Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-26323

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-16 Nov, 2021 | 18:14
Updated At-16 Sep, 2024 | 23:45
Rejected At-
Credits

Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:16 Nov, 2021 | 18:14
Updated At:16 Sep, 2024 | 23:45
Rejected At:
▼CVE Numbering Authority (CNA)

Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
3rd Gen AMD EPYC™
Versions
Affected
  • From unspecified before MilanPI-SP3_1.0.0.4 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021
x_refsource_MISC
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021
x_refsource_MISC
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:16 Nov, 2021 | 19:15
Updated At:19 Nov, 2021 | 15:59

Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Advanced Micro Devices, Inc.
amd
>>epyc_7232p_firmware>>Versions before romepi-sp3_1.0.0.c(exclusive)
cpe:2.3:o:amd:epyc_7232p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7232p>>-
cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7763_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7763>>-
cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7713p_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7713p>>-
cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7713_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7713>>-
cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7663_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7663>>-
cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643>>-
cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_75f3_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_75f3>>-
cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543p_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543p>>-
cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543>>-
cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7513_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7513>>-
cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7453_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7453>>-
cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_74f3_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_74f3>>-
cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443p>>-
cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443p_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443>>-
cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7413>>-
cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7413_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_73f3>>-
cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_73f3_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7343_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7343>>-
cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313p_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313p>>-
cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313>>-
cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_72f3_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)
cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_72f3>>-
cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE-20Secondarypsirt@amd.com
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: psirt@amd.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021psirt@amd.com
Vendor Advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021
Source: psirt@amd.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

603Records found
CVE-2024-38245
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.63% / 69.46%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38241
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.04% / 76.47%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2019Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38243
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.63% / 69.46%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2019Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38244
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.04% / 76.47%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2019Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38047
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 66.31%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PowerShell Elevation of Privilege Vulnerability

PowerShell Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows 10 Version 1809Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows 10 Version 22H2Windows 11 version 22H3Windows Server 2019 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29371
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.38% / 79.53%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Elevation of Privilege Vulnerability

Windows GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23432
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.06%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices with Exynos chipsets
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29359
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.01%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GDI Elevation of Privilege Vulnerability

GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24382
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.72%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:35
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_11_pro_kit_nuc11tnhi30l_firmwarenuc11dbbi7_firmwarenuc_9_pro_compute_element_nuc9vxqnb_firmwarenuc_11_pro_kit_nuc11tnki7nuc11pa_firmwarenuc8i3cysnnuc_9_pro_kit_nuc9vxqnx_firmwarenuc_11_compute_element_cm11ebi58w_firmwarenuc_11_pro_board_nuc11tnbi50znuc_11_pro_kit_nuc11tnki30z_firmwarenuc_8_compute_element_cm8pcbnuc_8_compute_element_cm8pcb_firmwarelapkc71fnuc_11_pro_board_nuc11tnbi70z_firmwarenuc_11_pro_board_nuc11tnbi7nuc_11_compute_element_cm11ebc4w_firmwarenuc_11_pro_kit_nuc11tnki50znuc_11_pro_kit_nuc11tnki5nuc_kit_nuc8i5benuc8i3cysmlapbc710nuc_11_pro_kit_nuc11tnhi50znuc_8_compute_element_cm8i3cbnuc8i3cysn_firmwarenuc_kit_nuc8i5be_firmwarenuc11pahnuc_11_pro_board_nuc11tnbi30z_firmwarenuc_9_pro_kit_nuc9v7qnx_firmwarenuc_8_compute_element_cm8ccbnuc11dbbi9_firmwarenuc_11_pro_board_nuc11tnbi5nuc_9_pro_compute_element_nuc9v7qnblapbc710_firmwarelapkc51enuc_11_pro_kit_nuc11tnki3nuc_11_pro_kit_nuc11tnki70znuc_8_compute_element_cm8i7cblapkc71f_firmwarenuc_11_enthusiast_kit_nuc11phki7cnuc11panuc_11_pro_kit_nuc11tnhi70lnuc_11_pro_kit_nuc11tnhi50lnuc_8_compute_element_cm8i7cb_firmwarenuc9i9qnnuc_11_pro_board_nuc11tnbi70znuc_11_pro_kit_nuc11tnhi30znuc_11_pro_kit_nuc11tnhi50w_firmwarelapbc510_firmwarenuc_11_compute_element_cm11ebi716wnuc_11_pro_kit_nuc11tnki30znuc_kit_nuc8i3b_firmwarenuc11btmi9nuc11btmi7nuc9i7qnnuc9i7qn_firmwarenuc_8_compute_element_cm8i5cb_firmwarenuc_11_compute_element_cm11ebi38w_firmwarenuc_11_pro_kit_nuc11tnhi70l_firmwarenuc_11_pro_kit_nuc11tnhi70qnuc_11_pro_kit_nuc11tnhi70znuc9i5qn_firmwarenuc_kit_nuc8i7be_firmwarenuc_11_pro_kit_nuc11tnhi30lnuc8i3cysm_firmwarelapkc71e_firmwarenuc_11_pro_kit_nuc11tnhi30z_firmwarenuc_11_pro_board_nuc11tnbi5_firmwarenuc_11_pro_kit_nuc11tnki50z_firmwarenuc11paq_firmwarenuc_11_pro_board_nuc11tnbi3_firmwarenuc_11_pro_kit_nuc11tnhi5_firmwarenuc_11_pro_kit_nuc11tnhi7_firmwarenuc_kit_nuc8i3bnuc_11_pro_kit_nuc11tnhi50l_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caanuc11btmi9_firmwarenuc_9_pro_kit_nuc9vxqnxnuc_11_pro_board_nuc11tnbi30znuc_11_pro_kit_nuc11tnhi3nuc_11_enthusiast_kit_nuc11phki7c_firmwarenuc_11_pro_board_nuc11tnbi3nuc_11_pro_kit_nuc11tnhi7nuc_11_pro_board_nuc11tnbi7_firmwarenuc_11_pro_kit_nuc11tnki5_firmwarelapbc510nuc_11_pro_kit_nuc11tnki3_firmwarenuc_8_compute_element_cm8i5cbnuc_11_pro_kit_nuc11tnhi70q_firmwarenuc11pah_firmwarenuc_8_compute_element_cm8i3cb_firmwarelapkc51e_firmwarenuc_11_compute_element_cm11ebi716w_firmwarenuc11paqnuc_9_pro_compute_element_nuc9v7qnb_firmwarenuc_11_pro_kit_nuc11tnki70z_firmwarenuc_9_pro_kit_nuc9v7qnxnuc_11_compute_element_cm11ebi58wnuc_11_pro_kit_nuc11tnhi5nuc_11_pro_kit_nuc11tnhi3_firmwarenuc_11_pro_board_nuc11tnbi50z_firmwarenuc_11_compute_element_cm11ebc4wnuc11dbbi9nuc11btmi7_firmwarenuc_11_pro_kit_nuc11tnhi50wnuc_kit_nuc8i7benuc_11_pro_kit_nuc11tnki7_firmwarenuc_11_pro_kit_nuc11tnhi30p_firmwarenuc_11_pro_kit_nuc11tnhi30pnuc_11_pro_kit_nuc11tnhi70z_firmwarenuc_8_compute_element_cm8ccb_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caa_firmwarenuc9i5qnnuc11dbbi7nuc9i9qn_firmwarenuc_11_pro_kit_nuc11tnhi50z_firmwarenuc_9_pro_compute_element_nuc9vxqnblapkc71enuc_11_compute_element_cm11ebi38wIntel(R) NUCs
CWE ID-CWE-20
Improper Input Validation
CVE-2016-10739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.22%
||
7 Day CHG~0.00%
Published-21 Jan, 2019 | 19:00
Updated-06 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-glibcleapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24453
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.87%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 13:46
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-epid_software_development_kitIntel(R) EPID SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.60% / 68.46%
||
7 Day CHG~0.00%
Published-21 Oct, 2010 | 18:12
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.

Action-Not Available
Vendor-n/aopenSUSEDebian GNU/LinuxGoogle LLC
Product-debian_linuxopensusechromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28743
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:03
Updated-17 Jun, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_9_pro_kit_nuc9v7qnbnuc_9_pro_compute_element_nuc9v7qnbnuc_9_pro_compute_element_nuc9v7qnxnuc_9_pro_compute_element_nuc9v7qnb_firmwarenuc_9_pro_kit_nuc9v7qnx_firmwarenuc_9_pro_kit_nuc9v7qnb_firmwarenuc_pro_compute_element_nuc9v7qnx_firmwarenuc_9_pro_kit_nuc9v7qnxIntel NUC BIOS firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28574
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9||CRITICAL
EPSS-0.04% / 13.20%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-02 Aug, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Core

