Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-3726

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-03 Jul, 2015 | 01:00
Updated At-06 Aug, 2024 | 05:56
Rejected At-
Credits

The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:03 Jul, 2015 | 01:00
Updated At:06 Aug, 2024 | 05:56
Rejected At:
▼CVE Numbering Authority (CNA)

The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.apple.com/kb/HT204941
x_refsource_CONFIRM
http://www.securitytracker.com/id/1032761
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/75490
vdb-entry
x_refsource_BID
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
vendor-advisory
x_refsource_APPLE
Hyperlink: http://support.apple.com/kb/HT204941
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1032761
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/75490
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.apple.com/kb/HT204941
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1032761
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/75490
vdb-entry
x_refsource_BID
x_transferred
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://support.apple.com/kb/HT204941
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1032761
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/75490
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:03 Jul, 2015 | 02:00
Updated At:06 May, 2026 | 22:30

The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Apple Inc.
apple
>>iphone_os>>Versions up to 8.3(inclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlproduct-security@apple.com
Mailing List
Vendor Advisory
http://support.apple.com/kb/HT204941product-security@apple.com
Vendor Advisory
http://www.securityfocus.com/bid/75490product-security@apple.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032761product-security@apple.com
Third Party Advisory
VDB Entry
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
http://support.apple.com/kb/HT204941af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/75490af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032761af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
Source: product-security@apple.com
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT204941
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/75490
Source: product-security@apple.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1032761
Source: product-security@apple.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT204941
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/75490
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1032761
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

1041Records found
CVE-2020-3893
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.58%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 17:49
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3999
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.72%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 15:14
Updated-08 Aug, 2025 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Apple Inc.
Product-fusionmac_os_xworkstationesxiVMware ESXi, VMware Workstation,VMware Fusion and VMware Cloud Foundation
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21588
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.44%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 00:00
Updated-05 Mar, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InDesign Improper Input Validation Remote Code Execution Vulnerability

Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign
CWE ID-CWE-20
Improper Input Validation
CVE-2025-43533
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-17 Dec, 2025 | 20:46
Updated-02 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-43494
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 34.64%
||
7 Day CHG+0.01%
Published-12 Dec, 2025 | 20:56
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A mail header parsing issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An attacker may be able to cause a persistent denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-visionoswatchosmacosiphone_osipadosmacOSwatchOSiOS and iPadOSvisionOS
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0387
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.14% / 78.62%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 23:00
Updated-29 Nov, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250.

Action-Not Available
Vendor-n/aCisco Systems, Inc.Apple Inc.Microsoft Corporation
Product-windowsmacoswebex_teamsCisco Webex Teams unknown
CWE ID-CWE-20
Improper Input Validation
CVE-2025-43427
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 01:17
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionossafariiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2025-43234
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 73.77%
||
7 Day CHG+0.53%
Published-29 Jul, 2025 | 23:35
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-43223
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.96%
||
7 Day CHG+0.44%
Published-29 Jul, 2025 | 23:28
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. A non-privileged user may be able to modify restricted network settings.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7825
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.71% / 82.57%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxApple Inc.
Product-firefoxthunderbirddebian_linuxmac_os_xFirefoxFirefox ESRThunderbird
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7074
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.57%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7045
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 48.10%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7003
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 51.08%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7126
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.58% / 81.83%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6974
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 40.89%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7121
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.79% / 74.06%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5110
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 70.49%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncRed Hat, Inc.Microsoft CorporationDebian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopwindowsmacoschromeandroidlinux_kernelGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5089
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 58.44%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.

