Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-16722

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Nov, 2020 | 20:33
Updated At-05 Aug, 2024 | 10:32
Rejected At-
Credits

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Nov, 2020 | 20:33
Updated At:05 Aug, 2024 | 10:32
Rejected At:
▼CVE Numbering Authority (CNA)

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360094
x_refsource_MISC
https://www.cnvd.org.cn/flaw/show/CNVD-2018-19265
x_refsource_MISC
Hyperlink: https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360094
Resource:
x_refsource_MISC
Hyperlink: https://www.cnvd.org.cn/flaw/show/CNVD-2018-19265
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360094
x_refsource_MISC
x_transferred
https://www.cnvd.org.cn/flaw/show/CNVD-2018-19265
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360094
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.cnvd.org.cn/flaw/show/CNVD-2018-19265
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Nov, 2020 | 21:15
Updated At:25 Nov, 2020 | 14:55

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
v-secure
v-secure
>>jingyun_antivirus>>2.4.2.39
cpe:2.3:a:v-secure:jingyun_antivirus:2.4.2.39:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360094cve@mitre.org
Third Party Advisory
https://www.cnvd.org.cn/flaw/show/CNVD-2018-19265cve@mitre.org
Third Party Advisory
Hyperlink: https://github.com/bsauce/poc/tree/master/jingyun_antivirus_12360094
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.cnvd.org.cn/flaw/show/CNVD-2018-19265
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

514Records found
CVE-2023-38587
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.27%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:03
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_kit_nuc8i7bek_firmwarenuc_8_home_nuc8i3behfa_firmwarenuc_kit_nuc8i5behnuc_kit_nuc8i7beknuc_kit_nuc8i5behs_firmwarenuc_kit_nuc8i3beh_firmwarenuc_kit_nuc8i7behnuc_8_enthusiast_nuc8i7bekqa_firmwarenuc_8_enthusiast_nuc8i7bekqanuc_8_home_nuc8i5behfanuc_8_home_nuc8i5bekpa_firmwarenuc_kit_nuc8i7beh_firmwarenuc_kit_nuc8i3behsnuc_kit_nuc8i3beknuc_kit_nuc8i5beh_firmwarenuc_8_enthusiast_nuc8i7behganuc_kit_nuc8i5beknuc_kit_nuc8i5behsnuc_kit_nuc8i3behnuc_kit_nuc8i3bek_firmwarenuc_kit_nuc8i5bek_firmwarenuc_8_home_nuc8i5bekpanuc_8_home_nuc8i3behfanuc_8_enthusiast_nuc8i7behga_firmwarenuc_8_home_nuc8i5behfa_firmwarenuc_kit_nuc8i3behs_firmwareIntel NUC BIOS firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5678
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.18%
||
7 Day CHG~0.00%
Published-31 May, 2019 | 21:12
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgeforce_experienceNVIDIA GeForce Experience
CWE ID-CWE-20
Improper Input Validation
CVE-2021-20268
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.80%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 17:16
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelkernel
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-21460
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.38%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-09 May, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive Software platform based on QNX

Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8295pqca6696_firmwaresa8775psa8770p_firmwaresa9000pqam8295p_firmwareqam8255p_firmwareqca6698aq_firmwaresrv1lsa8540p_firmwareqca6696srv1h_firmwaresa8775p_firmwaresa6150p_firmwareqca6595sa8295psa8620p_firmwareqca6688aq_firmwareqam8620psa6155p_firmwareqam8775p_firmwaresa8155_firmwaresa8195p_firmwareqca6574au_firmwaresa8155p_firmwaresa8255p_firmwaresa8155qam8255pqca6595ausa8145p_firmwareqca6698aqsrv1msa8150pqamsrv1hsa7775p_firmwaresa8650pqam8650psa6155sa7775pqca6574ausa9000p_firmwareqam8775psa6145psa8195pqca6574a_firmwaresa6150pqca6595au_firmwaresrv1l_firmwaresa8255psa8540psa8295p_firmwareqca6595_firmwareqca6688aqqca6574asa8620pqamsrv1h_firmwaresa8150p_firmwaresa7255p_firmwaresrv1hsa6145p_firmwaresa6155_firmwaresa8770pqam8650p_firmwareqamsrv1msa6155psa8155psa8145psa7255pqam8620p_firmwaresa8650p_firmwareqamsrv1m_firmwaresrv1m_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-39535
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.63%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 21:23
Updated-29 Aug, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in BIOS

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

Action-Not Available
Vendor-AMI
Product-aptio_vAptioVaptio_v
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21234
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 54.83%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-02 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_22h2windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_22h2windows_server_2025windows_11_23h2Windows 11 version 22H3Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 22H2Windows Server 2025 (Server Core installation)Windows Server 2022Windows Server 2025Windows 11 version 22H2Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21375
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.09%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-12 Mar, 2025 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1809windows_10_22h2windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2025windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows Server 2025Windows Server 2012Windows 10 Version 1507Windows 11 version 22H2Windows 10 Version 1607Windows Server 2022Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2016Windows Server 2012 R2Windows 11 version 22H3Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36407
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-10.65% / 93.01%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-29 Apr, 2025 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Elevation of Privilege Vulnerability

Windows Hyper-V Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_11_21h2windows_server_2022windows_11_23h2Windows 11 version 21H2Windows 11 version 22H3Windows 11 Version 23H2Windows 11 version 22H2Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21235
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 54.83%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-02 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_22h2windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_22h2windows_server_2025windows_11_23h2Windows 11 version 22H3Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 22H2Windows Server 2025 (Server Core installation)Windows Server 2022Windows Server 2025Windows 11 version 22H2Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36731
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.72% / 71.60%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21370
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.86%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-02 Apr, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_11_22h2windows_11_24h2Windows 11 Version 23H2Windows 11 version 22H2Windows 11 version 22H3Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1085
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.02%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and information disclosure but attacker doesn't have control over what information is obtained. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29495
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.86%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:03
Updated-09 May, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_8_mainstream-g_kit_nuc8i5inhnuc_8_mainstream-g_kit_nuc8i5inh_firmwarenuc_8_mainstream-g_kit_nuc8i7inhnuc_8_mainstream-g_kit_nuc8i7inh_firmwareIntel NUC BIOS firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30657
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30712
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 28.27%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 03:11
Updated-26 Sep, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30658
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30659
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30664
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-31 Oct, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30655
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30690
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.54%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 03:01
Updated-19 Sep, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30656
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30663
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.83%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-31 Oct, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29359
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.00%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GDI Elevation of Privilege Vulnerability

GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-44094
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.4||HIGH
EPSS-0.01% / 0.53%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 20:28
Updated-18 Sep, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-28578
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.11% / 30.17%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Services