Memory corruption in core services when Diag handler receives a command to configure event listeners.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830sxr2230p_firmwareqca8337qam8650pqfw7124sg8275p_firmwarewcn785x-5qam8775pqru1052qcn6224_firmwarewsa8840wcn3950_firmwareqca6595au_firmwaresnapdragon_x70_modem-rf_systemwcd9370ssg2115pqdu1110wcn685x-1wcn3990_firmwaresnapdragon_8_gen_2_mobile_platformqamsrv1hwcd9385_firmwarewcn3950qcn6024_firmwareqamsrv1h_firmwaresa9000p_firmwareqca6320_firmwaresnapdragon_835_mobile_pc_platform_firmwaresnapdragon_4_gen_2_mobile_platformqca6595auqca8081_firmwarewsa8845h_firmwareqfw7114qca6310snapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwaresnapdragon_x70_modem-rf_system_firmwarewsa8840_firmwareqca6698aqqcs8550_firmwaresc8380xp_firmwarewcn3988_firmwareqru1062_firmwaresrv1hwcd9340wsa8810_firmwareqcn6224wsa8845hsnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresnapdragon_x75_5g_modem-rf_systemwcd9335qdu1000_firmwareqca8081wcd9395_firmwareqca6698aq_firmwareqcm4490wcn685x-1_firmwarewcd9385wcd9341qam8775p_firmwaresa8255pqca6696_firmwareqca6797aqar8035qru1052_firmwarewcd9390qcc710_firmwarewsa8830_firmwarewcn3988wsa8815_firmwarewsa8835_firmwarewcn6750_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcn785x-1qca8337_firmwarewcd9380_firmwaressg2125pwcn3990qca6595qru1032qcm8550snapdragon_835_mobile_pc_platformqdu1010_firmwareqdx1011qdu1000wsa8835sxr1230p_firmwareqdu1110_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwareqcn6274wcd9380snapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwarewcn685x-5_firmwaresxr1230psg8275pqca6310_firmwarewcn6750wcd9335_firmwareqfw7114_firmwareqru1062wsa8845sa8650psa9000pwcd9340_firmwarewsa8815sxr2230pqca6320qru1032_firmwarewsa8845_firmwaresc8380xpsd835qcn9024wcn785x-5_firmwareqcm4490_firmwareqcn6274_firmwareqcs4490_firmwaresnapdragon_x65_5g_modem-rf_systemsa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwaresrv1h_firmwarewcn685x-5qca6797aq_firmwareqdu1010wcn785x-1_firmwareqdx1011_firmwareqcn9024_firmwarewcd9341_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8810wsa8832qdx1010_firmwaresm8550psnapdragon_ar2_gen_1_platformsd835_firmwareqam8650p_firmwareqcc710qcs4490qca6595_firmwarewcd9395qca6696qcs8550wcd9370_firmwaresm8550p_firmwareqdx1010wcd9390_firmwareqcn6024qdu1210ssg2115p_firmwareqfw7124_firmwareqam8255pqdu1210_firmwarear8035_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-28738
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.97%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:03
Updated-21 Oct, 2024 | 12:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_kit_nuc7cjyhn_firmwarenuc_kit_nuc7cjysalnuc_kit_nuc7cjyhnuc_kit_nuc7cjyh_firmwarenuc_kit_nuc7cjyhnnuc_kit_nuc7pjyh_firmwarenuc_kit_nuc7cjysal_firmwarenuc_kit_nuc7pjyhn_firmwarenuc_kit_nuc7pjyhnnuc_7_essential_nuc7cjysamnnuc_kit_nuc7pjyhnuc_7_essential_nuc7cjysamn_firmwareIntel NUC BIOS firmwareintel_nuc_bios_firmware
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28578
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.11% / 30.16%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Services

