwareIntel(R) Optane(TM) SSD products
CWE ID-CWE-20
Improper Input Validation
CVE-2018-16720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.76%
||
7 Day CHG~0.00%
Published-23 Nov, 2020 | 20:33
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304.

Action-Not Available
Vendor-v-securen/a
Product-jingyun_antivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38196
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.29% / 92.35%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:29
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-20
Improper Input Validation
CVE-2018-16722
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.76%
||
7 Day CHG~0.00%
Published-23 Nov, 2020 | 20:33
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305.

Action-Not Available
Vendor-v-securen/a
Product-jingyun_antivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-7817
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.16% / 36.16%
||
7 Day CHG~0.00%
Published-24 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGNUDebian GNU/Linux
Product-glibcdebian_linuxubuntu_linuxopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-26587
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-easy_streaming_wizardIntel(R) Easy Streaming Wizard software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25522
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 10.14%
||
7 Day CHG~0.00%
Published-03 Jul, 2023 | 23:27
Updated-25 Nov, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a800_firmwaredgx_a800dgx_a100dgx_a100_firmwareDGX A100/A800dgx_a800dgx_a100
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.99%
||
7 Day CHG~0.00%
Published-21 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.

Action-Not Available
Vendor-vectran/aThe Apache Software Foundation
Product-cognitocouchdbn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14619
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 15.71%
||
7 Day CHG~0.00%
Published-30 Aug, 2018 | 12:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.

Action-Not Available
Vendor-[UNKNOWN]Linux Kernel Organization, Inc
Product-linux_kernelkernel
CWE ID-CWE-416
Use After Free
CWE ID-CWE-20
Improper Input Validation
CVE-2024-5681
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.61%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 08:27
Updated-27 Aug, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

Action-Not Available
Vendor-Schneider Electric SE
Product-ecostruxure_foxboro_dcs_control_core_servicesEcoStruxure Foxboro DCS Core Control Servicesecostruxure_foxboro_dcs_core_control_services
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14799
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-3.7||LOW
EPSS-0.16% / 36.83%
||
7 Day CHG~0.00%
Published-22 Aug, 2018 | 18:00
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.

Action-Not Available
Vendor-Philips
Product-pagewriter_tc10_firmwarepagewriter_tc50pagewriter_tc50_firmwarepagewriter_tc20pagewriter_tc30pagewriter_tc20_firmwarepagewriter_tc70_firmwarepagewriter_tc70pagewriter_tc10pagewriter_tc30_firmwarePageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2023-24579
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.40%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 00:00
Updated-03 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-total_protectionn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 11
  • 12
  • Next
Details not found