Action-Not Available
Vendor-n/aApple Inc.Red Hat, Inc.Google LLC
Product-enterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopmacoschromeGoogle Chrome prior to 59.0.3071.104 for Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5093
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 71.87%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncRed Hat, Inc.Microsoft CorporationDebian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopwindowsmacoschromeandroidlinux_kernelGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5071
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.3||MEDIUM
EPSS-0.74% / 73.04%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncRed Hat, Inc.Microsoft Corporation
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopwindowsmacoschromeandroidlinux_kernelGoogle Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android
CWE ID-CWE-20
Improper Input Validation
CVE-2017-2414
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.65%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-2535
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.12%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-2442
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-12.42% / 93.99%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-10497
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.40%
||
7 Day CHG~0.00%
Published-24 Sep, 2018 | 23:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of EML files. The issue results from the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5328.

Action-Not Available
Vendor-Samsung
Product-samsung_emailSamsung Email
CWE ID-CWE-20
Improper Input Validation
CVE-2018-10502
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.47%
||
7 Day CHG~0.00%
Published-24 Sep, 2018 | 23:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359.

Action-Not Available
Vendor-Samsung
Product-galaxy_appsSamsung Galaxy Apps
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0214
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.57%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 07:00
Updated-02 Dec, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. These commands should have been restricted from this user. The vulnerability is due to insufficient input validation of CLI command user input. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a CLI command with crafted user input. A successful exploit could allow the attacker to execute arbitrary commands on the affected system that should be restricted. The attacker would need to have valid user credentials for the device. Cisco Bug IDs: CSCvf49844.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0338
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.54%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 21:00
Updated-29 Nov, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_systemCisco Unified Computing System unknown
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-33703
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.09%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:36
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2019-4001
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.36%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 21:04
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code.

Action-Not Available
Vendor-druvan/a
Product-insyncDruva inSync Client
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7218
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 38.48%
||
7 Day CHG~0.00%
Published-14 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-pan-osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30788
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 9.12%
||
7 Day CHG-0.00%
Published-26 May, 2022 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-debian_linuxntfs-3gfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30786
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 9.12%
||
7 Day CHG-0.00%
Published-26 May, 2022 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-debian_linuxntfs-3gfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6650
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.58% / 69.03%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nexus_5624qnexus_5672up-16gnexus_5648qnexus_5596upnexus_5672upnx-osnexus_5696qnexus_5596tnexus_56128pnexus_5548upCisco Nexus Series Switches
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2017-6256
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.88%
||
7 Day CHG~0.00%
Published-28 Jul, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-gpu_driverwindowsNVIDIA Windows GPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6261
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-8.2||HIGH
EPSS-0.07% / 20.36%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 13:18
Updated-05 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NVIDIA’s Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure

NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-vibrante_linuxNVIDIA Vibrante Linux
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28193
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.19% / 41.09%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 17:57
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavierjetson_linuxjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28195
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.06% / 19.31%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 17:57
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavierjetson_linuxjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-5932
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.57%
||
7 Day CHG~0.00%
Published-27 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.