Memory corruption in Core Services while executing the command for removing a single event listener.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwareimmersive_home_214sd865_5gqca6595ipq6028_firmwareqca8081_firmwareqcn9001snapdragon_670_mobilesnapdragon_x50_5g_modem-rf_systemwcd9340_firmwareipq5028_firmwarewcd9395_firmwareqcn6024ar9380qcc710_firmwareqca6426snapdragon_8\+_gen_1_mobilefastconnect_6700qcn6422_firmwareqcn5124_firmwaresnapdragon_782g_mobile_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_665_mobile_firmwaresc8180xp-aaabqca6574au_firmwareipq8078a_firmwareqam8295pwcd9341sd626_firmwareipq5312snapdragon_x12_lte_modemsnapdragon_888\+_5g_mobile_firmwarewsa8810_firmwaresd730_firmwarewsa8845h_firmwaresa9000p_firmwaresc8180xp-acafsnapdragon_850_mobile_computefastconnect_6800_firmwarefsm10055sd835_firmwarevideo_collaboration_vc1_platform_firmwaresa8770pqcn9000snapdragon_678_mobile_firmwaresa8540pqsm8250_firmwareqsm8350_firmwareqcn6432video_collaboration_vc1_platformqep8111sa7255psnapdragon_730_mobile_firmwarewcd9385_firmwareqca6421vision_intelligence_200qca6310ipq8074a_firmwareipq8076awcd9360snapdragon_680_4g_mobilesa6155pqca6564au_firmwareqca8075qam8650pvideo_collaboration_vc5_platform_firmwaresa9000psnapdragon_835_mobilesnapdragon_888_5g_mobile_firmwaresnapdragon_662_mobile_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwaresd835snapdragon_4_gen_2_mobile_firmwareqca6436_firmwareipq8070a_firmwareqcn5021_firmwareqcn9070snapdragon_695_5g_mobile_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwareqca6420wcn3910csrb31024snapdragon_x70_modem-rf_system_firmwaremdm9250_firmwaresnapdragon_712_mobilesnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_835_mobile_firmwarewcn3660bqca6574aqca6174awcd9340qcs8250_firmwareqcm2290qdu1210snapdragon_auto_5g_modem-rf_gen_2qcn6122_firmwareqcn5154_firmwaresm8550p_firmwareqcm8550wcn3988snapdragon_765_5g_mobile_firmwareqcn5122_firmwareqcn9024pmp8074vision_intelligence_300_firmwareqca6574snapdragon_x75_5g_modem-rf_systemqamsrv1hqcn6412_firmwaresdx57mqcs410qcm2290_firmwarevision_intelligence_100sa8155pqca8072_firmwaresnapdragon_765g_5g_mobile_firmwarewsa8830smart_display_200_firmwareipq5312_firmwaresm8550pqcf8000_firmwaresa6145psnapdragon_625_mobile_firmwareimmersive_home_318_firmwareqcn6122sa8255p_firmwaresnapdragon_4_gen_2_mobilesnapdragon_7c_compute_firmwareqrb5165m_firmwaresa8650p_firmwareimmersive_home_216_firmwareqca9985immersive_home_316snapdragon_865\+_5g_mobile_firmwareipq8071aqcn6112wcn3950_firmwareqrb5165nfastconnect_6200sm7325p_firmwaresd460wcd9360_firmwaresc8180x-acaf_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_660_mobile_firmwareqdx1011snapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwarerobotics_rb3_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwaresnapdragon_8_gen_3_mobilesnapdragon_855_mobilesc8180xp-acaf_firmwareqcn9072qcn6224_firmwarevision_intelligence_100_firmwareqca6431sd660_firmwaresnapdragon_480_5g_mobilesnapdragon_750g_5g_mobile_firmwaresdx57m_firmwareimmersive_home_216srv1msxr2130_firmwaresnapdragon_860_mobile_firmwarear8035_firmwaresnapdragon_778g\+_5g_mobileqrb5165msc8380xpqca6320qca4024_firmwareqca0000_firmwaresd888_firmwareqcs6125_firmwareqca9992_firmwareqca9990ipq8070qcn9074wsa8815_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareipq8173snapdragon_665_mobilesm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_730g_mobile_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq5028qca9986qcn9070_firmwaresnapdragon_778g\+_5g_mobile_firmwaresa8295p_firmwaresmart_audio_400_firmwaresd_675_firmwareqca9984ipq5010_firmwareqcn9022_firmwaresnapdragon_720g_mobilesm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresc8180x-acafsd888fsm10055_firmwareqru1062_firmwarefsm10056sd460_firmwaresnapdragon_675_mobile_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_768g_5g_mobilesc8380xp_firmwareipq8065qru1062qca6310_firmwaresd626fastconnect_6800qcs7230snapdragon_865_5g_mobile_firmwareipq5302_firmwareqcn9001_firmwarewcd9371fastconnect_6900_firmwarerobotics_rb5_firmwareqca8075_firmwareqcf8000sc8180x-aaab_firmwarevideo_collaboration_vc3_platformqca9980_firmwareqca9985_firmwareqca6431_firmwareqcn6402_firmwareqca6698aq_firmwareqcs2290qcs2290_firmwaresnapdragon_xr2\+_gen_1_firmwarewcn3615wcn3999_firmwaresa8255pqcs7230_firmwarewcd9390_firmwareqcn5024qep8111_firmwareqca6430snapdragon_855\+_mobilesnapdragon_765_5g_mobileimmersive_home_326qdx1011_firmwaresnapdragon_860_mobilesc8180xp-ad_firmwaresnapdragon_auto_5g_modem-rfflight_rb5_5g_firmwaressg2125pqru1052csra6640_firmwareqamsrv1mqam8650p_firmwarevideo_collaboration_vc5_platformqca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqdu1010_firmwareipq8068qcs4290_firmwarecsra6620qca8081sd660wsa8815qam8775pqca9377snapdragon_ar2_gen_1_firmwareqcm4325_firmwareqcn6412qcm4290_firmwaresnapdragon_720g_mobile_firmwareqca9888_firmwareqca9889qcn5024_firmwareqcn9002_firmwareimmersive_home_318ipq5010qcn9274_firmwaresnapdragon_710_mobilesg4150p_firmwareqru1052_firmwarecsra6620_firmwareqcs8550ipq8068_firmwaresa8650psnapdragon_626_mobileqam8775p_firmwaresd865_5g_firmwarepmp8074_firmwaresnapdragon_xr1wcd9375qca9889_firmwaresnapdragon_ar2_gen_1snapdragon_636_mobilesa8145psd_675snapdragon_8\+_gen_1_mobile_firmwarecsr8811smart_display_200qdx1010wcn3680b_firmwaresnapdragon_8_gen_1_mobile_firmwareqcm8550_firmwareqcs410_firmwarerobotics_rb3sa6150p_firmwaresw5100pipq9574qcn9000_firmwareqcn6102_firmwaresxr1120qcn9022qcs610_firmwarewcd9335wcd9370qca8072snapdragon_7c_gen_2_compute_firmwareqca6696wcd9341_firmwareqcn9003_firmwareipq8076wcn6740_firmwareipq6018_firmwaresnapdragon_750g_5g_mobileqca9984_firmwareqcn6023snapdragon_685_4g_mobilesnapdragon_780g_5g_mobilevision_intelligence_200_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqca9994_firmwareqdu1110snapdragon_auto_4g_modemipq8078asnapdragon_690_5g_mobile_firmwareqca6574auwcd9390csra6640snapdragon_778g_5g_mobile_firmwaresrv1hqcn9100