Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-4005

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-17 Apr, 2019 | 14:15
Updated At-05 Aug, 2024 | 04:57
Rejected At-
Credits

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:17 Apr, 2019 | 14:15
Updated At:05 Aug, 2024 | 04:57
Rejected At:
▼CVE Numbering Authority (CNA)

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.

Affected Products
Vendor
n/a
Product
Shimo VPN
Versions
Affected
  • Shimo VPN 4.1.5.1
Problem Types
TypeCWE IDDescription
textN/Alocal privilege escalation
Type: text
CWE ID: N/A
Description: local privilege escalation
Metrics
VersionBase scoreBase severityVector
3.09.3CRITICAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0674
x_refsource_MISC
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0674
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0674
x_refsource_MISC
x_transferred
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0674
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:17 Apr, 2019 | 15:29
Updated At:02 Feb, 2023 | 01:50

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.09.3CRITICAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
shimovpn
shimovpn
>>shimo_vpn>>4.1.5.1
cpe:2.3:a:shimovpn:shimo_vpn:4.1.5.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0674talos-cna@cisco.com
Exploit
Third Party Advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0674
Source: talos-cna@cisco.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

624Records found
CVE-2016-0909
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.05% / 16.01%
||
7 Day CHG~0.00%
Published-15 Nov, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-avamar_server_virtual_editionavamar_data_storeEMC Avamar Data Store (ADS) versions 7.3.0 and older, Avamar Virtual Edition (AVE) versions 7.3.0 and older
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38420
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 9.48%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Hypervisor

Memory corruption while configuring a Hypervisor based input virtual device.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwareqca6421snapdragon_678_mobilesnapdragon_ar2_gen_1qcm6490_firmwaresd675qcn6224_firmwareqca6420snapdragon_670_mobile_firmwaresa7775p_firmwaresa8775pqca6574au_firmwaresc8180x-ad_firmwaresd670_firmwareqam8775pqca6584ausnapdragon_x65_5g_modem-rf_firmwarewcd9326qca6430sa8255pqdu1210_firmwaresnapdragon_x62_5g_modem-rfwcd9370_firmwaresnapdragon_888_5g_mobileqcc710_firmwareqru1052qdu1000_firmwaresc8180xp-acafsa8540p_firmwarerobotics_rb3_firmwaresd675_firmwaresnapdragon_865\+_5g_mobilesnapdragon_675_mobileqep8111_firmwaresd_8_gen1_5g_firmwarerobotics_rb3qru1032sxr2130qca6574ssg2115p_firmwareqcm8550sa8650psa8770p_firmwareqca6698aq_firmwaresa8775p_firmwaresnapdragon_x55_5g_modem-rf_firmwareqamsrv1m_firmwaresnapdragon_865_5g_mobilewcd9326_firmwaresnapdragon_670_mobileqca6421_firmwaresnapdragon_xr2_5gfastconnect_6800wsa8810qdx1011snapdragon_8_gen_3_mobile_firmwareqam8255p_firmwaresnapdragon_888\+_5g_mobilewcd9375snapdragon_855_mobilesnapdragon_870_5g_mobile_firmwaresc8180x-aaabqdu1000sa6155fastconnect_6200_firmwarevision_intelligence_300snapdragon_855\+_mobilesa6155psnapdragon_765g_5g_mobile_firmwareqca6335_firmwarevideo_collaboration_vc3_platformqamsrv1h_firmwaresnapdragon_860_mobile_firmwarewsa8830_firmwareqca8081qdu1110_firmwaresc8380xpwcd9385wsa8840_firmwareqfw7124_firmwarewsa8840qca6426qfw7124qca6696sa8155p_firmwareqca6595snapdragon_678_mobile_firmwareqca8337snapdragon_845_mobile_firmwareqca8337_firmwareqam8650psxr1230p_firmwaresxr2330pvision_intelligence_400_firmwaresnapdragon_x24_lte_modemsrv1mqcs5430_firmwareqru1062qam8775p_firmwaresnapdragon_ar1_gen_1sm7250p_firmwaresnapdragon_x50_5g_modem-rf_firmwareqcm5430qcs9100qca6335sa8295p_firmwaresd855_firmwareqca9377sa9000pwsa8835aqt1000_firmwareqca8081_firmwareqca6797aq_firmwarefastconnect_7800wcd9340snapdragon_xr2_5g_firmwareqca6174aqca6574ausnapdragon_765_5g_mobilesnapdragon_auto_5g_modem-rf_gen_2qca6584au_firmwaresd_675_firmwarewcn3990fastconnect_6700qca6696_firmwaresnapdragon_x72_5g_modem-rf_firmwareqdx1011_firmwareqcs9100_firmwareqru1032_firmwaresrv1m_firmwarewsa8832fastconnect_6700_firmwarewcd9390_firmwareqcn6274sc8180x-adsc8280xp-abbb_firmwarewsa8815snapdragon_768g_5g_mobile_firmwaresxr1230pqru1062_firmwaresdx57mqca6574a_firmwaresdx55_firmwaresa8620pqca6430_firmwaresrv1lsrv1h_firmwareqcs6490sa8540psa6155_firmwaresc8180x-acaf_firmwaresa9000p_firmwaresa7775psnapdragon_auto_5g_modem-rf_gen_2_firmwarewsa8835_firmwaresnapdragon_855_mobile_firmwareqep8111sa7255psnapdragon_x35_5g_modem-rfqdu1210qamsrv1mqcs5430qam8295p_firmwareqcs8550_firmwareqcm6490qru1052_firmwareqdu1010_firmwaresnapdragon_x50_5g_modem-rfssg2125p_firmwaresa8650p_firmwareqcn6274_firmwarewcn3950_firmwareqca6391snapdragon_x65_5g_modem-rfvision_intelligence_400qcn9274_firmwareqca6564aqca6310qdu1110sdx57m_firmwarewcn3950video_collaboration_vc3_platform_firmwarewsa8845_firmwaresnapdragon_x55_5g_modem-rfqca6574_firmwareqcm8550_firmwaresa8150p_firmwarear8035qca6564a_firmwaresrv1l_firmwaresc8180xp-aaab_firmwarewsa8845hsa6155p_firmwarewcd9341wcd9395_firmwaresa8155sc8180x-aaab_firmwarewcn3990_firmwarefastconnect_6900qca6574aqca6431wcd9375_firmwarewcd9385_firmwareqam8650p_firmwaresnapdragon_855\+_mobile_firmwareqcn9274snapdragon_850_mobile_computesnapdragon_860_mobileqca6310_firmwaresa8295psa6145p_firmwaresa6145psdx80msa8620p_firmwaresnapdragon_888_5g_mobile_firmwaresdx80m_firmwaresa7255p_firmwareqca6595_firmwaresnapdragon_765g_5g_mobilevision_intelligence_300_firmwareqamsrv1hsdx55sc8180xp-acaf_firmwaresnapdragon_865\+_5g_mobile_firmwarewcd9380snapdragon_x75_5g_modem-rf_firmwareqsm8350qca6436_firmwaresa8155pwsa8832_firmwaresd_8cxqca6564ausc8180xp-adsxr2130_firmwareqcs6490_firmwareqca6595au_firmwareqcn6224sa8255p_firmwareqca6595ausc8180xp-ad_firmwareqam8255psc8280xp-abbbqca6431_firmwaresrv1hsnapdragon_845_mobileqam8620par8035_firmwaresc8380xp_firmwareqsm8350_firmwaresd865_5g_firmwaresd865_5gwsa8845h_firmwaresnapdragon_675_mobile_firmwareqdx1010_firmwaresnapdragon_x62_5g_modem-rf_firmwarewsa8845snapdragon_ar2_gen_1_firmwarewcd9380_firmwaresd855qca6391_firmwareqca6174a_firmwareqdx1010qdu1010wcn3980wcd9370wcd9340_firmwaresc8180x-acafqca6426_firmwaressg2125pqca6678aqsnapdragon_765_5g_mobile_firmwaresnapdragon_x75_5g_modem-rfwcd9341_firmwaresa8155_firmwaresnapdragon_8_gen_1_mobilesnapdragon_870_5g_mobilesnapdragon_865_5g_mobile_firmwareqca6564au_firmwareqam8295pqam8620p_firmwaresnapdragon_888\+_5g_mobile_firmwareqca6797aqqcs8550sa8150psnapdragon_768g_5g_mobileqcm5430_firmwaresnapdragon_8_gen_1_mobile_firmwaresd_8_gen1_5gsnapdragon_ar1_gen_1_firmwarewsa8810_firmwaresd_8cx_firmwareqcc710sm7250pssg2115psnapdragon_8_gen_3_mobilesnapdragon_x72_5g_modem-rfqca6420_firmwareqca9377_firmwaresc8180xp-aaabsnapdragon_850_mobile_compute_firmwaresd670wsa8830wsa8815_firmwaresa8770psnapdragon_x24_lte_modem_firmwarefastconnect_6200wcn3980_firmwaresnapdragon_x35_5g_modem-rf_firmwareqca6678aq_firmwareqca6698aqqca6436fastconnect_6900_firmwareqfw7114sd_675aqt1000fastconnect_6800_firmwarewcd9390wcd9395qfw7114_firmwaresxr2330p_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24579
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.44%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 00:00
Updated-03 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-total_protectionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-33065
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.29%
||
7 Day CHG~0.00%
Published-07 Oct, 2024 | 12:58
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Camera