Memory corruption in Core Services while executing the command for removing a single event listener.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwareimmersive_home_214sd865_5gqca6595ipq6028_firmwareqca8081_firmwareqcn9001snapdragon_670_mobilesnapdragon_x50_5g_modem-rf_systemwcd9340_firmwareipq5028_firmwarewcd9395_firmwareqcn6024ar9380qcc710_firmwareqca6426snapdragon_8\+_gen_1_mobilefastconnect_6700qcn6422_firmwareqcn5124_firmwaresnapdragon_782g_mobile_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_665_mobile_firmwaresc8180xp-aaabqca6574au_firmwareipq8078a_firmwareqam8295pwcd9341sd626_firmwareipq5312snapdragon_x12_lte_modemsnapdragon_888\+_5g_mobile_firmwarewsa8810_firmwaresd730_firmwarewsa8845h_firmwaresa9000p_firmwaresc8180xp-acafsnapdragon_850_mobile_computefastconnect_6800_firmwarefsm10055sd835_firmwarevideo_collaboration_vc1_platform_firmwaresa8770pqcn9000snapdragon_678_mobile_firmwaresa8540pqsm8250_firmwareqsm8350_firmwareqcn6432video_collaboration_vc1_platformqep8111sa7255psnapdragon_730_mobile_firmwarewcd9385_firmwareqca6421vision_intelligence_200qca6310ipq8074a_firmwareipq8076awcd9360snapdragon_680_4g_mobilesa6155pqca6564au_firmwareqca8075qam8650pvideo_collaboration_vc5_platform_firmwaresa9000psnapdragon_835_mobilesnapdragon_888_5g_mobile_firmwaresnapdragon_662_mobile_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwaresd835snapdragon_4_gen_2_mobile_firmwareqca6436_firmwareipq8070a_firmwareqcn5021_firmwareqcn9070snapdragon_695_5g_mobile_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwareqca6420wcn3910csrb31024snapdragon_x70_modem-rf_system_firmwaremdm9250_firmwaresnapdragon_712_mobilesnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_835_mobile_firmwarewcn3660bqca6574aqca6174awcd9340qcs8250_firmwareqcm2290qdu1210snapdragon_auto_5g_modem-rf_gen_2qcn6122_firmwareqcn5154_firmwaresm8550p_firmwareqcm8550wcn3988snapdragon_765_5g_mobile_firmwareqcn5122_firmwareqcn9024pmp8074vision_intelligence_300_firmwareqca6574snapdragon_x75_5g_modem-rf_systemqamsrv1hqcn6412_firmwaresdx57mqcs410qcm2290_firmwarevision_intelligence_100sa8155pqca8072_firmwaresnapdragon_765g_5g_mobile_firmwarewsa8830smart_display_200_firmwareipq5312_firmwaresm8550pqcf8000_firmwaresa6145psnapdragon_625_mobile_firmwareimmersive_home_318_firmwareqcn6122sa8255p_firmwaresnapdragon_4_gen_2_mobilesnapdragon_7c_compute_firmwareqrb5165m_firmwaresa8650p_firmwareimmersive_home_216_firmwareqca9985immersive_home_316snapdragon_865\+_5g_mobile_firmwareipq8071aqcn6112wcn3950_firmwareqrb5165nfastconnect_6200sm7325p_firmwaresd460wcd9360_firmwaresc8180x-acaf_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_660_mobile_firmwareqdx1011snapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwarerobotics_rb3_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwaresnapdragon_8_gen_3_mobilesnapdragon_855_mobilesc8180xp-acaf_firmwareqcn9072qcn6224_firmwarevision_intelligence_100_firmwareqca6431sd660_firmwaresnapdragon_480_5g_mobilesnapdragon_750g_5g_mobile_firmwaresdx57m_firmwareimmersive_home_216srv1msxr2130_firmwaresnapdragon_860_mobile_firmwarear8035_firmwaresnapdragon_778g\+_5g_mobileqrb5165msc8380xpqca6320qca4024_firmwareqca0000_firmwaresd888_firmwareqcs6125_firmwareqca9992_firmwareqca9990ipq8070qcn9074wsa8815_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareipq8173snapdragon_665_mobilesm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_730g_mobile_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq5028qca9986qcn9070_firmwaresnapdragon_778g\+_5g_mobile_firmwaresa8295p_firmwaresmart_audio_400_firmwaresd_675_firmwareqca9984ipq5010_firmwareqcn9022_firmwaresnapdragon_720g_mobilesm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresc8180x-acafsd888fsm10055_firmwareqru1062_firmwarefsm10056sd460_firmwaresnapdragon_675_mobile_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_768g_5g_mobilesc8380xp_firmwareipq8065qru1062qca6310_firmwaresd626fastconnect_6800qcs7230snapdragon_865_5g_mobile_firmwareipq5302_firmwareqcn9001_firmwarewcd9371fastconnect_6900_firmwarerobotics_rb5_firmwareqca8075_firmwareqcf8000sc8180x-aaab_firmwarevideo_collaboration_vc3_platformqca9980_firmwareqca9985_firmwareqca6431_firmwareqcn6402_firmwareqca6698aq_firmwareqcs2290qcs2290_firmwaresnapdragon_xr2\+_gen_1_firmwarewcn3615wcn3999_firmwaresa8255pqcs7230_firmwarewcd9390_firmwareqcn5024qep8111_firmwareqca6430snapdragon_855\+_mobilesnapdragon_765_5g_mobileimmersive_home_326qdx1011_firmwaresnapdragon_860_mobilesc8180xp-ad_firmwaresnapdragon_auto_5g_modem-rfflight_rb5_5g_firmwaressg2125pqru1052csra6640_firmwareqamsrv1mqam8650p_firmwarevideo_collaboration_vc5_platformqca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqdu1010_firmwareipq8068qcs4290_firmwarecsra6620qca8081sd660wsa8815qam8775pqca9377snapdragon_ar2_gen_1_firmwareqcm4325_firmwareqcn6412qcm4290_firmwaresnapdragon_720g_mobile_firmwareqca9888_firmwareqca9889qcn5024_firmwareqcn9002_firmwareimmersive_home_318ipq5010qcn9274_firmwaresnapdragon_710_mobilesg4150p_firmwareqru1052_firmwarecsra6620_firmwareqcs8550ipq8068_firmwaresa8650psnapdragon_626_mobileqam8775p_firmwaresd865_5g_firmwarepmp8074_firmwaresnapdragon_xr1wcd9375qca9889_firmwaresnapdragon_ar2_gen_1snapdragon_636_mobilesa8145psd_675snapdragon_8\+_gen_1_mobile_firmwarecsr8811smart_display_200qdx1010wcn3680b_firmwaresnapdragon_8_gen_1_mobile_firmwareqcm8550_firmwareqcs410_firmwarerobotics_rb3sa6150p_firmwaresw5100pipq9574qcn9000_firmwareqcn6102_firmwaresxr1120qcn9022qcs610_firmwarewcd9335wcd9370qca8072snapdragon_7c_gen_2_compute_firmwareqca6696wcd9341_firmwareqcn9003_firmwareipq8076wcn6740_firmwareipq6018_firmwaresnapdragon_750g_5g_mobileqca9984_firmwareqcn6023snapdragon_685_4g_mobilesnapdragon_780g_5g_mobilevision_intelligence_200_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqca9994_firmwareqdu1110snapdragon_auto_4g_modemipq8078asnapdragon_690_5g_mobile_firmwareqca6574auwcd9390csra6640snapdragon_778g_5g_mobile_firmwaresrv1hqcn9100_firmwarewcn3660b_firmwareqcn5122sd730snapdragon_690_5g_mobileqcn6024_firmwaresnapdragon_636_mobile_firmwareqca9886_firmwaresnapdragon_712_mobile_firmwaresnapdragon_625_mobileqcm6125_firmwarec-v2x_9150ssg2115pqcc710qcn6132_firmwaresnapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresxr1120_firmwareqcn5054315_5g_iot_modem_firmwarefastconnect_6900qcn6402snapdragon_w5\+_gen_1_wearable_firmwareimmersive_home_326_firmwareqru1032_firmwareipq5332_firmwareqcn5052fsm10056_firmwareqca9980qfw7114315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwareipq8064sa8155_firmwareqcn5164qca6335qcs4490snapdragon_730_mobilemdm9250wsa8845snapdragon_626_mobile_firmwareqcn6100_firmwareqca6421_firmwareqcm6125sc8180x-adcsr8811_firmwarewsa8810qcn5021qdu1000_firmwareqsm8250srv1h_firmwareqcn6100qca6595ausnapdragon_888_5g_mobilesm7315_firmwareqdu1010wcd9326_firmwaresnapdragon_845_mobile_firmwarewsa8840srv1m_firmwareqcs8550_firmwaresnapdragon_730g_mobilesnapdragon_782g_mobileqdu1210_firmwareqca9986_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwareqcn9012wcd9371_firmwareqcs4490_firmwarewcn3910_firmwaresdx71msnapdragon_460_mobilesnapdragon_8_gen_2_mobilewcd9370_firmwareqdu1110_firmwareqdu1000sa7255p_firmwareipq9570snapdragon_8\+_gen_2_mobilesa8195pqca6335_firmwareqcm6490ipq5302sa8540p_firmwaresnapdragon_662_mobileqcn9274ipq8076a_firmwaresa8775pipq9570_firmwaresxr2230p_firmwarear9380_firmwaresd675_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwareqcn9011sa8775p_firmwaresmart_audio_400qcn9024_firmwarewsa8845hsa6150pwcd9326sa8155p_firmwaresnapdragon_630_mobileqca6564aqcn9074_firmwaresnapdragon_768g_5g_mobile_firmwaresnapdragon_7c_gen_2_computeipq8174sc8180x\+sdx55_firmwareipq8174_firmwarear8035ipq8072aqamsrv1m_firmwaresa6155qcm4325qcn6224sc8180x\+sdx55qca6698aqssg2125p_firmwaresm6250snapdragon_480\+_5g_mobilesd670wcn3680bsa8145p_firmwaresa8150p_firmwarefastconnect_6700_firmwarewcn3990qcn9002ipq8078qcs6490qcs8250snapdragon_695_5g_mobileipq9554_firmwaresnapdragon_778g_5g_mobilefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwaresnapdragon_460_mobile_firmwareqca6678aq_firmwareqca8386_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqca6678aqqcn6432_firmwareqcn5022_firmwaresc8180xp-aaab_firmwareqca9992ipq9554qca6564ausc8180xp-adsm6250p_firmwaresc8280xp-abbbsa8195p_firmwareqcm4290qcn5054_firmwareqca9888ipq5332sd_455_firmwarear8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwareipq8072a_firmwaresnapdragon_xr2\+_gen_1sm4125qcm4490_firmwareqru1032vision_intelligence_400_firmwareqcn6112_firmwareqcs6125flight_rb5_5gsnapdragon_870_5g_mobile_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_732g_mobilesnapdragon_870_5g_mobilesnapdragon_678_mobilesd_455qca9886qcn6132sm6250_firmwaresc8180x-ad_firmwaresnapdragon_7c_computeqcn6102qca6584auqca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwarewcn6740snapdragon_780g_5g_mobile_firmwaresnapdragon_845_mobilesnapdragon_8_gen_3_mobile_firmwareqfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareqcn6422snapdragon_675_mobileimmersive_home_214_firmwareipq8070awcd9380sa6145p_firmwareqam8255psa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_xr2_5gsa8150pqcn9003immersive_home_3210qcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x35_5g_modem-rf_systemsc8180x-aaabsxr1230psd662_firmwareipq6010sw5100aqt1000snapdragon_4_gen_1_mobile_firmwarec-v2x_9150_firmwareqam8295p_firmwaresd855wcn3990_firmwaresm7315snapdragon_660_mobileqca6564a_firmwarewcd9385qca9994qsm8350snapdragon_888\+_5g_mobilesnapdragon_8_gen_1_mobilesnapdragon_630_mobile_firmwaresd662snapdragon_680_4g_mobile_firmwareqcs4290sxr1230p_firmwaresnapdragon_865\+_5g_mobilesg8275psdx71m_firmwaresm6250psdx55_firmwareipq8071a_firmwarewcn3615_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_480\+_5g_mobile_firmwarerobotics_rb5qca6174a_firmwaresm7325psnapdragon_732g_mobile_firmwaresnapdragon_670_mobile_firmwareaqt1000_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274qfw7124qca6595au_firmwareqca0000sw5100p_firmwareqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150psd_8_gen1_5gqcn5124ipq8064_firmwareqca6797aqqcn5152ipq8065_firmwareqca6574a_firmwaresdx55qcn9072_firmwaresnapdragon_4_gen_1_mobilesnapdragon_865_5g_mobileipq8074aimmersive_home_3210_firmwaresd675snapdragon_855\+_mobile_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwareqca8386qca6391snapdragon_x70_modem-rf_systemipq8173_firmwareqcn9012_firmwaresa8770p_firmwaresa8295psnapdragon_x50_5g_modem-rf_system_firmwaresc8280xp-abbb_firmwarefastconnect_7800snapdragon_8\+_gen_2_mobile_firmwareipq8078_firmwarevision_intelligence_300snapdragon_765g_5g_mobilewcn3988_firmwareimmersive_home_316_firmwareqamsrv1h_firmwareipq8070_firmwareqcn5154sd_8cxvision_intelligence_400ssg2115p_firmwarewsa8835_firmwareqcn5022snapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_w5\+_gen_1_wearableqcs610Snapdragonsnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_720g_mobile_platform_firmwarequalcomm_video_collaboration_vc1_platform_firmwarewsa8832_firmwareqca6431_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareflight_rb5_5g_platform_firmwareipq8070_firmwareqcn6102_firmwaresd888_firmwareqcn9024_firmwareqcn9070_firmwarewsa8835_firmwareqcn6422_firmwaresd670_firmwarecsr8811_firmwarefastconnect_6700_firmwareipq8076a_firmwaresnapdragon_x12_lte_modem_firmwareqcn9022_firmwaremdm9250_firmwaresa8155p_firmwareqcn6224_firmwareqca6420_firmwareqcn5052_firmwareqcn5164_firmwarecsrb31024_firmwareimmersive_home_3210_platform_firmwareqca9994_firmwareqca9377_firmwaresd626_firmwaresm7315_firmwareqcn6100_firmwareqcn6402_firmwarevision_intelligence_400_platform_firmwaresd835_firmwarewcd9385_firmwareqca9990_firmwarefastconnect_7800_firmwarepmp8074_firmwareipq8078_firmwaressg2125p_firmwarewcd9360_firmwarecsra6620_firmwaresa8155_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn6024_firmwareqamsrv1m_firmwareipq8070a_firmwareqcn6274_firmwareipq5302_firmwareqcn5152_firmwareqam8650p_firmwarec-v2x_9150_firmwareqsm8250_firmwarewcn3950_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqcn6432_firmwaresrv1m_firmwareimmersive_home_316_platform_firmwareqrb5165n_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqcn5024_firmwaresa8195p_firmwareqcn9003_firmwareipq8173_firmwarewcn3910_firmwareqcn9012_firmwaresd_8cx_firmwareqcn9100_firmwareqdx1011_firmwaresw5100_firmwaresa9000p_firmwarear8035_firmwaresnapdragon_695_5g_mobile_platform_firmware315_5g_iot_modem_firmwarewsa8845_firmwaresd660_firmwareqca8075_firmwareqca6574au_firmwaresdx71m_firmwareqcn9274_firmwareipq8071a_firmwareqca6678aq_firmwaresm4125_firmwareqcn5122_firmwareipq8068_firmwarewcn3980_firmwareqca4024_firmwaresnapdragon_626_mobile_platform_firmwareqcn9000_firmwareqcm6125_firmwarewcn3660b_firmwareqca6696_firmwareimmersive_home_326_platform_firmwareqsm8350_firmwareqcn5054_firmwaresnapdragon_xr1_platform_firmwareqca8337_firmwareqca9985_firmwareqcn5154_firmwarefsm10056_firmwareqca6595au_firmwareqamsrv1h_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_ar2_gen_1_platform_firmwareipq9570_firmwarewcd9395_firmwareqdu1010_firmwaresg4150p_firmwareqca6174a_firmwareqcn9072_firmwareqca6391_firmwaresnapdragon_x70_modem-rf_system_firmwareipq6010_firmwarewcd9370_firmwarewsa8840_firmwareqam8775p_firmwarewcd9371_firmwarerobotics_rb3_platform_firmwareqca9986_firmwaresw5100p_firmwareqcm4325_firmwaresnapdragon_865_5g_mobile_platform_firmwarewsa8830_firmwareqam8295p_firmwareqca6320_firmwareqca6574_firmwaresd_675_firmwareqca9984_firmwarewcd9335_firmwaresnapdragon_630_mobile_platform_firmwareqcn6112_firmwarear8031_firmwareqcm4490_firmwareqcn6023_firmwareqca8072_firmwareqcm2290_firmwaresnapdragon_480_5g_mobile_platform_firmwaresnapdragon_662_mobile_platform_firmwareipq5028_firmwareqdx1010_firmwareqcs610_firmwareipq6028_firmwarewsa8815_firmwareipq8072a_firmwarewcn3990_firmwareipq9574_firmwareqrb5165m_firmwareqca6430_firmwaresd865_5g_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqca6426_firmwaresnapdragon_auto_4g_modem_firmwaresc8380xp_firmwaresdx55_firmwaresmart_audio_400_platform_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca6421_firmwarefsm10055_firmwareimmersive_home_214_platform_firmwareqam8255p_firmwareqca6310_firmwaresa8650p_firmwarear9380_firmwareqcn6132_firmwareqcn6412_firmwareqca6574a_firmwaresd_455_firmwareqcs4490_firmwareqcn5124_firmwareipq8065_firmwaresdx57m_firmwaresa8150p_firmwareqcs7230_firmwaresrv1h_firmwaresd855_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresa8255p_firmwaresm7325p_firmwarewcn3988_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_855_mobile_platform_firmwareqcm6490_firmwareipq8064_firmwareipq8076_firmwareipq8074a_firmwarefastconnect_6200_firmwareqca8386_firmwaresm6250_firmwaresa6155_firmwaresm7250p_firmwaresnapdragon_675_mobile_platform_firmwareqca6698aq_firmwareqca8081_firmwaresnapdragon_680_4g_mobile_platform_firmwaresa8770p_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_636_mobile_platform_firmwarecsra6640_firmwaresxr1120_firmwarewcd9341_firmwarewsa8845h_firmwareqca9992_firmwareqcm8550_firmwareqdu1110_firmwareqca6436_firmwaresd662_firmwareqca6595_firmwareqca0000_firmwaresa7255p_firmwarewcd9326_firmwareqcn9011_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarevision_intelligence_300_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6564a_firmwareqca6335_firmwareqca9889_firmwaresnapdragon_625_mobile_platform_firmwareipq6018_firmwaresnapdragon_690_5g_mobile_platform_firmwareipq9554_firmwareqca9980_firmwarewcd9340_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6800_firmwareqcn5022_firmwareqcs6125_firmwareqcc710_firmwareqcf8000_firmwaresa6155p_firmwareqcn9002_firmwareqcn9074_firmwarewcn6740_firmwaresd_8_gen1_5g_firmwareqcs8550_firmwaresa8540p_firmwareipq5312_firmwareqca6564au_firmwaresnapdragon_xr2_5g_platform_firmwareqcn9001_firmwaresm6250p_firmwareqep8111_firmwareqcn6122_firmwaresa8775p_firmwareimmersive_home_318_platform_firmwarewcn3615_firmwarewcd9390_firmwareaqt1000_firmwaresm8550p_firmwarewcn3999_firmwareqcs6490_firmwaresnapdragon_850_mobile_compute_platform_firmwaresd675_firmwareipq8078a_firmwaresa6145p_firmwaresnapdragon_835_mobile_pc_platform_firmwaresa8295p_firmwaresnapdragon_845_mobile_platform_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa6150p_firmwaresxr1230p_firmwareqfw7124_firmwareipq8174_firmwarefastconnect_6900_firmwareqdu1000_firmwareqca9888_firmwaresxr2130_firmwarewcd9380_firmwareqca6584au_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8810_firmwareimmersive_home_216_platform_firmwareqcn5021_firmwareqfw7114_firmwaresd730_firmwaresxr2230p_firmwaressg2115p_firmwaresg8275p_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresa8145p_firmwaresd460_firmwareqru1052_firmwarequalcomm_video_collaboration_vc3_platform_firmwarerobotics_rb5_platform_firmwareqdu1210_firmwareqcs4290_firmwareqca9886_firmwareqru1062_firmwareqcs2290_firmwaresnapdragon_460_mobile_platform_firmwareqca6797aq_firmwarewcn3680b_firmwareipq5010_firmwaresnapdragon_712_mobile_platform_firmwaresnapdragon_665_mobile_platform_firmwareqru1032_firmwareqcs410_firmwareipq5332_firmwareqcm4290_firmwareqcs8250_firmwarewcd9375_firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27519
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 13.98%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-11 Jun, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-optane_memory_h20_with_solid_state_storageoptane_ssd_dc_p4800x_firmwareoptane_ssd_dc_p4801x_firmwareoptane_ssd_905poptane_ssd_900poptane_ssd_dc_p4801xoptane_memory_h20_with_solid_state_storage_firmwareoptane_ssd_dc_p4800xoptane_ssd_905p_firmwareoptane_ssd_900p_firmwareIntel(R) Optane(TM) SSD products
CWE ID-CWE-20
Improper Input Validation
CVE-2022-47909
Matching Score-4
Assigner-Checkmk GmbH
ShareView Details
Matching Score-4
Assigner-Checkmk GmbH
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.41%
||
7 Day CHG~0.00%
Published-20 Feb, 2023 | 16:53
Updated-03 Aug, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LQL Injection in Livestatus HTTP headers

Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost.

Action-Not Available
Vendor-tribe29 GmbHCheckmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-20
Improper Input Validation
CVE-2019-2192
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.98%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 17:30
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138441555

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2022-46701
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.22%
||
7 Day CHG~0.00%
Published-15 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ostvosipadosmacostvOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-45770
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 66.30%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-31 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation.

Action-Not Available
Vendor-n/aAdGuard (Adguard Software Ltd.)
Product-adguardn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-45469
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-2.2||LOW
EPSS-0.06% / 17.39%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-20
Improper Input Validation
CVE-2024-53022
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.56%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-06 Mar, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption may occur during communication between primary and guest VM.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6696sa7775psa8775psa8540p_firmwaresa8775p_firmwareqam8255p_firmwaresrv1m_firmwaresrv1mqamsrv1h_firmwareqam8295p_firmwaresrv1l_firmwaresa8620pqam8775pqam8255pqca6696_firmwaresa9000p_firmwareqca6595_firmwaresa8540psa8620p_firmwaresa8770p_firmwaresa8255p_firmwareqca6595au_firmwaresrv1lqam8620p_firmwaresa7255psa8770psa8650p_firmwaresa9000psrv1hqam8775p_firmwareqamsrv1hsa7775p_firmwareqam8650p_firmwaresa8295pqamsrv1mqam8295pqca6595qamsrv1m_firmwaresa8295p_firmwareqam8650psa8255psa8650psrv1h_firmwareqam8620pqca6595ausa7255p_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-53031
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.56%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-07 Mar, 2025 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa9000pqca6595au_firmwaresa8650p_firmwareqam8775psa8255pqamsrv1m_firmwareqca6595qca6688aq_firmwaresa8770psa8775psrv1h_firmwaresa8620p_firmwareqam8650p_firmwareqca6595_firmwaresrv1mqam8620psa8775p_firmwareqamsrv1msa9000p_firmwaresrv1hqca6574ausa7255psrv1m_firmwaresa8620psa7775psa8650pqam8620p_firmwaresa8540p_firmwaresa7255p_firmwareqam8775p_firmwareqam8295p_firmwareqam8255pqca6688aqqca6698aqsa7775p_firmwaresa8255p_firmwaresa8770p_firmwaresa8295p_firmwareqca6696_firmwareqam8295pqamsrv1hsrv1l_firmwareqca6574au_firmwareqamsrv1h_firmwareqca6595auqam8255p_firmwaresa8295psrv1lqca6698aq_firmwareqam8650pqca6696sa8540pSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.16%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 00:02
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).

Action-Not Available
Vendor-n/aDebian GNU/LinuxXen Project
Product-xendebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-53012
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.56%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-05 Mar, 2025 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption may occur due to improper input validation in clock device.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2024-53029
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.56%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-05 Mar, 2025 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption while reading a value from a buffer controlled by the Guest Virtual Machine.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2024-53030
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.56%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-07 Mar, 2025 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption while processing input message passed from FE driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa9000pqca6595au_firmwaresa8650p_firmwareqca6678aqsa8255psa8155p_firmwareqamsrv1m_firmwareqcs9100msm8996aumsm8996au_firmwaresa8620p_firmwaresa8155pqam8650p_firmwareqca6574a_firmwareqca6595_firmwaresnapdragon_820_automotive_firmwareqca6584au_firmwaresa6155_firmwareqam8620psrv1hqca6564auqca6564a_firmwaresa7255psa8620pqam8620p_firmwaresa7255p_firmwareqam8775p_firmwareqam8295p_firmwareqca6797aqqam8255pqca6688aqsa7775p_firmwaresa8255p_firmwaresa8155_firmwaresa8770p_firmwaresa8295p_firmwaresa6150pqca6696_firmwareqam8295psa8150pqca6595ausa6150p_firmwareqcs9100_firmwaresa8295psa8145psa8150p_firmwaresrv1lsa6145psa6155p_firmwareqca6698aq_firmwareqam8650pqam8775pqca6595qca6688aq_firmwaresa8770psrv1h_firmwaresa8775psrv1msnapdragon_820_automotivesa8775p_firmwaresa9000p_firmwareqamsrv1mqca6564au_firmwareqca6574auqca6797aq_firmwaresrv1m_firmwaresa7775psa8650psa8540p_firmwaresa8145p_firmwaresa6155sa8195p_firmwareqca6698aqsa8195pqca6584ausa6155pqamsrv1hqca6564aqca6574au_firmwareqamsrv1h_firmwareqca6678aq_firmwareqca6574aqam8255p_firmwaresa6145p_firmwaresa8155srv1l_firmwareqca6696sa8540pSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49844
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.38%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive

Memory corruption while triggering commands in the PlayReady Trusted application.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwaresdm429w_firmwareqcm8550_firmwarewcn6650sd865_5gsa6150p_firmwareqcs8155_firmwaresxr1120sm8735qca6595wcd9335wcd9370qca8081_firmwaresnapdragon_670_mobileqca6696qam8620p_firmwarewcn7880_firmwarewcd9340_firmwaresa8530pwcd9341_firmwaresxr2330p_firmwarewcd9395_firmwarewcn7881_firmwarewcn7750wcn6450qcc710_firmwareqca6426fastconnect_6700sa4150pwsa8832_firmwaresnapdragon_wear_4100\+_firmwareqca8337qdu1110qca6426_firmwarewcd9395qca6574au_firmwaresnapdragon_x72_5g_modem-rfqca6564_firmwareqam8295pwcd9341qca6574auwcd9390snapdragon_888\+_5g_mobile_firmwaresa8620p_firmwarewsa8810_firmwarewsa8845h_firmwaresa9000p_firmwaresrv1hsm8650q_firmwarewcn3660b_firmwareqcs9100fastconnect_6800_firmwareqcs5430wcn7860qcm5430qcm5430_firmwaresa4155psnapdragon_712_mobile_firmwaresa8770pqcc710snapdragon_x32_5g_modem-rf_firmwaresnapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresa8540psxr1120_firmwareqsm8250_firmwareqsm8350_firmwaresnapdragon_wear_4100\+fastconnect_6900qru1032_firmwareqep8111sm8635sa7255pqfw7114wcd9385_firmwareqca6421qam8255p_firmwaresa8155_firmwaresnapdragon_x65_5g_modem-rfwsa8845sa6155pqca6421_firmwareqca6564au_firmwaresnapdragon_429_mobile_firmwarewsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresa9000pqdu1000_firmwareqsm8250srv1h_firmwaresnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobileqdu1010wcd9326_firmwaresa6155p_firmwarewsa8840snapdragon_ar1_gen_1srv1m_firmwareqcs8550_firmwaresnapdragon_x35_5g_modem-rf_firmwareqdu1210_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6436_firmwaresm8750pqcn9012snapdragon_x55_5g_modem-rf_firmwaresm8635psnapdragon_x62_5g_modem-rf_firmwareqmp1000wcd9370_firmwaresnapdragon_712_mobileqdu1110_firmwareqdu1000wcn3660bqca6574asnapdragon_x72_5g_modem-rf_firmwaresa7255p_firmwarewcn3620_firmwareqca6174asa8195pwcd9340qcs8250_firmwareqdu1210snapdragon_auto_5g_modem-rf_gen_2sa8540p_firmwareqcm6490qcm8550snapdragon_765_5g_mobile_firmwareqcn9274vision_intelligence_300_firmwaresa8775pqca6574qcn9011sa8775p_firmwareqamsrv1hwsa8845hsa6150pwcd9326sm8650qsa8155p_firmwareqca6564asa8155psnapdragon_765g_5g_mobile_firmwarewsa8830sa6145psnapdragon_768g_5g_mobile_firmwaresm7675_firmwaresa8255p_firmwarear8035sm7635_firmwareqamsrv1m_firmwareqca6564wcn7750_firmwaresa8650p_firmwareqrb5165m_firmwarewcn3620wcn6450_firmwaresa6155srv1l_firmwareqcs9100_firmwaresnapdragon_865\+_5g_mobile_firmwareqcn6224snapdragon_429_mobileqcs615sa7775p_firmwareqca6698aqsm7635qrb5165nsa8530p_firmwarefastconnect_6200sd670wcn3680bsa8145p_firmwarewcd9378qcs8155sm8635p_firmwaresm6650p_firmwareqdx1011sa8150p_firmwarefastconnect_6700_firmwaresnapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990snapdragon_x75_5g_modem-rf_firmwaresd670_firmwaresnapdragon_8_gen_3_mobileqcs6490qcs8250fastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwarewsa8845_firmwarewsa8832wcd9378_firmwaresrv1lsxr2130_firmwaresm7675psrv1mqca6678aqsnapdragon_x35_5g_modem-rfar8035_firmwarewcn7860_firmwareqrb5165msc8380xpsa4150p_firmwaresnapdragon_x62_5g_modem-rfqca6564ausc8280xp-abbbwsa8815_firmwaresa8195p_firmwareqca8337_firmwareqcm6490_firmwaresm7250p_firmwareqru1032vision_intelligence_400_firmwareflight_rb5_5gsnapdragon_870_5g_mobile_firmwaresm8750qca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresa8295p_firmwaresnapdragon_870_5g_mobilesa4155p_firmwaresm7250psa8155qca6584auqcn6274_firmwarewcn6755_firmwareqcn9011_firmwareqru1062_firmwarewcn6650_firmwaresnapdragon_768g_5g_mobilesc8380xp_firmwareqru1062snapdragon_8_gen_3_mobile_firmwarefastconnect_6800qfw7114_firmwareqcs7230qca6595_firmwarefastconnect_7800_firmwaresnapdragon_865_5g_mobile_firmwaresm8635_firmwarefastconnect_6900_firmwarerobotics_rb5_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwareqmp1000_firmwaresnapdragon_xr2_5gwcn7880sa8150pwcn6755sxr2330pwcn7881sm6650video_collaboration_vc3_platformsm6650pqca6688aqqam8295p_firmwareqca6431_firmwarewcn3990_firmwareqca6698aq_firmwareqca6564a_firmwarewcd9385snapdragon_888\+_5g_mobileqsm8350snapdragon_8_gen_1_mobilesa8255pqcs7230_firmwarewcd9390_firmwaresnapdragon_865\+_5g_mobileqep8111_firmwareqcs615_firmwaresnapdragon_765_5g_mobileqdx1011_firmwaresdx55_firmwaresm8750_firmwareflight_rb5_5g_firmwareqru1052sxr2130snapdragon_x65_5g_modem-rf_firmwareqamsrv1mrobotics_rb5qca6174a_firmwarewcn7861_firmwarewcn7861qam8650p_firmwarevideo_collaboration_vc5_platformsnapdragon_670_mobile_firmwareqcs6490_firmwaresm6650_firmwaresdm429wqam8620pwcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwareqca6584au_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqcn6274qfw7124qca6595au_firmwareqdu1010_firmwareqcs8300_firmwareqca6696_firmwareqcs8300wcd9380_firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gqam8775pqca6797aqsnapdragon_x75_5g_modem-rfsa8620psdx55qca6574a_firmwaresnapdragon_865_5g_mobilesd_8_gen1_5g_firmwarewcd9375_firmwaresa7775pqca6391snapdragon_ar1_gen_1_firmwaresnapdragon_710_mobileqcn9274_firmwareqcn9012_firmwareqcs5430_firmwaresnapdragon_x32_5g_modem-rfqru1052_firmwaresa8770p_firmwaresa8295pqcs8550sm8735_firmwaresc8280xp-abbb_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresm8750p_firmwaresnapdragon_xr1wcd9375qca6688aq_firmwarevision_intelligence_300snapdragon_765g_5g_mobileqamsrv1h_firmwaresm7675sa8145pwsa8835_firmwarevision_intelligence_400wcn3980sm7675p_firmwareqdx1010wcn3680b_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-45577
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.38%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-09 May, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Camera Driver

Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwaresnapdragon_429_mobile_firmwarefastconnect_7800_firmwarewcn3620_firmwarewsa8835wcn3620sdm429w_firmwarewsa8830wsa8830_firmwarewsa8835_firmwarewcd9380snapdragon_8_gen_1_mobile_firmwaresnapdragon_429_mobilefastconnect_6900sdm429wfastconnect_6900_firmwaresnapdragon_8_gen_1_mobilewcn3660b_firmwarefastconnect_7800wcn3660bSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-43052
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.19%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 10:18
Updated-12 Dec, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Video Analytics and Processing