_firmwarewcn3660b_firmwareqcn5122sd730snapdragon_690_5g_mobileqcn6024_firmwaresnapdragon_636_mobile_firmwareqca9886_firmwaresnapdragon_712_mobile_firmwaresnapdragon_625_mobileqcm6125_firmwarec-v2x_9150ssg2115pqcc710qcn6132_firmwaresnapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresxr1120_firmwareqcn5054315_5g_iot_modem_firmwarefastconnect_6900qcn6402snapdragon_w5\+_gen_1_wearable_firmwareimmersive_home_326_firmwareqru1032_firmwareipq5332_firmwareqcn5052fsm10056_firmwareqca9980qfw7114315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwareipq8064sa8155_firmwareqcn5164qca6335qcs4490snapdragon_730_mobilemdm9250wsa8845snapdragon_626_mobile_firmwareqcn6100_firmwareqca6421_firmwareqcm6125sc8180x-adcsr8811_firmwarewsa8810qcn5021qdu1000_firmwareqsm8250srv1h_firmwareqcn6100qca6595ausnapdragon_888_5g_mobilesm7315_firmwareqdu1010wcd9326_firmwaresnapdragon_845_mobile_firmwarewsa8840srv1m_firmwareqcs8550_firmwaresnapdragon_730g_mobilesnapdragon_782g_mobileqdu1210_firmwareqca9986_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwareqcn9012wcd9371_firmwareqcs4490_firmwarewcn3910_firmwaresdx71msnapdragon_460_mobilesnapdragon_8_gen_2_mobilewcd9370_firmwareqdu1110_firmwareqdu1000sa7255p_firmwareipq9570snapdragon_8\+_gen_2_mobilesa8195pqca6335_firmwareqcm6490ipq5302sa8540p_firmwaresnapdragon_662_mobileqcn9274ipq8076a_firmwaresa8775pipq9570_firmwaresxr2230p_firmwarear9380_firmwaresd675_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwareqcn9011sa8775p_firmwaresmart_audio_400qcn9024_firmwarewsa8845hsa6150pwcd9326sa8155p_firmwaresnapdragon_630_mobileqca6564aqcn9074_firmwaresnapdragon_768g_5g_mobile_firmwaresnapdragon_7c_gen_2_computeipq8174sc8180x\+sdx55_firmwareipq8174_firmwarear8035ipq8072aqamsrv1m_firmwaresa6155qcm4325qcn6224sc8180x\+sdx55qca6698aqssg2125p_firmwaresm6250snapdragon_480\+_5g_mobilesd670wcn3680bsa8145p_firmwaresa8150p_firmwarefastconnect_6700_firmwarewcn3990qcn9002ipq8078qcs6490qcs8250snapdragon_695_5g_mobileipq9554_firmwaresnapdragon_778g_5g_mobilefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwaresnapdragon_460_mobile_firmwareqca6678aq_firmwareqca8386_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqca6678aqqcn6432_firmwareqcn5022_firmwaresc8180xp-aaab_firmwareqca9992ipq9554qca6564ausc8180xp-adsm6250p_firmwaresc8280xp-abbbsa8195p_firmwareqcm4290qcn5054_firmwareqca9888ipq5332sd_455_firmwarear8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwareipq8072a_firmwaresnapdragon_xr2\+_gen_1sm4125qcm4490_firmwareqru1032vision_intelligence_400_firmwareqcn6112_firmwareqcs6125flight_rb5_5gsnapdragon_870_5g_mobile_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_732g_mobilesnapdragon_870_5g_mobilesnapdragon_678_mobilesd_455qca9886qcn6132sm6250_firmwaresc8180x-ad_firmwaresnapdragon_7c_computeqcn6102qca6584auqca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwarewcn6740snapdragon_780g_5g_mobile_firmwaresnapdragon_845_mobilesnapdragon_8_gen_3_mobile_firmwareqfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareqcn6422snapdragon_675_mobileimmersive_home_214_firmwareipq8070awcd9380sa6145p_firmwareqam8255psa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_xr2_5gsa8150pqcn9003immersive_home_3210qcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x35_5g_modem-rf_systemsc8180x-aaabsxr1230psd662_firmwareipq6010sw5100aqt1000snapdragon_4_gen_1_mobile_firmwarec-v2x_9150_firmwareqam8295p_firmwaresd855wcn3990_firmwaresm7315snapdragon_660_mobileqca6564a_firmwarewcd9385qca9994qsm8350snapdragon_888\+_5g_mobilesnapdragon_8_gen_1_mobilesnapdragon_630_mobile_firmwaresd662snapdragon_680_4g_mobile_firmwareqcs4290sxr1230p_firmwaresnapdragon_865\+_5g_mobilesg8275psdx71m_firmwaresm6250psdx55_firmwareipq8071a_firmwarewcn3615_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_480\+_5g_mobile_firmwarerobotics_rb5qca6174a_firmwaresm7325psnapdragon_732g_mobile_firmwaresnapdragon_670_mobile_firmwareaqt1000_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274qfw7124qca6595au_firmwareqca0000sw5100p_firmwareqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150psd_8_gen1_5gqcn5124ipq8064_firmwareqca6797aqqcn5152ipq8065_firmwareqca6574a_firmwaresdx55qcn9072_firmwaresnapdragon_4_gen_1_mobilesnapdragon_865_5g_mobileipq8074aimmersive_home_3210_firmwaresd675snapdragon_855\+_mobile_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwareqca8386qca6391snapdragon_x70_modem-rf_systemipq8173_firmwareqcn9012_firmwaresa8770p_firmwaresa8295psnapdragon_x50_5g_modem-rf_system_firmwaresc8280xp-abbb_firmwarefastconnect_7800snapdragon_8\+_gen_2_mobile_firmwareipq8078_firmwarevision_intelligence_300snapdragon_765g_5g_mobilewcn3988_firmwareimmersive_home_316_firmwareqamsrv1h_firmwareipq8070_firmwareqcn5154sd_8cxvision_intelligence_400ssg2115p_firmwarewsa8835_firmwareqcn5022snapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_w5\+_gen_1_wearableqcs610Snapdragonsnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_720g_mobile_platform_firmwarequalcomm_video_collaboration_vc1_platform_firmwarewsa8832_firmwareqca6431_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareflight_rb5_5g_platform_firmwareipq8070_firmwareqcn6102_firmwaresd888_firmwareqcn9024_firmwareqcn9070_firmwarewsa8835_firmwareqcn6422_firmwaresd670_firmwarecsr8811_firmwarefastconnect_6700_firmwareipq8076a_firmwaresnapdragon_x12_lte_modem_firmwareqcn9022_firmwaremdm9250_firmwaresa8155p_firmwareqcn6224_firmwareqca6420_firmwareqcn5052_firmwareqcn5164_firmwarecsrb31024_firmwareimmersive_home_3210_platform_firmwareqca9994_firmwareqca9377_firmwaresd626_firmwaresm7315_firmwareqcn6100_firmwareqcn6402_firmwarevision_intelligence_400_platform_firmwaresd835_firmwarewcd9385_firmwareqca9990_firmwarefastconnect_7800_firmwarepmp8074_firmwareipq8078_firmwaressg2125p_firmwarewcd9360_firmwarecsra6620_firmwaresa8155_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn6024_firmwareqamsrv1m_firmwareipq8070a_firmwareqcn6274_firmwareipq5302_firmwareqcn5152_firmwareqam8650p_firmwarec-v2x_9150_firmwareqsm8250_firmwarewcn3950_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqcn6432_firmwaresrv1m_firmwareimmersive_home_316_platform_firmwareqrb5165n_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqcn5024_firmwaresa8195p_firmwareqcn9003_firmwareipq8173_firmwarewcn3910_firmwareqcn9012_firmwaresd_8cx_firmwareqcn9100_firmwareqdx1011_firmwaresw5100_firmwaresa9000p_firmwarear8035_firmwaresnapdragon_695_5g_mobile_platform_firmware315_5g_iot_modem_firmwarewsa8845_firmwaresd660_firmwareqca8075_firmwareqca6574au_firmwaresdx71m_firmwareqcn9274_firmwareipq8071a_firmwareqca6678aq_firmwaresm4125_firmwareqcn5122_firmwareipq8068_firmwarewcn3980_firmwareqca4024_firmwaresnapdragon_626_mobile_platform_firmwareqcn9000_firmwareqcm6125_firmwarewcn3660b_firmwareqca6696_firmwareimmersive_home_326_platform_firmwareqsm8350_firmwareqcn5054_firmwaresnapdragon_xr1_platform_firmwareqca8337_firmwareqca9985_firmwareqcn5154_firmwarefsm10056_firmwareqca6595au_firmwareqamsrv1h_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_ar2_gen_1_platform_firmwareipq9570_firmwarewcd9395_firmwareqdu1010_firmwaresg4150p_firmwareqca6174a_firmwareqcn9072_firmwareqca6391_firmwaresnapdragon_x70_modem-rf_system_firmwareipq6010_firmwarewcd9370_firmwarewsa8840_firmwareqam8775p_firmwarewcd9371_firmwarerobotics_rb3_platform_firmwareqca9986_firmwaresw5100p_firmwareqcm4325_firmwaresnapdragon_865_5g_mobile_platform_firmwarewsa8830_firmwareqam8295p_firmwareqca6320_firmwareqca6574_firmwaresd_675_firmwareqca9984_firmwarewcd9335_firmwaresnapdragon_630_mobile_platform_firmwareqcn6112_firmwarear8031_firmwareqcm4490_firmwareqcn6023_firmwareqca8072_firmwareqcm2290_firmwaresnapdragon_480_5g_mobile_platform_firmwaresnapdragon_662_mobile_platform_firmwareipq5028_firmwareqdx1010_firmwareqcs610_firmwareipq6028_firmwarewsa8815_firmwareipq8072a_firmwarewcn3990_firmwareipq9574_firmwareqrb5165m_firmwareqca6430_firmwaresd865_5g_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqca6426_firmwaresnapdragon_auto_4g_modem_firmwaresc8380xp_firmwaresdx55_firmwaresmart_audio_400_platform_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca6421_firmwarefsm10055_firmwareimmersive_home_214_platform_firmwareqam8255p_firmwareqca6310_firmwaresa8650p_firmwarear9380_firmwareqcn6132_firmwareqcn6412_firmwareqca6574a_firmwaresd_455_firmwareqcs4490_firmwareqcn5124_firmwareipq8065_firmwaresdx57m_firmwaresa8150p_firmwareqcs7230_firmwaresrv1h_firmwaresd855_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresa8255p_firmwaresm7325p_firmwarewcn3988_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_855_mobile_platform_firmwareqcm6490_firmwareipq8064_firmwareipq8076_firmwareipq8074a_firmwarefastconnect_6200_firmwareqca8386_firmwaresm6250_firmwaresa6155_firmwaresm7250p_firmwaresnapdragon_675_mobile_platform_firmwareqca6698aq_firmwareqca8081_firmwaresnapdragon_680_4g_mobile_platform_firmwaresa8770p_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_636_mobile_platform_firmwarecsra6640_firmwaresxr1120_firmwarewcd9341_firmwarewsa8845h_firmwareqca9992_firmwareqcm8550_firmwareqdu1110_firmwareqca6436_firmwaresd662_firmwareqca6595_firmwareqca0000_firmwaresa7255p_firmwarewcd9326_firmwareqcn9011_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarevision_intelligence_300_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6564a_firmwareqca6335_firmwareqca9889_firmwaresnapdragon_625_mobile_platform_firmwareipq6018_firmwaresnapdragon_690_5g_mobile_platform_firmwareipq9554_firmwareqca9980_firmwarewcd9340_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6800_firmwareqcn5022_firmwareqcs6125_firmwareqcc710_firmwareqcf8000_firmwaresa6155p_firmwareqcn9002_firmwareqcn9074_firmwarewcn6740_firmwaresd_8_gen1_5g_firmwareqcs8550_firmwaresa8540p_firmwareipq5312_firmwareqca6564au_firmwaresnapdragon_xr2_5g_platform_firmwareqcn9001_firmwaresm6250p_firmwareqep8111_firmwareqcn6122_firmwaresa8775p_firmwareimmersive_home_318_platform_firmwarewcn3615_firmwarewcd9390_firmwareaqt1000_firmwaresm8550p_firmwarewcn3999_firmwareqcs6490_firmwaresnapdragon_850_mobile_compute_platform_firmwaresd675_firmwareipq8078a_firmwaresa6145p_firmwaresnapdragon_835_mobile_pc_platform_firmwaresa8295p_firmwaresnapdragon_845_mobile_platform_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa6150p_firmwaresxr1230p_firmwareqfw7124_firmwareipq8174_firmwarefastconnect_6900_firmwareqdu1000_firmwareqca9888_firmwaresxr2130_firmwarewcd9380_firmwareqca6584au_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8810_firmwareimmersive_home_216_platform_firmwareqcn5021_firmwareqfw7114_firmwaresd730_firmwaresxr2230p_firmwaressg2115p_firmwaresg8275p_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresa8145p_firmwaresd460_firmwareqru1052_firmwarequalcomm_video_collaboration_vc3_platform_firmwarerobotics_rb5_platform_firmwareqdu1210_firmwareqcs4290_firmwareqca9886_firmwareqru1062_firmwareqcs2290_firmwaresnapdragon_460_mobile_platform_firmwareqca6797aq_firmwarewcn3680b_firmwareipq5010_firmwaresnapdragon_712_mobile_platform_firmwaresnapdragon_665_mobile_platform_firmwareqru1032_firmwareqcs410_firmwareipq5332_firmwareqcm4290_firmwareqcs8250_firmwarewcd9375_firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27519
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 13.92%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-11 Jun, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-optane_memory_h20_with_solid_state_storageoptane_ssd_dc_p4800x_firmwareoptane_ssd_dc_p4801x_firmwareoptane_ssd_905poptane_ssd_900poptane_ssd_dc_p4801xoptane_memory_h20_with_solid_state_storage_firmwareoptane_ssd_dc_p4800xoptane_ssd_905p_firmwareoptane_ssd_900p_firmwareIntel(R) Optane(TM) SSD products
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2061
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.11%
||
7 Day CHG~0.00%
Published-29 Oct, 2019 | 21:01
Updated-07 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.