Memory corruption while taking snapshot when an offset variable is set by camera driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8845_firmwarewsa8840wcd9370snapdragon_8cx_compute_platform_\(sc8180xp-ac\,_af\)_\"poipu_pro\"_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-ac\,_af\)_\"poipu_pro\"wcd9340_firmwarewcd9385wcd9341_firmwaresc8380xpsnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\,_af\)_\"poipu_pro\"_firmwaresnapdragon_7c_compute_platform_\(sc7180-ac\)_firmwaresnapdragon_7c\+_gen_3_compute_firmwarefastconnect_6700qca6420snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\,_bb\)_firmwarewsa8815_firmwareqca6430wcd9370_firmwaresnapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"_firmwareqcm6490_firmwarewcd9340wcd9341qcm6490wsa8810_firmwarewsa8845h_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\,_af\)_\"poipu_pro\"snapdragon_7c\+_gen_3_computewsa8835wsa8840_firmwareqca6391_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\,_ab\)qca6430_firmwareqcs5430fastconnect_6800_firmwarewsa8845hwcd9380_firmwaresm6250_firmwareqcm5430snapdragon_7c_compute_platform_\(sc7180-ac\)qcm5430_firmwarewsa8815wsa8830snapdragon_8c_compute_platform_\(sc8180xp-ad\)_\"poipu_lite\"_firmwaresnapdragon_8c_compute_platform_\(sc8180xp-ad\)_\"poipu_lite\"snapdragon_8cx_compute_platform_\(sc8180x-aa\,_ab\)_firmwaresc8180x\+sdx55_firmwaresc8380xp_firmwarefastconnect_6800snapdragon_8c_compute_platform_\(sc8180x-ad\)_\"poipu_lite\"_firmwarewcd9375_firmwarefastconnect_7800_firmwarefastconnect_6900qca6391sc8180x\+sdx55qcs5430_firmwarewcd9385_firmwaresm6250snapdragon_8cx_compute_platform_\(sc8180x-aa\,_ab\)fastconnect_6900_firmwarewcd9380fastconnect_6200fastconnect_7800snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\,_bb\)snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\,_ab\)_firmwarewcd9375wsa8845snapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"fastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)_\"poipu_lite\"wsa8835_firmwarewsa8810qcs6490fastconnect_6200_firmwarewsa8830_firmwarevideo_collaboration_vc3_platformaqt1000Snapdragonaqt1000_firmwareqcm5430_firmwarewcd9380_firmwareqca6430_firmwareqcs6490_firmwareqcm6490_firmwareqcs5430_firmwarewsa8840_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6391_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9370_firmwaresc8380xp_firmwarewcd9340_firmwaresm6250_firmwarewsa8830_firmwarewsa8845_firmwarefastconnect_6700_firmwarewsa8815_firmwarewsa8835_firmwarewsa8810_firmwarefastconnect_6200_firmwarewcd9341_firmwarefastconnect_7800_firmwareqca6420_firmwarewcd9375_firmwarewsa8845h_firmwarefastconnect_6800_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-24569
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.62%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 12:57
Updated-24 Mar, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-24853
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.79%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-27 Feb, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in HLOS