Action-Not Available
Vendor-n/aGNU
Product-bashn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27833
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.08%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynos_9830exynos_980exynos_2100Samsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-0168
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.49%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-proset_ac_3165amt_wi-fi_6_ax201proset_ac_9462amt_ac_9560_firmwareproset_ac_8265killer_wi-fi_6_ax1650amt_wi-fi_6_ax201_firmwareproset_ac_3165_firmwareamt_ac_8265_firmwareproset_ac_8260proset_ac_9461_firmwareproset_wi-fi_6_ax201_firmwareproset_wi-fi_6e_ax210proset_wireless_7265_\(rev_d\)_firmwareamt_wi-fi_6_ax210_firmwareproset_wi-fi_6_ax200_firmwarekiller_wi-fi_6_ax1650_firmwareproset_wi-fi_6_ax200proset_ac_9461proset_ac_8260_firmwareamt_wi-fi_6_ax200amt_wi-fi_6_ax210amt_ac_8260_firmwareamt_ac_8260killer_ac_1550_firmwareamt_ac_9260_firmwareproset_ac_8265_firmwareproset_wireless_7265_\(rev_d\)proset_ac_9462_firmwareproset_wi-fi_6_ax201killer_wi-fi_6e_ax1675_firmwareproset_wi-fi_6e_ax210_firmwareproset_ac_9260killer_wi-fi_6e_ax1675proset_ac_9560amt_wi-fi_6_ax200_firmwareamt_ac_9260proset_ac_9260_firmwareamt_ac_8265amt_ac_9560proset_ac_9560_firmwarekiller_ac_1550proset_ac_3168proset_ac_3168_firmwareIntel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0158
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.25%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 19:06
Updated-03 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_w-2223core_i7-7700kcore_i7-8705gxeon_e-2276mcore_i7-8665uxeon_w-3245mcore_i3-8300tcore_i7-7660ucore_i7-8706gxeon_e-2378gcore_i7-1068ng7core_i7-11700fcore_i7-6950xxeon_platinum_8362xeon_w-3225core_i7-1160g7core_i5-1035g7xeon_e-2236xeon_gold_6338xeon_w-1370core_i7-10850hcore_i7-1185grecore_i7-11375hxeon_e3-1240_v6xeon_e-2314xeon_w-2125core_i9-10940xcore_i5-8400hceleron_n6210core_i5-10400fcore_i7-8700xeon_silver_4309yxeon_platinum_8352ycore_i5-8400core_i5-7y54core_i3-10300core_i3-7100tcore_i7-7700tcore_i7-10700tcore_i3-1110g4core_i7-8086kcore_i5-10210uxeon_w-2295xeon_gold_6326celeron_n2815core_i7-3960xcore_i5-8257ucore_i7-8700kcore_i5-10200hxeon_e-2226gceleron_n2940xeon_silver_4316core_i5-1035g4xeon_w-2255core_i3-8145ucore_i5-10400hceleron_n5105core_i7-11700core_i5-7442eqxeon_w-11555mlexeon_e-2134core_i3-10100ycore_i3-7020uxeon_e3-1501l_v6core_i5-10400tcore_i3-8109upentium_silver_n6000core_i7-11370hcore_i5-10310ucore_i9-7920xcore_i7-7600ucore_i9-11900txeon_e-2224xeon_e3-1285_v6core_i5-10505core_i5-1030g7xeon_w-1390txeon_w-1270celeron_n4500xeon_e3-1225_v6core_i3-7100ecore_i5-11600tcore_i3-7300xeon_e-2378core_i7-11850hcore_i9-11900core_i3-1000g1core_i7-10510yxeon_e3-1505l_v6xeon_e-2278gexeon_platinum_8380hcore_i3-10110uxeon_w-2245core_i7-11800hceleron_n3150xeon_platinum_8376hceleron_n4100xeon_gold_6330core_i9-7960xcore_i7-7820xceleron_n3060core