Action-Not Available
Vendor-rpcbind_projectrpcbind
Product-rpcbindrpcbind
CWE ID-CWE-20
Improper Input Validation
CVE-2022-21933
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 15.39%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 09:05
Updated-16 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS VivoMini/Mini PC - improper input validation

ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-pb61vpn60un65u_firmwarepa90vc65-c1pn60_firmwarepb50pb60s_firmwarepb60g_firmwarepa90_firmwarevc65-c1_firmwarepn30pb60_firmwarets10pb60un65upn30_firmwarets10_firmwarepb60vpb60gpb61v_firmwarepb60spb60v_firmwarepn40pb50_firmwarepn40_firmwarePB60GVC65-C1PA90PN40PB50UN65UPN60PB60SPB61VTS10PN30PB60VPB60
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25522
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.32%
||
7 Day CHG~0.00%
Published-03 Jul, 2023 | 23:27
Updated-25 Nov, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a800_firmwaredgx_a800dgx_a100dgx_a100_firmwareDGX A100/A800dgx_a800dgx_a100
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38413
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Computer Vision

Memory corruption while processing frame packets.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwarewsa8840snapdragon_8_gen_3_mobile_firmwarewsa8845_firmwarewsa8845h_firmwarewsa8845snapdragon_8_gen_3_mobilewcd9395_firmwarewcd9390wsa8840_firmwarewsa8845hwcd9395fastconnect_7800wcd9390_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-38046
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.63% / 69.46%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PowerShell Elevation of Privilege Vulnerability