Memory Corruption in HLOS while registering for key provisioning notify.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwaresnapdragon_8_gen_1_mobile_platformwsa8830sa6150p_firmwaresa8145p_firmwaresxr2230p_firmwarefsm10056qca8337qam8650pqfw7124sg8275p_firmwareqca6431_firmwareqam8775pqru1052snapdragon_865_5g_mobile_platformsnapdragon_888_5g_mobile_platformqcn6224_firmwaresc8280xp-bb_firmwaresm7250-ac_firmwarewsa8840wcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6595au_firmwaresa6155wcd9370ssg2115pqca6564qca6426sc8280xp-abqdu1110snapdragon_8_gen_2_mobile_platformsm8250-abqamsrv1hwcd9385_firmwareqam8295pwcn3950fastconnect_6200qamsrv1h_firmwaresd_8_gen1_5g_firmwareqsm8350_firmwareqsm8350qam8295p_firmwaresa8155sa9000p_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574au_firmwaresnapdragon_4_gen_2_mobile_platformqca6595auqca8081_firmwaresa6155_firmwareqfw7114sm7250p_firmwarewsa8845h_firmwareqca6436_firmwareqca6564au_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcs8155wsa8840_firmwareqca6698aqsa4155p_firmwaresa8155_firmwareqcs8550_firmwaresm7250-ab_firmwaresm8250-acwcn3988_firmwareqru1062_firmwaresa6145p_firmwaresrv1hqca6421sm7250-aasnapdragon_8\+_gen_1_mobile_platformfastconnect_6700_firmwaresa8195pwcd9340wsa8810_firmwareqcn6224fsm10056_firmwareqca6436snapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresa6155psnapdragon_x75_5g_modem-rf_systemqdu1000_firmwareqca8081wcd9395_firmwarewsa8845hqca6698aq_firmwareqcm4490wcd9385sxr2130_firmwareqam8775p_firmwaresa8255pqca6431qca6696_firmwareqca6797aqar8035qru1052_firmwaresa8150pwcd9390qcc710_firmwaresm8250-ac_firmwarewsa8830_firmwaresd865_5g_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqca6564asa8295p_firmwaresa4150psnapdragon_8_gen_2_mobile_platform_firmwareqca8337_firmwarewcd9380_firmwaressg2125psd865_5gfastconnect_6800qca6595qru1032qca6564auqcm8550sm8350-ac_firmwareqdu1010_firmwareqdx1011qdu1000wsa8835qca6574sxr1230p_firmwareqdu1110_firmwaresa8540p_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresa4155pqcn6274sd_8_gen1_5gwcd9380fastconnect_6700snapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwareqca6574asxr2130sxr1230psg8275pqfw7114_firmwareqru1062wsa8845sa8650psa9000pqca6574_firmwaresm7250-abwcd9340_firmwarewsa8815sxr2230pqru1032_firmwaresnapdragon_xr2_5g_platform_firmwarewsa8845_firmwareqca6426_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresm8250-ab_firmwareqca6391sa8295pqca6421_firmwarefastconnect_7800sc8280xp-ab_firmwareqcm4490_firmwareqcn6274_firmwareqcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemsa8650p_firmwarewsa8832_firmwarefastconnect_6900snapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareqca6797aq_firmwareqdu1010qca6574ausa8155p_firmwareqdx1011_firmwareqca6564a_firmwarefastconnect_7800_firmwaresnapdragon_8\+_gen_2_mobile_platformsm7250-aa_firmwarewsa8810wsa8832qdx1010_firmwaresa8540psm7250-acsm8550psnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_ar2_gen_1_platformsa6145psm8350-acqam8650p_firmwareqca6564_firmwareqcc710qcs4490qca6595_firmwaresa8145psc8280xp-bbqca6696wcd9395qca6391_firmwareqcs8550sa4150p_firmwarewcd9370_firmwaresm8550p_firmwareqdx1010sa6150pwcd9390_firmwaresa8155pqdu1210sm7250psnapdragon_8\+_gen_1_mobile_platform_firmwaressg2115p_firmwareqcs8155_firmwareqfw7124_firmwareqam8255pqdu1210_firmwarear8035_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-23416
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.60% / 88.83%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Remote Code Execution Vulnerability

Windows Cryptographic Services Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-32903
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.4||HIGH
EPSS-0.02% / 4.00%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-20 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-23419
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.82%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2Windows 11 version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-33657
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.60%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 16:17
Updated-22 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Smm Callout in SmmComputrace Module

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.

Action-Not Available
Vendor-AMI
Product-AptioVaptio_v
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7979
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.64%
||
7 Day CHG~0.00%
Published-19 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-2264
Matching Score-4
Assigner-Schweitzer Engineering Laboratories, Inc.
ShareView Details
Matching Score-4
Assigner-Schweitzer Engineering Laboratories, Inc.
CVSS Score-4||MEDIUM
EPSS-0.05% / 16.60%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:55
Updated-03 Jun, 2025 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validition could lead to code injection

An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details.

Action-Not Available
Vendor-Schweitzer Engineering Laboratories, Inc. (SEL)
Product-sel-411l_firmwaresel-411lSEL-411L
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21502
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.04% / 10.24%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21767
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.10%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Overlay Filter Elevation of Privilege Vulnerability

Windows Overlay Filter Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1984
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.75%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 18:41
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secdo: Privilege escalation via hardcoded script path

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.

Action-Not Available
Vendor-SecdoPalo Alto Networks, Inc.Microsoft Corporation
Product-secdowindowsSecdo
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21749
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.16%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21192
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.02%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21657
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.60%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Audio

