Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-16721

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Nov, 2020 | 20:33
Updated At-05 Aug, 2024 | 10:32
Rejected At-
Credits

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Nov, 2020 | 20:33
Updated At:05 Aug, 2024 | 10:32
Rejected At:
ā–¼CVE Numbering Authority (CNA)

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360090
x_refsource_MISC
https://www.cnvd.org.cn/flaw/show/CNVD-2018-19266
x_refsource_MISC
Hyperlink: https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360090
Resource:
x_refsource_MISC
Hyperlink: https://www.cnvd.org.cn/flaw/show/CNVD-2018-19266
Resource:
x_refsource_MISC
ā–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360090
x_refsource_MISC
x_transferred
https://www.cnvd.org.cn/flaw/show/CNVD-2018-19266
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360090
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.cnvd.org.cn/flaw/show/CNVD-2018-19266
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Nov, 2020 | 21:15
Updated At:25 Nov, 2020 | 14:54

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
v-secure
v-secure
>>jingyun_antivirus>>2.4.2.39
cpe:2.3:a:v-secure:jingyun_antivirus:2.4.2.39:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360090cve@mitre.org
Third Party Advisory
https://www.cnvd.org.cn/flaw/show/CNVD-2018-19266cve@mitre.org
Third Party Advisory
Hyperlink: https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360090
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.cnvd.org.cn/flaw/show/CNVD-2018-19266
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

563Records found
CVE-2023-21439
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21092
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.29%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21656
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.62%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in WLAN HOST