_i5-10400core_i7-7700hqxeon_w-1270tecore_i5-8400bcore_i9-7980xexeon_gold_6314ucore_i5-1155g7core_i5-10500tecore_i3-10105fcore_i7-7820hkcore_i3-8100hcore_i7-6900kxeon_w-3335core_i9-9940xcore_i9-11950hcore_i7-11850hecore_i5-11600xeon_w-1290tcore_i5-10300hceleron_n4120xeon_platinum_8353hcore_i5-8350ucore_i9-10980hkxeon_w-11865mlexeon_gold_6348hcore_i5-7300ucore_i7-11700tcore_i5-8600xeon_w-11855mxeon_e-2136xeon_e-2246gcore_i5-8500tcore_i7-10510uxeon_w-3265mceleron_n2840core_i5-7500core_i7-3930kcore_i3-10100ecore_i3-8100core_i7-1060g7xeon_w-2265core_i9-11900hcore_i9-10900celeron_n2930celeron_n2910xeon_gold_5320hxeon_gold_5320xeon_platinum_8360yxeon_w-10855mcore_i5-7200ucore_i3-11100hecore_i9-11900kcore_i3-10100txeon_gold_6338tcore_i9-8950hkxeon_w-11555mrecore_i9-10900ecore_i7-7700core_i9-10850kxeon_gold_5318score_i9-10900kxeon_e-2386gcore_i7-7920hqcore_i3-7102ecore_i5-8600kxeon_e-2254mlcore_i9-10900fcore_i5-8400txeon_w-1270pcore_i7-8750hxeon_e3-1501m_v6core_i7-10700core_i5-8365ucore_i9-10920xceleron_n3160core_i3-10100tecore_i7-6850kxeon_e-2334core_i5-7600core_i9-7940xxeon_platinum_8380hlxeon_gold_5318ncore_i3-10105tcore_i9-9960xcore_i7-10700fxeon_e3-1270_v6core_i9-10885hcore_i7-3920xmxeon_e-2286mcore_i5-11400txeon_platinum_8358pxeon_w-1250ecore_i5-11300hcore_i5-1145g7core_i3-1125g4pentium_silver_n5000core_i9-11900kfcore_i7-10750hcore_i3-10325xeon_w-2195xeon_w-3375core_i3-7100hxeon_e-2276gcore_i3-8300xeon_w-1390core_i3-1000g4xeon_e-2186gxeon_w-3365core_i5-7400txeon_gold_5317core_i7-10875hxeon_e-2276mlxeon_e-2244gxeon_e-2174gxeon_platinum_8356hcore_i3-7100core_i7-8809gxeon_e-2176gcore_i3-8145uexeon_e-2324gcore_i5-7260ucore_i7-8700bcore_i7-8709gcore_i3-10100core_i5-7267uxeon_w-1250pcore_i3-1115g4core_i7-7800xcore_i9-9920xcore_i3-8100txeon_gold_5320tceleron_n4505core_i5-10210ycore_i5-1140g7core_i7-8557ucore_i5-10500exeon_gold_6312uxeon_w-2123xeon_w-3275mcore_i7-8700tcore_i5-8300hcore_i7-3820core_i5-10600txeon_e-2356gcore_i3-10110ycore_i5-7400core_i5-10600kfcore_i5-11400fcore_i7-8650uxeon_silver_4314core_i7-10700ecore_i5-1145grecore_i3-7320core_i7-1180g7core_i5-11600kfxeon_platinum_8358core_i7-9800xcore_i7-11700kfxeon_gold_5315yxeon_e3-1230_v6core_i7-10870hxeon_w-11865mrecore_i5-1035g1pentium_silver_n5030core_i5-1038ng7core_i7-4960xxeon_platinum_8354hxeon_w-3265xeon_w-3245celeron_n3350xeon_e-2274gcore_i5-8500bcore_i5-11500tcore_i7-10700kcore_i7-1185g7core_i7-1195g7xeon_e-2124gcore_i7-1165g7celeron_n3050core_i5-8269upentium_silver_j5005core_i5-11600kxeon_e-2278gelcore_i7-11390hcore_i5-1030g4core_i7-10700texeon_e3-1280_v6xeon_platinum_8368xeon_e-2288gceleron_n3000xeon_e-2234celeron_n2807core_i7-7740xcore_i7-11700kcore_i5-10500core_i7-5820kxeon_silver_4310txeon_e-2124xeon_platinum_8380core_i5-7287ucore_i7-10710ucore_i7-10700kfcore_i5-7440eqcore_i7-3940xmxeon_platinum_8351nxeon_w-1250texeon_w-1250core_i5-8279ucore_i7-4940mxxeon_platinum_8352vxeon_gold_6336yxeon_w-1290ecore_i3-7100ucore_i7-4930kxeon_e-2276mecore_i7-8565ucore_i3-7101tecore_i3-7350kcore_i5-11400hxeon_w-3275core_i5-7600kcore_i5-8250ucore_i3-10305celeron_n2820xeon_e-2126gcore_i5-7300hqcore_i7-7560uxeon_w-1270ecore_i7-7820eqxeon_platinum_8360hlxeon_e3-1535m_v6core_i9-11900fcore_i5-8259ucore_i7-4820kcore_i5-7360ucore_i7-11600hceleron_n2805celeron_n2806core_i9-11980hkcore_i5-10600kxeon_e3-1220_v6xeon_w-1370pcore_i3-8140uxeon_e-2336xeon_e-2388gcore_i9-10900kfcore_i3-10105xeon_w-11155mrexeon_e-2186mxeon_gold_6354xeon_e-2176mcore_i5-1130g7celeron_n3350exeon_platinum_8352mcore_i3-1120g4core_i5-7600tcore_i9-9820xxeon_w-2155core_i9-9900xcore_i7-7500ucore_i7-8550ucore_i5-10310yxeon_gold_6330hxeon_w-1290pceleron_n3010xeon_e-2224gxeon_w-2135xeon_e-2286gxeon_gold_5318hxeon_w-11155mlecore_i5-10500hxeon_platinum_8376hlceleron_n2808core_i5-8260uxeon_w-2145xeon_e3-1275_v6core_i5-11320hxeon_e-2226gecore_i7-10810uxeon_e-2278gxeon_e3-1245_v6core_i9-9980xecore_i3-1115grexeon_gold_6346xeon_w-2235core_i7-8850hcore_i5-11500hcore_i3-7130ucore_i7-10610uxeon_w-11955mxeon_e-2374gcore_i3-10100fcore_i3-7167ucore_i7-6800kcore_i7-8500ycore_i7-7567uxeon_gold_6338nceleron_n2920core_i9-10900xcore_i5-10600xeon_platinum_8360hcore_i5-11260hxeon_w-1390pcore_i3-1115g4ecore_i9-10980xepentium_silver_n6005core_i7-7820hqxeon_gold_6348core_i5-8210yceleron_n6211xeon_gold_6330nxeon_w-1350core_i3-7300tcore_i7-3970xcore_i5-8365uecore_i7-8665uexeon_w-1290xeon_w-3345xeon_platinum_8368qceleron_n4000celeron_n2830core_i5-1145g7exeon_w-10885mcore_i5-11500hexeon_silver_4310core_i3-10320core_i9-10900tcore_i5-8200ycore_i3-10300tcore_i3-7101ecore_i5-8310yceleron_n3450xeon_gold_6334xeon_w-2275celeron_n5100core_i5-11500core_i5-1135g7core_i9-7900xxeon_w-1290tecore_i5-7640xcore_i5-8500celeron_n4020xeon_w-3223core_i5-7440hqxeon_e-2144gcore_i7-5960xxeon_w-1350pxeon_gold_6342celeron_n2810xeon_w-3323xeon_w-3175xcore_i7-8569ucore_i5-8265ucore_i5-10500txeon_e-2254mecore_i7-4930mxxeon_w-3235core_i7-1185g7ecore_i7-5930kxeon_platinum_8352score_i7-7y75xeon_gold_5318ycore_i3-1005g1xeon_w-2225xeon_gold_6328hcore_i3-8100bxeon_w-2133core_i5-7y57core_i3-10305tcore_i3-8350kcore_i5-11400core_i5-8600tcore_i5-7500tpentium_silver_j5040xeon_e3-1505m_v6core_i5-8305gcore_i7-1065g7core_i7-8559uxeon_gold_6328hlcore_i9-10900texeon_e-2146gcore_i3-8130uxeon_w-2175Intel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2022-26531
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.99% / 77.12%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 00:00
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_60w_firmwarenwa210ax_firmwarewac6502d-e_firmwareatp100atp800_firmwareusg_2200-vpn_firmwareusg_flex_100atp100w_firmwarenwa1302-ac_firmwarenap303_firmwarenxc2500nsg300nwa1123-ac-pro_firmwarenwa110ax_firmwareusg300_firmwarewax510d_firmwareusg200usg_40wnwa90ax_firmwarensg100atp500_firmwareusg_20w-vpn_firmwarewac6502d-eatp800nap203_firmwarevpn50usg310wac6103d-iusg_40w_firmwarewac5302d-sv2nwa1123-ac-prowac6502d-s_firmwarewac6552d-swac5302d-sv2_firmwarenap203wax650susg2200wax610d_firmwareatp200_firmwarenwa55axe_firmwarewac500hnsg300_firmwareatp100_firmwareusg_flex_500_firmwarenwa50axwax610dnsg100_firmwareusg200_firmwarewac6552d-s_firmwarevpn300usg_flex_100wwac500usg_110_firmwareatp700_firmwareusg_60wusg210nap353nsg50wax650s_firmwareusg_110usg_1900_firmwareatp500wac6103d-i_firmwarenwa1123acv3_firmwareusg_40vpn300_firmwarewax630snwa5123-ac-hd_firmwarenwa50ax_firmwareusg_1900wac500h_firmwarenwa1123-ac-hdusg_flex_100w_firmwarenap303usg_2200-vpnvpn50_firmwareatp200atp700usg_20wusg_20w-vpnnwa1302-acvpn1000_firmwarewac6553d-swac5302d-s_firmwarewac5302d-snwa110axusg_flex_500usg310_firmwareusg20usg_310vpn100usg_1100usg_310_firmwarensg50_firmwarewac6303d-s_firmwarewac6553d-s_firmwareusg_flex_200nwa210axusg_40_firmwareatp100wusg_flex_200_firmwarenxc5500usg210_firmwareusg_20w_firmwarenwa1123acv3usg300vpn100_firmwareusg_flex_700usg_60_firmwarenwa1123-ac-hd_firmwareusg2200_firmwarenwa55axenap353_firmwarewax630s_firmwarewac6503d-s_firmwarewac500_firmwareusg_60usg20_firmwarewac6303d-snwa5123-ac-hdusg_flex_100_firmwarenxc5500_firmwarewac6503d-snwa90axwax510dnxc2500_firmwarewac6502d-susg_flex_700_firmwarevpn1000usg_1100_firmwareATP series firmwareWAC500 firmwareNSG series firmwareVPN series firmwareNXC2500 firmwareNWA50AX firmwareUSG FLEX series firmwareUSG/ZyWALL series firmwareWAX510D firmwareNAP203 firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5123
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.71% / 82.59%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 22:05
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-h300eh500scloud_backuph300s_firmwareh410sh300sh300e_firmwarelinux_kernelh500eh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwareh700eh700e_firmwareh700sn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8742
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.49%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:15
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc5i3ryhsnnuc7i7dnbenuc7i5bnhx1nuc7i5bnhxfcd1c32gk_firmwarecd1c64gknuc7i5dnkpcnuc5i3mybe_firmwarenuc8i7hvknuc7i5dnbe_firmwarede3815tykhe_firmwarenuc7i3dnktc_firmwarenuc8i7hnk_firmwarenuc7i5dnbenuc6i7kyknuc5i5ryhsnuc5i3ryk_firmwarenuc8i5behfa_firmwarenuc7i3bnb_firmwarenuc7pjyhnuc7i5dnhe_firmwarenuc7i3bnhx1_firmwarenuc5ppyh_firmwarenuc8i5behs_firmwarenuc8i5behfanuc5i7ryh_firmwarenuc8i7hvkvaw_firmwarenuc5i3ryhnuc8i7hvkvanuc6caysnuc5i5mybe_firmwarenuc5i5myhenuc7i3bnbnuc7i3bnk_firmwarenuc5i3myhe_firmwarenuc5i5ryk_firmwarenuc8i7hnkqcnuc7i3dnke_firmwarenuc8i3behfa_firmwarenuc7i3bnhnuc7i3bnknuc5i5mybenuc7pjyh_firmwarestk2mv64cc_firmwarenuc7i3bnhxf_firmwarenuc7i7bnhnuc5i5ryh_firmwarenuc8i3behnuc8i7hnknuc8i5bek_firmwarenuc5i3ryhs_firmwarenuc7i3bnh_firmwarenuc8i7beh_firmwarenuc5pgyh_firmwarenuc5i5rykcd1p64gknuc7i3dnhncnuc7i5bnkpnuc8i5bekpa_firmwarenuc7i3dnhe_firmwarenuc5i7ryhnuc6cayhde3815tybe_firmwarenuc7cjysalnuc7i5dnkenuc7i7bnkqnuc5i3ryhsn_firmwarenuc8i7hnkqc_firmwarenuc7i7bnhxgcd1c64gk_firmwarestk2mv64ccnuc6i7kyk_firmwarenuc7i3dnhnc_firmwarenuc6cays_firmwarenuc8i7hvk_firmwarenuc7i5dnke_firmwarenuc5i5ryhs_firmwarenuc8i7behga_firmwarenuc8i3behs_firmwarenuc8i7bekqa_firmwarenuc7i5bnknuc7i3dnbenuc7cjyhnuc7i5bnhxf_firmwarenuc7i5bnhnuc5i3mybenuc8i7bek_firmwarede3815tykhenuc7i3dnhenuc5i3ryhsnuc8i7behganuc7i3dnktcnuc7i7dnbe_firmwarenuc7i3dnbe_firmwarenuc8i5beh_firmwarenuc5i3ryknuc7i7dnhe_firmwarenuc7i5bnkp_firmwarenuc7i7bnbnuc5cpyhnuc5pgyhnuc5i5ryhnuc8i5bekpanuc7i5bnh_firmwarenuc7i5dnhenuc8i3beknuc7i7bnkq_firmwarecd1p64gk_firmwarenuc5ppyhnuc8i7beknuc7i5bnb_firmwarenuc8i7behnuc7i7dnke_firmwarenuc7i5dnkpc_firmwarenuc7i7bnhxg_firmwarenuc6cayh_firmwarenuc8i7bekqanuc7i3bnhxfnuc5i3ryh_firmwarenuc8i3behfanuc7i5bnk_firmwarenuc7i5bnhx1_firmwarenuc8i5behsnuc7i5bnbnuc7cjyh_firmwarenuc7i7bnhx1nuc7i7bnb_firmwarenuc7i7bnhx1_firmwarenuc7i3dnkenuc8i5beknuc5cpyh_firmwarenuc8i5behcd1c32gknuc8i7hvkva_firmwarenuc5i5myhe_firmwarenuc5i3myhenuc7i7bnh_firmwarenuc7i3bnhx1de3815tybenuc7i7dnkenuc7cjysal_firmwarenuc7i7dnhenuc8i7hvkvawnuc8i3beh_firmwarenuc8i3behsnuc8i3bek_firmwareIntel(R) NUCs Advisory
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8734
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.49%
||
7 Day CHG~0.00%
Published-02 Feb, 2021 | 20:20
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-m10jnp2sb_firmwarem10jnp2sbIntel® Server Board M10JNP2SB Advisory
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18055
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.62%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 22:00
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_resp_evt_handler(), which is received from firmware, leads to potential buffer overflow.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18867
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.04%
||
7 Day CHG~0.00%
Published-05 May, 2020 | 13:47
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7100lg_firmwared7800_firmwared6100_firmwared6100wndr4500wndr4300wndr4500_firmwared7800r7100lgwndr4300_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18155
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.28%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_625sd_820_firmwaresd_835_firmwaremsm8996ausd_820sd_625_firmwaresd_450sd_820amsm8996au_firmwaresd_835sd_450_firmwaresd_820a_firmwareSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18054
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.62%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 22:00
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to potential buffer overflow.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 30.77%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 16:26
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • ...
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • Next
Details not found