Memoru corruption in Audio when ADSP sends input during record use case.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwareqam8255p_firmwareqca9377_firmwaresnapdragon_662_mobile_platform_firmwaresm7325-ae_firmwaresa6150p_firmwarewsa8830sa8145p_firmwareqcs610qcs2290_firmwareqam8650pwcn785x-5qam8775psnapdragon_820_automotive_platform_firmwareflight_rb5_5g_platformmdm9650csra6620flight_rb5_5g_platform_firmwaresm7250-ac_firmwareqcs4290wcn3950_firmwaresa8150p_firmwareqcs2290qca6595au_firmwareqca6390_firmwaresm8350wcd9370csra6620_firmwarecsra6640_firmwareqca6426wcn685x-1qrb5165n_firmwaresm7350-ab_firmwarewcn3990_firmwareqca9377sm4375wcn3998sm8250-abwcd9385_firmwareqam8295pwcn3950sm4125wcd9326_firmwarewcn3615_firmwaresm6375_firmwarewcn3660bqam8295p_firmwaresm7325-afqcn9011_firmwaresm7315_firmwareqca6320_firmwaresm7325-aeqca6574au_firmwaresm4250-aasnapdragon_835_mobile_pc_platform_firmwaresnapdragon_x55_5g_modem-rf_systemqca6595auwcn3998_firmwaresm6225-adsm7325-af_firmwaresm7250p_firmwarewcd9375_firmwarewcn3615qca6436_firmwaresm4350-acqrb5165nsnapdragon_xr2\+_gen_1_platformsnapdragon_auto_5g_modem-rf_firmwaresa6155p_firmwareqca6310sm6225smart_audio_400_platform_firmwaresm6225-ad_firmwareqcs6490qrb5165m_firmwareqrb5165_firmwareqca6698aqsa4155p_firmwareqcs8550_firmwaresm8250_firmwaresm7250-ab_firmwaresm8250-acwcn3988_firmwaresa6145p_firmwareqm215sm7250-aawcd9340sa8195pwsa8810_firmwaresm4375_firmwareqca6436wcd9326sa8255p_firmwaresa6155psg4150pwcd9335qca6698aq_firmwareqca6174a_firmwarewcn685x-1_firmwareqcs4290_firmwaresxr2130_firmwareqam8775p_firmwaresa8255pwcd9341wcd9385qca6696_firmwareqcs6490_firmwaresnapdragon_x12_lte_modem_firmwaresnapdragon_x12_lte_modemqca6797aqqca6390sm4350_firmwarewcd9375wcn3910_firmwaresa8150psnapdragon_662_mobile_platformsm8250-ac_firmwarewsa8830_firmwaresd660sd865_5g_firmwaresm7225_firmwareqcm6490snapdragon_7c\+_gen_3_compute_firmwarewcn3620_firmwaresd660_firmwarewcn3620sm4250-aa_firmwaresa8195p_firmwarewcn3988sm7350-abwsa8815_firmwarewsa8835_firmwarewcn6750_firmwaresa8295p_firmwaresa4150psg4150p_firmwarewcn785x-1qcm4325qcm2290_firmwaresm6375wcn3991wcd9380_firmwarewcn3990sdm429wsd865_5gqca6595sm8350-ac_firmwaresdm439snapdragon_835_mobile_pc_platformqcn9012sd888sdm429wsa8835qca6574sdm429w_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_auto_5g_modem-rfwcd9380qcs410sxr2130qca6574asmart_audio_400_platformwcn685x-5_firmwareqca6174asm7325pqca6310_firmwaresm7325wcn6750qcn9012_firmwarewcd9335_firmwarewcn3980sm7225qcm4325_firmwaresm7250-abqca6574_firmwarewcd9340_firmwaresm4125_firmwarewcn3680b_firmwaresm7325p_firmwarewsa8815wcn3910qca6320sdm429_firmwaremdm9650_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwareqcs8250wcn3660b_firmwareqca6574a_firmwaresd835qrb5165mwcn785x-5_firmwaresm7315sm8250-ab_firmwareqca6391snapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_xr2\+_gen_1_platform_firmwarewcn3980_firmwaresnapdragon_820_automotive_platformsa8295psm6350wcn6740_firmwaresnapdragon_xr2_5g_platformqcm4290qcm6490_firmwaresm8350_firmwareqrb5165wcn685x-5sdm660qcn9011sm6225_firmwareqca6797aq_firmwaresm6350_firmwarewcn785x-1_firmwareqca6574ausa8155p_firmwareqcs8250_firmwarewcd9341_firmwareqcm4290_firmwaresm7250-aa_firmwarewsa8810sm7250-acqcs610_firmwaresa6145pwcn3680bsd835_firmwaresm8350-acqam8650p_firmwaresdm439_firmwareqca6595_firmwaresa8145pwcn6740qca6696qca6391_firmwareqcs8550sa4150p_firmwaresm4350qm215_firmwarewcd9370_firmwaresm4350-ac_firmwaresa6150psd888_firmwaresa8155pcsra6640sm8250sm7250pqcs410_firmwareqam8255psa4155psdm660_firmwareqcm2290sm7325_firmwareSnapdragonqcm2290_firmwareqam8255p_firmwareqca9377_firmwarerobotics_rb5_platform_firmwaresnapdragon_662_mobile_platform_firmwarewcd9380_firmwaresa6150p_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresa8145p_firmwareqcs2290_firmwaresnapdragon_820_automotive_platform_firmwareflight_rb5_5g_platform_firmwaresdm429w_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6595au_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarecsra6620_firmwarecsra6640_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwarewcn3990_firmwareqrb5165n_firmwareqca6310_firmwareqcn9012_firmwarewcd9335_firmwarewcd9385_firmwarewcd9326_firmwarewcn3615_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm4125_firmwaresm7325p_firmwaresnapdragon_660_mobile_platform_firmwareqam8295p_firmwaremdm9650_firmwaresnapdragon_xr2_5g_platform_firmwareqcn9011_firmwaresnapdragon_439_mobile_platform_firmwaresm7315_firmwareqca6320_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwaresnapdragon_429_mobile_platform_firmwaresnapdragon_835_mobile_pc_platform_firmwarewcn3680b_firmwarewcd9375_firmwarewcn3660b_firmwareqca6574a_firmwarefastconnect_6200_firmwaresm7250p_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6436_firmwaresnapdragon_680_4g_mobile_platform_firmwarewcn6740_firmwaresnapdragon_auto_5g_modem-rf_firmwaresa6155p_firmwaresnapdragon_690_5g_mobile_platform_firmwaresmart_audio_400_platform_firmwareqrb5165m_firmwareqcm6490_firmwaresa4155p_firmwarefastconnect_6900_firmwareqcs8550_firmwarewcn3988_firmwareqca6797aq_firmwaresa6145p_firmwaresa8155p_firmwarefastconnect_6700_firmwarewsa8810_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcm4290_firmwaresa8255p_firmwareqcs610_firmwareqca6698aq_firmwareqca6426_firmwarequalcomm_215_mobile_platform_firmwaresd835_firmwareqca6174a_firmwareqcs4290_firmwareqam8650p_firmwaresxr2130_firmwareqam8775p_firmwareqca6696_firmwareqcs6490_firmwareqca6595_firmwaresnapdragon_x12_lte_modem_firmwareqca6391_firmwaresa4150p_firmwarewcn3910_firmwarewcd9370_firmwaresd888_firmwarewsa8830_firmwaresd865_5g_firmwarewcn3620_firmwarewsa8815_firmwarewsa8835_firmwaresd660_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqcs410_firmwaresa8295p_firmwaresg4150p_firmwaresnapdragon_750g_5g_mobile_platform_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14967
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.00%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080.