Memory corruption while processing API calls to NPU with invalid input.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_wear_2100_platformwsa8830sg8275p_firmwareqca6431_firmwaresnapdragon_870_5g_mobile_platform_firmwaresnapdragon_865_5g_mobile_platformwsa8840snapdragon_wear_2100_platform_firmwaresnapdragon_212_mobile_platformwcn6755_firmwaresnapdragon_427_mobile_platformwcd9370home_hub_100_platformqca6426snapdragon_8_gen_2_mobile_platformmsm8108msm8108_firmwarewcd9385_firmwarewcn7881_firmwarewcd9326_firmwarewcn3615_firmwareqsw8573_firmwarewcn3660bapq8037snapdragon_435_mobile_platform_firmwaresnapdragon_429_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_systemwcn3680b_firmwaresdx55_firmwaresnapdragon_208_processor_firmwaresnapdragon_212_mobile_platform_firmwarewcd9375_firmwaresnapdragon_8_gen_3_mobile_platformwcn3615wsa8845h_firmwaremsm8909wsnapdragon_425_mobile_platformwcn3610_firmwaresnapdragon_429_mobile_platformqca6436_firmwaresnapdragon_xr2\+_gen_1_platformwcn7860snapdragon_427_mobile_platform_firmwareqcm8550_firmwareqcn9274pm8937snapdragon_870_5g_mobile_platformsnapdragon_208_processorwcn7881snapdragon_439_mobile_platformwsa8840_firmwarevideo_collaboration_vc5_platformqcs8550_firmwaresc8380xp_firmwaresnapdragon_wear_3100_platformsm8635wcn7880_firmwareqca6421apq8017_firmwarewsa8810_firmwarehome_hub_100_platform_firmwarewsa8845hqca6436wcd9326wcd9335sm8750_firmwareqcs7230sm8750p_firmwarewcd9395_firmwarewcn6755msm8209_firmwareqca6174a_firmwarewcd9385sxr2130_firmwaresnapdragon_wear_2500_platformpm8937_firmwareqca6431wcd9375snapdragon_210_processor_firmwaresnapdragon_430_mobile_platformwcd9390wsa8830_firmwaresd865_5g_firmwarewcn3620_firmwarewsa8815_firmwarewsa8835_firmwarewcn3620video_collaboration_vc5_platform_firmwaresnapdragon_865_5g_mobile_platform_firmwareapq8017fastconnect_6800_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcn3610wcn7880msm8608wcd9380_firmwareqcm2150_firmwaresdm429wsd865_5gfastconnect_6800qcm8550qcs7230_firmwareqet4101_firmwaremsm8909w_firmwarewsa8835sdm429w_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewcd9380snapdragon_wear_4100\+_platform_firmwaresnapdragon_210_processorsxr2130snapdragon_425_mobile_platform_firmwaresm8635_firmwaresnapdragon_wear_4100\+_platformsnapdragon_430_mobile_platform_firmwareqca9379_firmwareqca6174asg8275pwcd9335_firmwarewcn3980qcn9274_firmwarewsa8845qsw8573wsa8815snapdragon_865\+_5g_mobile_platformwsa8845_firmware205_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwaresnapdragon_439_mobile_platform_firmwareqca6426_firmwareqcs8250snapdragon_435_mobile_platformsc8380xpsm8750pwcn3660b_firmwarewcn3680msm8209wcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_xr2\+_gen_1_platform_firmwareqca6391qca6421_firmwarefastconnect_7800snapdragon_865\+_5g_mobile_platform_firmwaresmart_audio_200_platform215_mobile_platformsnapdragon_xr2_5g_platformwcn7861_firmwarewcn3680_firmwarewsa8832_firmwarefastconnect_6900fastconnect_6900_firmwareqcm2150smart_audio_200_platform_firmwareqcs8250_firmwarefastconnect_7800_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8810wsa8832sm8550pqsm8250wcn3680bsm8750snapdragon_wear_2500_platform_firmwarewcn7860_firmwarewcd9395wcn7861205_mobile_platform215_mobile_platform_firmwareqca6391_firmwareqcs8550msm8608_firmwaresm8550p_firmwarewcd9370_firmwaresdx55snapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwareapq8037_firmwareqet4101snapdragon_wear_3100_platform_firmwareqca9379qsm8250_firmwareSnapdragonwcd9380_firmwareqcm2150_firmwaresg8275p_firmwareqca6431_firmwareqcs7230_firmwareqet4101_firmwaremsm8909w_firmwaresnapdragon_wear_2100_platform_firmwaresdm429w_firmwarewcn6755_firmwaresnapdragon_425_mobile_platform_firmwaresm8635_firmwaresnapdragon_430_mobile_platform_firmwareqca9379_firmwarewcd9335_firmwareqcn9274_firmwaremsm8108_firmwarewcd9385_firmwarewcn7881_firmwarewcd9326_firmwarewcn3615_firmwareqsw8573_firmwarewsa8845_firmwaresnapdragon_xr2_5g_platform_firmwaresnapdragon_439_mobile_platform_firmwaresnapdragon_435_mobile_platform_firmwareqca6426_firmwarewcn3660b_firmwaresnapdragon_429_mobile_platform_firmwarewcn3680b_firmwaresdx55_firmwaresnapdragon_208_processor_firmwaresnapdragon_212_mobile_platform_firmwarewcd9375_firmwarewsa8845h_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3610_firmwareqca6436_firmwareqca6421_firmwaresnapdragon_427_mobile_platform_firmwareqcm8550_firmwarewcn7861_firmwarewcn3680_firmwarewsa8840_firmwarewsa8832_firmwarefastconnect_6900_firmwareqcs8550_firmwaresc8380xp_firmwarewcn7880_firmwaresmart_audio_200_platform_firmwareapq8017_firmwarewsa8810_firmwareqcs8250_firmwarefastconnect_7800_firmwarehome_hub_100_platform_firmwarewcd9395_firmwaresm8750_firmwaresm8750p_firmwaremsm8209_firmwarequalcomm_215_mobile_platform_firmwareqca6174a_firmwarequalcomm_205_mobile_platform_firmwaresxr2130_firmwarepm8937_firmwaresnapdragon_wear_2500_platform_firmwarewcn7860_firmwareqca6391_firmwaremsm8608_firmwaresm8550p_firmwaresnapdragon_210_processor_firmwarewcd9370_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwarewsa8830_firmwaresd865_5g_firmwarewcn3620_firmwareapq8037_firmwarewsa8815_firmwarewsa8835_firmwaresnapdragon_865_5g_mobile_platform_firmwaresnapdragon_wear_3100_platform_firmwarefastconnect_6800_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqsm8250_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18867
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.14%
||
7 Day CHG~0.00%
Published-05 May, 2020 | 13:47
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7100lg_firmwared7800_firmwared6100_firmwared6100wndr4500wndr4300wndr4500_firmwared7800r7100lgwndr4300_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18430
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.18% / 40.54%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 15:55
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-42534
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.03%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18415
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.77%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 13:53
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-42800
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.79%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacoswatchoswatchOSmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-41942
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.9||HIGH
EPSS-0.07% / 22.29%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sourcegraph vulnerable to Comand Injection via gitserver

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0.

Action-Not Available
Vendor-sourcegraphsourcegraph
Product-sourcegraphsourcegraph
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-18509
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.48%
||
7 Day CHG+0.12%
Published-13 Aug, 2019 | 13:17
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38420
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.49%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Hypervisor

Memory corruption while configuring a Hypervisor based input virtual device.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwareqca6421snapdragon_678_mobilesnapdragon_ar2_gen_1qcm6490_firmwaresd675qcn6224_firmwareqca6420snapdragon_670_mobile_firmwaresa7775p_firmwaresa8775pqca6574au_firmwaresc8180x-ad_firmwaresd670_firmwareqam8775pqca6584ausnapdragon_x65_5g_modem-rf_firmwarewcd9326qca6430sa8255pqdu1210_firmwaresnapdragon_x62_5g_modem-rfwcd9370_firmwaresnapdragon_888_5g_mobileqcc710_firmwareqru1052qdu1000_firmwaresc8180xp-acafsa8540p_firmwarerobotics_rb3_firmwaresd675_firmwaresnapdragon_865\+_5g_mobilesnapdragon_675_mobileqep8111_firmwaresd_8_gen1_5g_firmwarerobotics_rb3qru1032sxr2130qca6574ssg2115p_firmwareqcm8550sa8650psa8770p_firmwareqca6698aq_firmwaresa8775p_firmwaresnapdragon_x55_5g_modem-rf_firmwareqamsrv1m_firmwaresnapdragon_865_5g_mobilewcd9326_firmwaresnapdragon_670_mobileqca6421_firmwaresnapdragon_xr2_5gfastconnect_6800wsa8810qdx1011snapdragon_8_gen_3_mobile_firmwareqam8255p_firmwaresnapdragon_888\+_5g_mobilewcd9375snapdragon_855_mobilesnapdragon_870_5g_mobile_firmwaresc8180x-aaabqdu1000sa6155fastconnect_6200_firmwarevision_intelligence_300snapdragon_855\+_mobilesa6155psnapdragon_765g_5g_mobile_firmwareqca6335_firmwarevideo_collaboration_vc3_platformqamsrv1h_firmwaresnapdragon_860_mobile_firmwarewsa8830_firmwareqca8081qdu1110_firmwaresc8380xpwcd9385wsa8840_firmwareqfw7124_firmwarewsa8840qca6426qfw7124qca6696sa8155p_firmwareqca6595snapdragon_678_mobile_firmwareqca8337snapdragon_845_mobile_firmwareqca8337_firmwareqam8650psxr1230p_firmwaresxr2330pvision_intelligence_400_firmwaresnapdragon_x24_lte_modemsrv1mqcs5430_firmwareqru1062qam8775p_firmwaresnapdragon_ar1_gen_1sm7250p_firmwaresnapdragon_x50_5g_modem-rf_firmwareqcm5430qcs9100qca6335sa8295p_firmwaresd855_firmwareqca9377sa9000pwsa8835aqt1000_firmwareqca8081_firmwareqca6797aq_firmwarefastconnect_7800wcd9340snapdragon_xr2_5g_firmwareqca6174aqca6574ausnapdragon_765_5g_mobilesnapdragon_auto_5g_modem-rf_gen_2qca6584au_firmwaresd_675_firmwarewcn3990fastconnect_6700qca6696_firmwaresnapdragon_x72_5g_modem-rf_firmwareqdx1011_firmwareqcs9100_firmwareqru1032_firmwaresrv1m_firmwarewsa8832fastconnect_6700_firmwarewcd9390_firmwareqcn6274sc8180x-adsc8280xp-abbb_firmwarewsa8815snapdragon_768g_5g_mobile_firmwaresxr1230pqru1062_firmwaresdx57mqca6574a_firmwaresdx55_firmwaresa8620pqca6430_firmwaresrv1lsrv1h_firmwareqcs6490sa8540psa6155_firmwaresc8180x-acaf_firmwaresa9000p_firmwaresa7775psnapdragon_auto_5g_modem-rf_gen_2_firmwarewsa8835_firmwaresnapdragon_855_mobile_firmwareqep8111sa7255psnapdragon_x35_5g_modem-rfqdu1210qamsrv1mqcs5430qam8295p_firmwareqcs8550_firmwareqcm6490qru1052_firmwareqdu1010_firmwaresnapdragon_x50_5g_modem-rfssg2125p_firmwaresa8650p_firmwareqcn6274_firmwarewcn3950_firmwareqca6391snapdragon_x65_5g_modem-rfvision_intelligence_400qcn9274_firmwareqca6564aqca6310qdu1110sdx57m_firmwarewcn3950video_collaboration_vc3_platform_firmwarewsa8845_firmwaresnapdragon_x55_5g_modem-rfqca6574_firmwareqcm8550_firmwaresa8150p_firmwarear8035qca6564a_firmwaresrv1l_firmwaresc8180xp-aaab_firmwarewsa8845hsa6155p_firmwarewcd9341wcd9395_firmwaresa8155sc8180x-aaab_firmwarewcn3990_firmwarefastconnect_6900qca6574aqca6431wcd9375_firmwarewcd9385_firmwareqam8650p_firmwaresnapdragon_855\+_mobile_firmwareqcn9274snapdragon_850_mobile_computesnapdragon_860_mobileqca6310_firmwaresa8295psa6145p_firmwaresa6145psdx80msa8620p_firmwaresnapdragon_888_5g_mobile_firmwaresdx80m_firmwaresa7255p_firmwareqca6595_firmwaresnapdragon_765g_5g_mobilevision_intelligence_300_firmwareqamsrv1hsdx55sc8180xp-acaf_firmwaresnapdragon_865\+_5g_mobile_firmwarewcd9380snapdragon_x75_5g_modem-rf_firmwareqsm8350qca6436_firmwaresa8155pwsa8832_firmwaresd_8cxqca6564ausc8180xp-adsxr2130_firmwareqcs6490_firmwareqca6595au_firmwareqcn6224sa8255p_firmwareqca6595ausc8180xp-ad_firmwareqam8255psc8280xp-abbbqca6431_firmwaresrv1hsnapdragon_845_mobileqam8620par8035_firmwaresc8380xp_firmwareqsm8350_firmwaresd865_5g_firmwaresd865_5gwsa8845h_firmwaresnapdragon_675_mobile_firmwareqdx1010_firmwaresnapdragon_x62_5g_modem-rf_firmwarewsa8845snapdragon_ar2_gen_1_firmwarewcd9380_firmwaresd855qca6391_firmwareqca6174a_firmwareqdx1010qdu1010wcn3980wcd9370wcd9340_firmwaresc8180x-acafqca6426_firmwaressg2125pqca6678aqsnapdragon_765_5g_mobile_firmwaresnapdragon_x75_5g_modem-rfwcd9341_firmwaresa8155_firmwaresnapdragon_8_gen_1_mobilesnapdragon_870_5g_mobilesnapdragon_865_5g_mobile_firmwareqca6564au_firmwareqam8295pqam8620p_firmwaresnapdragon_888\+_5g_mobile_firmwareqca6797aqqcs8550sa8150psnapdragon_768g_5g_mobileqcm5430_firmwaresnapdragon_8_gen_1_mobile_firmwaresd_8_gen1_5gsnapdragon_ar1_gen_1_firmwarewsa8810_firmwaresd_8cx_firmwareqcc710sm7250pssg2115psnapdragon_8_gen_3_mobilesnapdragon_x72_5g_modem-rfqca6420_firmwareqca9377_firmwaresc8180xp-aaabsnapdragon_850_mobile_compute_firmwaresd670wsa8830wsa8815_firmwaresa8770psnapdragon_x24_lte_modem_firmwarefastconnect_6200wcn3980_firmwaresnapdragon_x35_5g_modem-rf_firmwareqca6678aq_firmwareqca6698aqqca6436fastconnect_6900_firmwareqfw7114sd_675aqt1000fastconnect_6800_firmwarewcd9390wcd9395qfw7114_firmwaresxr2330p_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-38413
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.04% / 10.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Computer Vision

Memory corruption while processing frame packets.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwarewsa8840snapdragon_8_gen_3_mobile_firmwarewsa8845_firmwarewsa8845h_firmwarewsa8845snapdragon_8_gen_3_mobilewcd9395_firmwarewcd9390wsa8840_firmwarewsa8845hwcd9395fastconnect_7800wcd9390_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18155
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.43%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_625sd_820_firmwaresd_835_firmwaremsm8996ausd_820sd_625_firmwaresd_450sd_820amsm8996au_firmwaresd_835sd_450_firmwaresd_820a_firmwareSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 10
  • 11
  • Next
Details not found