Memory corruption in WLAN HOST while receiving an WMI event from firmware.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwaresm7325-ae_firmwaresa6150p_firmwareqcs610qca8337qam8775pwcd9360_firmwarewcn3950_firmwaresa8150p_firmwaresm4450_firmwareqca6595au_firmwaresa6155sm8350csra6620_firmwarecsra6640_firmwarewcn685x-1sm7350-ab_firmwaresm4375wcn3998qca6554a_firmwareqam8295pwcn3950qcn6024_firmwaresd_8_gen1_5g_firmwaresm6375_firmwarewcn3660bsm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwaresm6225-adwcd9360snapdragon_xr2\+_gen_1_platformsnapdragon_auto_5g_modem-rf_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwaresm6225-ad_firmwareqca6698aqsa4155p_firmwaresa8155_firmwarewcd9340sw5100qca6436sa6155pqca6698aq_firmwarewcn685x-1_firmwarewcd9341qam8775p_firmwaresa8255pqca6696_firmwareqca6797aqsm4350_firmwaresa8150psm8250-ac_firmwarewsa8830_firmwaresd865_5g_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988sm4250-aa_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresa8295p_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwaressg2125psdm429wsw5100psnapdragon_w5\+_gen_1_wearable_platformqca6564ausdm429qca6574snapdragon_7c\+_gen_3_computewcd9380qcs410sxr1230pwcd9335_firmwarewcn3980qcc2073_firmwareqcm4325_firmwarewcd9340_firmwarewsa8815qca6320sdm429_firmwareqca6426_firmwaresm4450wcn3660b_firmwaresd835qcn9024wcn3980_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresa8295psm8475_firmwarewcn6740_firmwareqcs4490_firmwaresnapdragon_xr2_5g_platformqca6678aqsnapdragon_x65_5g_modem-rf_systemsm8350_firmwareqca6797aq_firmwarewcn785x-1_firmwareqcn9024_firmwarewsa8832sw5100p_firmwareqcs610_firmwaresa6145pqcs4490qca6595_firmwaresa8145pqca6391_firmwaresa4150p_firmwarewcd9370_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresa8155pcsra6640sm8250ssg2115p_firmwareqam8255psa4155par8035_firmwarewcn3991_firmwarewsa8830sa8145p_firmwaresxr2230p_firmwareqam8650pwcn785x-5csrb31024csra6620qca6390_firmwaresnapdragon_auto_4g_modem_firmwarewcd9370ssg2115pqca6426qca6584au_firmwarewcn3990_firmwaresm8450sm8250-abwcd9385_firmwarewcd9326_firmwareqam8295p_firmwaresm7325-afsa8155qca6320_firmwaresnapdragon_x55_5g_modem-rf_systemsnapdragon_835_mobile_pc_platform_firmwaresdx55_firmwareqca6595ausm7325-af_firmwareqca6436_firmwaresm4350-acsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwareqca6584ausa6155p_firmwareqca6310snapdragon_x65_5g_modem-rf_system_firmwaresm6225qcs6490qcs8550_firmwaresm8250_firmwaresm8250-acwcn3988_firmwaresa6145p_firmwaresa8195pwsa8810_firmwaresm4375_firmwaresm8450_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9326wcd9335qca8081qcm4490wcd9385sxr2130_firmwareqcs6490_firmwareqca6390ar8035wcd9375wcn3620_firmwareqcm6490wsa8815_firmwarewsa8835_firmwarewcn3620sm7350-absa4150pwcn785x-1qcm4325wcn3990qca6554asd865_5gqca6595sm8350-ac_firmwaresnapdragon_835_mobile_pc_platformsd888wsa8835sxr1230p_firmwaresdm429w_firmwaresnapdragon_auto_5g_modem-rfsd_8_gen1_5gssg2125p_firmwaresxr2130qca6574asmart_audio_400_platformwcn685x-5_firmwaresm7325pqca6310_firmwaresm7325wcn6750qcc2076_firmwareqca6574_firmwaresm7325p_firmwaresxr2230psnapdragon_xr2_5g_platform_firmwareqca6175aqca6574a_firmwarewcn785x-5_firmwaresm7315sm8250-ab_firmwareqca6391snapdragon_x55_5g_modem-rf_system_firmwareqcm4490_firmwaresnapdragon_auto_4g_modemcsrb31024_firmwareqcm6490_firmwarewsa8832_firmwarewcn685x-5sm6225_firmwareqca6574ausa8155p_firmwarewcd9341_firmwarewsa8810snapdragon_ar2_gen_1_platformsd835_firmwaresm8350-acqam8650p_firmwarewcn6740qca6696qcs8550sm4350sa6150pqcn6024qcc2076sw5100_firmwareqcs410_firmwareqcc2073qca6175a_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21192
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.67%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2018-12190
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 32.29%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-converged_security_management_engine_firmwaretrusted_execution_engine_firmwareIntel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37663
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.45%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 22:45
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete validation in `QuantizeV2` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that `min_range` and `max_range` both have the same non-zero number of elements. If `axis` is provided (i.e., not `-1`), then validation should check that it is a value in range for the rank of `input` tensor and then the lengths of `min_range` and `max_range` inputs match the `axis` dimension of the `input` tensor. We have patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6773
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.26%
||
7 Day CHG~0.00%
Published-17 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_5000_softwareStarOS for ASR 5000 Series Aggregated Services Routers
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6649
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.58% / 69.03%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nexus_5624qnexus_5672up-16gnexus_5648qnexus_5596upnexus_5672upnx-osnexus_5696qnexus_5596tnexus_56128pnexus_5548upCisco Nexus Series Switches
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2017-6345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.53%
||
7 Day CHG~0.00%
Published-01 Mar, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18065
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.37%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 22:00
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vent->vdev_id in wma_action_frame_filter_mac_event_handler(), which is received from firmware, leads to arbitrary code execution.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-45577
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.87%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Camera Driver

Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwaresnapdragon_429_mobile_firmwarefastconnect_7800_firmwarewcn3620_firmwarewsa8835wcn3620sdm429w_firmwarewsa8830wsa8830_firmwarewsa8835_firmwarewcd9380snapdragon_8_gen_1_mobile_firmwaresnapdragon_429_mobilefastconnect_6900sdm429wfastconnect_6900_firmwaresnapdragon_8_gen_1_mobilewcn3660b_firmwarefastconnect_7800wcn3660bSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-45579
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.87%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Camera Driver

Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwaresnapdragon_429_mobile_firmwarefastconnect_7800_firmwarewcn3620_firmwarewsa8835wcn3620sdm429w_firmwarewsa8830wsa8830_firmwarewsa8835_firmwarewcd9380snapdragon_8_gen_1_mobile_firmwaresnapdragon_429_mobilefastconnect_6900sdm429wfastconnect_6900_firmwaresnapdragon_8_gen_1_mobilewcn3660b_firmwarefastconnect_7800wcn3660bSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30658
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 13.87%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • ...
  • 10
  • 11
  • 12
  • Next
Details not found