Action-Not Available
Vendor-ikarussecurityn/a
Product-anti.virusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21121
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.56%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-18 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21501
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.2||HIGH
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21671
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 19.37%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Core

Memory Corruption in Core during syscall for Sectools Fuse comparison feature.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_780g_5g_mobile_platformsm7315_firmwaresnapdragon_782g_mobile_platformwcd9380_firmwarewcd9370snapdragon_888\+_5g_mobile_platform_sm7315snapdragon_778g\+_5g_mobile_platformwsa8830snapdragon_780g_5g_mobile_platform_firmwaresnapdragon_888_5g_mobile_platformwcd9385sd888qsm8350sd888_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn6740wcn6740_firmwarefastconnect_6700snapdragon_778g\+_5g_mobile_platform_firmwareqsm8350_firmwarewcd9375_firmwarefastconnect_6900qca6391wcd9370_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_782g_mobile_platform_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380qcm6490_firmwaresm7325p_firmwaresnapdragon_888_5g_mobile_platform_firmwarewcd9375sm7325pqcm6490snapdragon_778g_5g_mobile_platformfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_888\+_5g_mobile_platform__firmwareqcs6490_firmwarewsa8835_firmwareqcs6490snapdragon_7c\+_gen_3_computewsa8835qca6391_firmwarewsa8830_firmwarevideo_collaboration_vc3_platformSnapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21451
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.47%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21498
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6||MEDIUM
EPSS-0.02% / 4.53%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20507
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.35%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2020-16891
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.61%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:17
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.</p> <p>An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.</p> <p>The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21627
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.05%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:14
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Type Conversion or Cast in Trusted Execution Environment

Memory corruption in Trusted Execution Environment while calling service API with invalid address.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830sda429w_firmwaresa6150p_firmwarewcd9380_firmwaresa8145p_firmwaresw5100psd865_5gqcc5100sdx55m_firmwarewcn6856_firmwarewsa8835sd_8_gen1_5gwcd9380sa8150p_firmwaresd888_5gqca6420_firmwareqca6595au_firmwareqca6390_firmwarewcn6855_firmwareqca6426qca6430_firmwarewcn3980wcn3998wcd9385_firmwaresdxr2_5g_firmwaresd_8_gen1_5g_firmwarewcn3660bsd855wsa8815wcn6850qca6426_firmwarewcn3660b_firmwarewcn7850qca6574au_firmwarewcn3680b_firmwareqca6595auwcn3998_firmwarewcn3980_firmwareqca6391wcn3610_firmwareqca6420qca6436_firmwaresdx55mqcc5100_firmwareaqt1000_firmwaresa6155p_firmwareqcs8155wcn7851sdxr2_5gwcn6851_firmwarewcn3988_firmwareqca6430qca6574ausa6145p_firmwaresa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810sd870qca6436wcn6851wcn6855sa6155psw5100p_firmwarewcn7851_firmwarewcn6856sa6145pwcn3680bwcd9385wcd9341qca6696_firmwaresa8145psd870_firmwareqca6696qca6391_firmwareqca6390aqt1000sa8150psa6150psa8155pwsa8830_firmwaresda429wsd855_firmwaresd865_5g_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqcs8155_firmwaresw5100_firmwarewcn3610Snapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2009-2513
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.48% / 64.21%
||
7 Day CHG~0.00%
Published-11 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_2000windows_2003_serverwindows_xpwindows_server_2008n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21138
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.56%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-20
Improper Input Validation
CVE-2009-1824
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.17% / 38.70%
||
7 Day CHG~0.00%
Published-29 May, 2009 | 18:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs.

Action-Not Available
Vendor-arcabitn/a
Product-arcavir_2009_system_protectionarcavir_2009_internet_securityarcavir_2009_antivirus_protectionarcavir_2009_home_protectionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21272
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.74%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 21:01
Updated-09 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20585
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.29%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21135
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.77%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-18 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21558
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.10%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Error Reporting Service Elevation of Privilege Vulnerability

Windows Error Reporting Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21092
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.79%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20960
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.43%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-250589026

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21656
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.49%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in WLAN HOST

Memory corruption in WLAN HOST while receiving an WMI event from firmware.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwaresm7325-ae_firmwaresa6150p_firmwareqcs610qca8337qam8775pwcd9360_firmwarewcn3950_firmwaresa8150p_firmwaresm4450_firmwareqca6595au_firmwaresa6155sm8350csra6620_firmwarecsra6640_firmwarewcn685x-1sm7350-ab_firmwaresm4375wcn3998qca6554a_firmwareqam8295pwcn3950qcn6024_firmwaresd_8_gen1_5g_firmwaresm6375_firmwarewcn3660bsm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwaresm6225-adwcd9360snapdragon_xr2\+_gen_1_platformsnapdragon_auto_5g_modem-rf_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwaresm6225-ad_firmwareqca6698aqsa4155p_firmwaresa8155_firmwarewcd9340sw5100qca6436sa6155pqca6698aq_firmwarewcn685x-1_firmwarewcd9341qam8775p_firmwaresa8255pqca6696_firmwareqca6797aqsm4350_firmwaresa8150psm8250-ac_firmwarewsa8830_firmwaresd865_5g_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988sm4250-aa_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresa8295p_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwaressg2125psdm429wsw5100psnapdragon_w5\+_gen_1_wearable_platformqca6564ausdm429qca6574snapdragon_7c\+_gen_3_computewcd9380qcs410sxr1230pwcd9335_firmwarewcn3980qcc2073_firmwareqcm4325_firmwarewcd9340_firmwarewsa8815qca6320sdm429_firmwareqca6426_firmwaresm4450wcn3660b_firmwaresd835qcn9024wcn3980_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresa8295psm8475_firmwarewcn6740_firmwareqcs4490_firmwaresnapdragon_xr2_5g_platformqca6678aqsnapdragon_x65_5g_modem-rf_systemsm8350_firmwareqca6797aq_firmwarewcn785x-1_firmwareqcn9024_firmwarewsa8832sw5100p_firmwareqcs610_firmwaresa6145pqcs4490qca6595_firmwaresa8145pqca6391_firmwaresa4150p_firmwarewcd9370_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresa8155pcsra6640sm8250ssg2115p_firmwareqam8255psa4155par8035_firmwarewcn3991_firmwarewsa8830sa8145p_firmwaresxr2230p_firmwareqam8650pwcn785x-5csrb31024csra6620qca6390_firmwaresnapdragon_auto_4g_modem_firmwarewcd9370ssg2115pqca6426qca6584au_firmwarewcn3990_firmwaresm8450sm8250-abwcd9385_firmwarewcd9326_firmwareqam8295p_firmwaresm7325-afsa8155qca6320_firmwaresnapdragon_x55_5g_modem-rf_systemsnapdragon_835_mobile_pc_platform_firmwaresdx55_firmwareqca6595ausm7325-af_firmwareqca6436_firmwaresm4350-acsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwareqca6584ausa6155p_firmwareqca6310snapdragon_x65_5g_modem-rf_system_firmwaresm6225qcs6490qcs8550_firmwaresm8250_firmwaresm8250-acwcn3988_firmwaresa6145p_firmwaresa8195pwsa8810_firmwaresm4375_firmwaresm8450_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9326wcd9335qca8081qcm4490wcd9385sxr2130_firmwareqcs6490_firmwareqca6390ar8035wcd9375wcn3620_firmwareqcm6490wsa8815_firmwarewsa8835_firmwarewcn3620sm7350-absa4150pwcn785x-1qcm4325wcn3990qca6554asd865_5gqca6595sm8350-ac_firmwaresnapdragon_835_mobile_pc_platformsd888wsa8835sxr1230p_firmwaresdm429w_firmwaresnapdragon_auto_5g_modem-rfsd_8_gen1_5gssg2125p_firmwaresxr2130qca6574asmart_audio_400_platformwcn685x-5_firmwaresm7325pqca6310_firmwaresm7325wcn6750qcc2076_firmwareqca6574_firmwaresm7325p_firmwaresxr2230psnapdragon_xr2_5g_platform_firmwareqca6175aqca6574a_firmwarewcn785x-5_firmwaresm7315sm8250-ab_firmwareqca6391snapdragon_x55_5g_modem-rf_system_firmwareqcm4490_firmwaresnapdragon_auto_4g_modemcsrb31024_firmwareqcm6490_firmwarewsa8832_firmwarewcn685x-5sm6225_firmwareqca6574ausa8155p_firmwarewcd9341_firmwarewsa8810snapdragon_ar2_gen_1_platformsd835_firmwaresm8350-acqam8650p_firmwarewcn6740qca6696qcs8550sm4350sa6150pqcn6024qcc2076sw5100_firmwareqcs410_firmwareqcc2073qca6175a_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21439
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.44%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-1577
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.00%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:29
Updated-01 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Driver Managerdrivers_management
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1480
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-9.59% / 92.56%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:07
Updated-08 Nov, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN Solution
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.30%
||
7 Day CHG~0.00%
Published-16 Mar, 2009 | 17:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.

Action-Not Available
Vendor-n/aMandriva (Mandrakesoft)
Product-multi_network_firewalllinuxlinux_corporate_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0606
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.98%
||
7 Day CHG~0.00%
Published-17 Feb, 2009 | 17:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly a related issue to CVE-2002-0820.

Action-Not Available
Vendor-openhandsetalliancen/a
Product-android_sdkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1454
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 29.63%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:06
Updated-08 Nov, 2024 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeios_xe_sd-wanCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2009-1125
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.53% / 66.13%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_2000windows_xpwindows_server_2003windows_server_2008n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-1127
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-1.20% / 78.06%
||
7 Day CHG~0.00%
Published-11 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_2000windows_2003_serverwindows_xpwindows_server_2008n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0154
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:36
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_e3-1565l_v5xeon_e5-2650l_v4xeon_e-2286gxeon_e7-4820_v4xeon_e5-1650_v4_firmwarexeon_e5-2603_v4_firmwarexeon_e3-1240_v6_firmwarecore_i9-7900xxeon_d-2733nt_firmwarexeon_d-1548xeon_d-1622_firmwarexeon_e3-1220_v5core_i7-7820x_firmwarexeon_e-2174g_firmwarexeon_d-1633nxeon_d-1527_firmwarexeon_e-2276ml_firmwarexeon_e3-1505m_v5_firmwarexeon_d-1653nxeon_e3-1578l_v5_firmwarexeon_d-2145nt_firmwarexeon_e-2246gxeon_d-2173it_firmwarexeon_e5-2637_v4xeon_d-1633n_firmwarecore_i9-7920xcore_i9-9960xxeon_d-1513n_firmwarexeon_e3-1230_v6core_i9-7960x_firmwarexeon_e-2374gxeon_d-1749nt_firmwarexeon_e3-1501l_v6xeon_e-2254ml_firmwarexeon_e7-4809_v4_firmwarexeon_e-2378xeon_e7-8867_v4xeon_d-1557_firmwarexeon_e5-2630_v4_firmwarexeon_e-2236xeon_e3-1220_v5_firmwarecore_i7-7820xcore_i7-3970x_firmwarexeon_e5-2699r_v4_firmwarexeon_e-2374g_firmwarexeon_e5-4640_v4xeon_d-1747nte_firmwarexeon_d-2163it_firmwarecore_i5-7640xcore_i7-7800xxeon_d-1531xeon_d-1726_firmwarexeon_e-2386g_firmwarexeon_e-2176m_firmwarexeon_e7-8891_v4xeon_e-2278g_firmwarexeon_e3-1240_v6core_i9-9920xxeon_e3-1230_v5xeon_e3-1240_v5_firmwarexeon_e-2278gexeon_d-1533n_firmwarexeon_e3-1545m_v5_firmwarexeon_e5-2650_v4_firmwarexeon_d-2146nt_firmwarexeon_d-2177ntxeon_e5-2630l_v4_firmwarexeon_e3-1275_v5_firmwarexeon_e-2278gel_firmwarexeon_e7-8894_v4xeon_d-2786nte_firmwarexeon_d-1518_firmwarexeon_e3-1505l_v6xeon_e-2254me_firmwarexeon_e5-4650_v4xeon_e-2236_firmwarexeon_d-2775te_firmwarexeon_e5-2680_v4_firmwarexeon_e-2244g_firmwarexeon_d-1571_firmwarexeon_e5-2660_v4xeon_d-1715ter_firmwarexeon_e-2126gcore_i7-6900k_firmwarexeon_e7-8893_v4_firmwarexeon_e5-4650_v4_firmwarexeon_e3-1285_v6xeon_e3-1505l_v6_firmwarexeon_e5-4627_v4core_i7-4940mxxeon_e-2276mlxeon_e5-4610_v4_firmwarexeon_e3-1235l_v5xeon_e5-1630_v4xeon_e3-1225_v5_firmwarexeon_e3-1245_v6_firmwarecore_i9-10920x_firmwarecore_i9-10940xxeon_d-2796texeon_d-1541_firmwarexeon_e3-1270_v6core_i7-5820k_firmwarecore_i9-10900xxeon_e3-1545m_v5xeon_d-1577_firmwarexeon_d-1531_firmwarexeon_e-2334_firmwarexeon_e3-1515m_v5_firmwarexeon_d-2142itxeon_e-2276me_firmwarexeon_d-1748texeon_e7-8891_v4_firmwarexeon_e5-2699r_v4xeon_d-2187ntxeon_d-2775texeon_e5-2640_v4_firmwarexeon_d-1518core_i7-9800xcore_i7-6800k_firmwarexeon_e-2136_firmwarexeon_d-1726xeon_d-1735tr_firmwarexeon_e5-2648l_v4xeon_e-2276mecore_i7-3820_firmwarexeon_e-2146gcore_i7-6950xxeon_e5-4620_v4xeon_d-2752nte_firmwarexeon_e7-8870_v4xeon_d-2796nt_firmwarexeon_e7-8880_v4_firmwarexeon_d-1637xeon_e-2356g_firmwarexeon_e5-4660_v4xeon_e-2146g_firmwarexeon_e5-2698_v4core_i7-3970xxeon_e-2286g_firmwarexeon_e3-1515m_v5xeon_d-1539_firmwarecore_i7-3960xcore_i7-6800kxeon_d-1718txeon_e-2126g_firmwarexeon_d-2753nt_firmwarexeon_d-1602xeon_e5-4655_v4core_i7-4820kxeon_d-1533nxeon_d-1529_firmwarexeon_e3-1260l_v5_firmwarexeon_d-2799xeon_e3-1240l_v5xeon_e-2136xeon_e5-4640_v4_firmwarexeon_e-2378_firmwarexeon_d-1712trcore_i9-9940x_firmwarexeon_d-2145ntxeon_e5-2697a_v4xeon_d-1736_firmwarexeon_e-2288g_firmwarexeon_e-2276mxeon_e-2224gxeon_d-2173itxeon_d-2766ntxeon_d-2161ixeon_d-2163itxeon_e5-1620_v4xeon_e5-4669_v4core_i7-3930kxeon_d-2123itxeon_e5-2609_v4_firmwarexeon_e3-1505m_v5xeon_d-1623nxeon_e3-1535m_v6_firmwarecore_i7-4960x_firmwarecore_i7-4820k_firmwarexeon_d-1521xeon_e5-2628l_v4xeon_d-1722nexeon_e5-2650_v4xeon_e7-4820_v4_firmwarexeon_d-2776ntcore_i7-3820xeon_d-2161i_firmwarexeon_e-2144g_firmwarexeon_e5-2687w_v4_firmwarexeon_d-1713nt_firmwarexeon_e3-1585l_v5xeon_e-2378g_firmwarecore_i7-3940xmxeon_e3-1275_v5xeon_e5-4610_v4xeon_e-2246g_firmwarexeon_e5-2658_v4xeon_e5-1630_v4_firmwarexeon_e-2388gxeon_e3-1558l_v5_firmwarexeon_e5-4620_v4_firmwarexeon_d-2786ntexeon_d-1537_firmwarexeon_e-2226gxeon_d-2796te_firmwarecore_i7-3920xmxeon_e-2226ge_firmwarexeon_d-2143itxeon_e-2226gexeon_e3-1225_v6_firmwarexeon_d-2753ntxeon_e-2278gxeon_d-1540_firmwarexeon_e7-8890_v4_firmwarexeon_e5-2683_v4_firmwarecore_i7-5930k_firmwarexeon_e-2124xeon_e-2186g_firmwarexeon_d-1553n_firmwarexeon_e5-2695_v4core_i9-7980xe_firmwarexeon_d-2177nt_firmwarecore_i7-3940xm_firmwarecore_i7-3930k_firmwarexeon_e3-1270_v5_firmwarecore_i9-10920xxeon_d-2798ntxeon_e5-2667_v4_firmwarexeon_d-1712tr_firmwarexeon_e3-1240l_v5_firmwarexeon_e7-8860_v4_firmwarecore_i7-6950x_firmwarexeon_e3-1501l_v6_firmwarexeon_e5-1660_v4_firmwarexeon_e3-1260l_v5xeon_d-1739_firmwarexeon_e-2386gxeon_d-1736xeon_d-2738xeon_d-1567_firmwarexeon_e5-2683_v4xeon_e-2134xeon_d-1733nt_firmwarexeon_e-2388g_firmwarexeon_d-1749ntcore_i9-9820x_firmwarexeon_d-2142it_firmwarexeon_e-2336xeon_d-1627xeon_e3-1575m_v5_firmwarexeon_d-2779_firmwarexeon_e3-1225_v5xeon_e-2186mxeon_d-1602_firmwarexeon_e3-1558l_v5xeon_e-2176mxeon_d-2733ntxeon_e-2286mxeon_d-1559_firmwarecore_i7-4930mx_firmwarexeon_d-1623n_firmwarexeon_d-1702xeon_e-2274gxeon_d-1722ne_firmwarexeon_e5-2630l_v4xeon_e7-8893_v4xeon_e7-4830_v4xeon_e5-2699_v4_firmwarexeon_e-2134_firmwarexeon_e5-4669_v4_firmwarexeon_e5-4667_v4xeon_d-1528_firmwarexeon_d-2795ntxeon_e5-4628l_v4xeon_d-1732te_firmwarecore_i5-7640x_firmwarexeon_d-2779xeon_e3-1268l_v5xeon_e-2226g_firmwarexeon_d-1529xeon_e5-1650_v4core_i9-7960xcore_i7-5930kxeon_e-2324g_firmwarexeon_d-1715terxeon_d-1559xeon_e-2278ge_firmwarexeon_e-2174gxeon_e3-1535m_v6xeon_e3-1220_v6xeon_e3-1585_v5_firmwarecore_i9-9820xxeon_e-2276m_firmwarexeon_d-1537xeon_d-1714xeon_e7-4850_v4xeon_d-1567xeon_e3-1220_v6_firmwarexeon_e7-4850_v4_firmwarexeon_e-2286m_firmwarexeon_e3-1501m_v6_firmwarexeon_e3-1245_v5xeon_d-1734nt_firmwarexeon_d-2141ixeon_e-2176gxeon_e-2288gcore_i7-3920xm_firmwarexeon_e-2274g_firmwarexeon_d-2141i_firmwarexeon_e3-1225_v6core_i7-6850k_firmwarecore_i7-3960x_firmwarexeon_e3-1280_v6xeon_e7-8880_v4xeon_e-2176g_firmwarexeon_d-2752ntexeon_d-2776nt_firmwarexeon_e-2254mlxeon_e-2124g_firmwarexeon_e5-2667_v4xeon_d-1734ntxeon_e5-2695_v4_firmwarexeon_e-2224_firmwarexeon_e5-4655_v4_firmwarexeon_e5-2608l_v4_firmwarexeon_d-1649nxeon_e7-8890_v4xeon_e5-2609_v4xeon_d-1540xeon_d-1736nt_firmwarexeon_d-2712t_firmwarexeon_d-1513ncore_i7-9800x_firmwarexeon_d-2183itxeon_d-2123it_firmwarexeon_e3-1275_v6_firmwarecore_i7-5960x_firmwarexeon_e-2224g_firmwarecore_i9-7940x_firmwarexeon_e5-2643_v4_firmwarexeon_d-1527xeon_e3-1505m_v6xeon_e7-8860_v4core_i9-9940xxeon_d-2712txeon_e5-2690_v4xeon_d-1649n_firmwarecore_i9-9980xe_firmwarexeon_e3-1535m_v5core_i9-9900xxeon_e5-2650l_v4_firmwarecore_i9-7940xxeon_e5-2699a_v4_firmwarecore_i9-7900x_firmwarexeon_e3-1505m_v6_firmwarexeon_e7-8870_v4_firmwarexeon_e-2254mexeon_d-1523nxeon_e3-1505l_v5core_i9-9900x_firmwarexeon_e7-4830_v4_firmwarexeon_d-1748te_firmwarexeon_e5-4667_v4_firmwarexeon_e5-2618l_v4xeon_d-1520xeon_d-2187nt_firmwarexeon_e3-1280_v6_firmwarecore_i7-7800x_firmwarexeon_e5-2699_v4xeon_e5-2603_v4xeon_d-2146ntxeon_e-2144gxeon_d-1713ntxeon_d-1543nxeon_e3-1270_v6_firmwarexeon_d-2752terxeon_d-1541xeon_d-1543n_firmwarexeon_e-2244gxeon_e7-8867_v4_firmwarexeon_d-2799_firmwarexeon_e3-1245_v5_firmwarexeon_d-1732texeon_d-1622xeon_d-1520_firmwarexeon_e5-2640_v4xeon_e5-4660_v4_firmwarexeon_e5-2680_v4xeon_e5-2697a_v4_firmwarexeon_e3-1235l_v5_firmwarecore_i7-7740xxeon_d-2795nt_firmwarexeon_d-1713nte_firmwarexeon_e5-2637_v4_firmwarexeon_e5-2660_v4_firmwarexeon_e3-1575m_v5xeon_e-2124gcore_i9-9920x_firmwarexeon_e5-2687w_v4core_i7-4930kcore_i9-10980xe_firmwarecore_i7-4960xcore_i7-5960xxeon_d-1521_firmwarexeon_e3-1285_v6_firmwarecore_i7-5820kcore_i9-7920x_firmwarexeon_e-2356gcore_i7-6900kcore_i9-9980xexeon_d-1557xeon_e5-2623_v4xeon_d-2796ntxeon_e3-1240_v5xeon_e3-1585l_v5_firmwarexeon_e-2336_firmwarexeon_d-1713ntexeon_e3-1585_v5xeon_d-1739xeon_e-2334xeon_d-2752ter_firmwarexeon_d-1637_firmwarexeon_d-1577xeon_e3-1501m_v6xeon_d-1735trxeon_d-2766nt_firmwarecore_i7-4930k_firmwarecore_i9-10980xexeon_e3-1505l_v5_firmwarexeon_e-2314xeon_e3-1535m_v5_firmwarexeon_e5-2690_v4_firmwarexeon_d-2166ntxeon_e3-1280_v5_firmwarexeon_e5-2608l_v4xeon_e5-2697_v4xeon_e-2186gxeon_e-2314_firmwarexeon_d-1539xeon_e5-4627_v4_firmwarexeon_e5-2658_v4_firmwarexeon_d-1718t_firmwarexeon_e5-2648l_v4_firmwarexeon_e3-1280_v5xeon_e5-1680_v4_firmwarecore_i9-10900x_firmwarecore_i7-4930mxxeon_e5-2630_v4xeon_e7-4809_v4xeon_d-1746ter_firmwarexeon_e5-2620_v4xeon_d-2143it_firmwarexeon_e3-1230_v6_firmwarexeon_e3-1275_v6xeon_e3-1565l_v5_firmwarexeon_e5-1660_v4xeon_e5-4628l_v4_firmwarexeon_e5-1680_v4xeon_e-2276g_firmwarexeon_e5-2698_v4_firmwarexeon_d-1627_firmwarexeon_d-1702_firmwarexeon_d-1733ntxeon_e-2224xeon_e5-2618l_v4_firmwarexeon_e-2124_firmwarecore_i7-4940mx_firmwarexeon_d-1653n_firmwarexeon_e5-2623_v4_firmwarexeon_e3-1230_v5_firmwarecore_i9-9960x_firmwarexeon_d-1736ntxeon_e-2278gelxeon_d-1553nxeon_e3-1578l_v5core_i9-10940x_firmwarexeon_e3-1245_v6xeon_e-2378gxeon_d-2798nt_firmwarexeon_e-2234_firmwarexeon_d-1747ntexeon_d-2166nt_firmwarexeon_e5-2699a_v4xeon_d-1523n_firmwarexeon_d-2183it_firmwarecore_i7-6850kxeon_e5-2643_v4xeon_e-2324gxeon_e3-1268l_v5_firmwarexeon_e5-2628l_v4_firmwarecore_i9-7980xexeon_e7-8894_v4_firmwarexeon_e-2276gxeon_e5-2697_v4_firmwarexeon_e3-1270_v5xeon_d-1548_firmwarexeon_d-1746terxeon_e5-1620_v4_firmwarexeon_d-1571xeon_e-2186m_firmwarexeon_d-1528xeon_d-2738_firmwarexeon_e-2234xeon_e5-2620_v4_firmwarecore_i7-7740x_firmwarexeon_d-1714_firmwareIntel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0681
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.57%
||
7 Day CHG~0.00%
Published-15 Apr, 2009 | 10:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys.

Action-Not Available
Vendor-pgpn/a
Product-desktopn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9855
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:17
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2024-31310
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.17%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:09
Updated-27 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-20
Improper Input Validation
CVE-2009-1124
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.68% / 70.59%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_2000windows_xpwindows_server_2003windows_server_2008n/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found