PowerShell Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_10_21h1windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2019Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38043
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.80% / 73.03%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PowerShell Elevation of Privilege Vulnerability

PowerShell Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows 10 Version 1809Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows 10 Version 22H2Windows 11 version 22H3Windows Server 2019 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38052
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.88% / 87.78%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2008 R2 Service Pack 1Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0485
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.97% / 75.63%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_2000windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38420
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 9.48%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Hypervisor

Memory corruption while configuring a Hypervisor based input virtual device.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwareqca6421snapdragon_678_mobilesnapdragon_ar2_gen_1qcm6490_firmwaresd675qcn6224_firmwareqca6420snapdragon_670_mobile_firmwaresa7775p_firmwaresa8775pqca6574au_firmwaresc8180x-ad_firmwaresd670_firmwareqam8775pqca6584ausnapdragon_x65_5g_modem-rf_firmwarewcd9326qca6430sa8255pqdu1210_firmwaresnapdragon_x62_5g_modem-rfwcd9370_firmwaresnapdragon_888_5g_mobileqcc710_firmwareqru1052qdu1000_firmwaresc8180xp-acafsa8540p_firmwarerobotics_rb3_firmwaresd675_firmwaresnapdragon_865\+_5g_mobilesnapdragon_675_mobileqep8111_firmwaresd_8_gen1_5g_firmwarerobotics_rb3qru1032sxr2130qca6574ssg2115p_firmwareqcm8550sa8650psa8770p_firmwareqca6698aq_firmwaresa8775p_firmwaresnapdragon_x55_5g_modem-rf_firmwareqamsrv1m_firmwaresnapdragon_865_5g_mobilewcd9326_firmwaresnapdragon_670_mobileqca6421_firmwaresnapdragon_xr2_5gfastconnect_6800wsa8810qdx1011snapdragon_8_gen_3_mobile_firmwareqam8255p_firmwaresnapdragon_888\+_5g_mobilewcd9375snapdragon_855_mobilesnapdragon_870_5g_mobile_firmwaresc8180x-aaabqdu1000sa6155fastconnect_6200_firmwarevision_intelligence_300snapdragon_855\+_mobilesa6155psnapdragon_765g_5g_mobile_firmwareqca6335_firmwarevideo_collaboration_vc3_platformqamsrv1h_firmwaresnapdragon_860_mobile_firmwarewsa8830_firmwareqca8081qdu1110_firmwaresc8380xpwcd9385wsa8840_firmwareqfw7124_firmwarewsa8840qca6426qfw7124qca6696sa8155p_firmwareqca6595snapdragon_678_mobile_firmwareqca8337snapdragon_845_mobile_firmwareqca8337_firmwareqam8650psxr1230p_firmwaresxr2330pvision_intelligence_400_firmwaresnapdragon_x24_lte_modemsrv1mqcs5430_firmwareqru1062qam8775p_firmwaresnapdragon_ar1_gen_1sm7250p_firmwaresnapdragon_x50_5g_modem-rf_firmwareqcm5430qcs9100qca6335sa8295p_firmwaresd855_firmwareqca9377sa9000pwsa8835aqt1000_firmwareqca8081_firmwareqca6797aq_firmwarefastconnect_7800wcd9340snapdragon_xr2_5g_firmwareqca6174aqca6574ausnapdragon_765_5g_mobilesnapdragon_auto_5g_modem-rf_gen_2qca6584au_firmwaresd_675_firmwarewcn3990fastconnect_6700qca6696_firmwaresnapdragon_x72_5g_modem-rf_firmwareqdx1011_firmwareqcs9100_firmwareqru1032_firmwaresrv1m_firmwarewsa8832fastconnect_6700_firmwarewcd9390_firmwareqcn6274sc8180x-adsc8280xp-abbb_firmwarewsa8815snapdragon_768g_5g_mobile_firmwaresxr1230pqru1062_firmwaresdx57mqca6574a_firmwaresdx55_firmwaresa8620pqca6430_firmwaresrv1lsrv1h_firmwareqcs6490sa8540psa6155_firmwaresc8180x-acaf_firmwaresa9000p_firmwaresa7775psnapdragon_auto_5g_modem-rf_gen_2_firmwarewsa8835_firmwaresnapdragon_855_mobile_firmwareqep8111sa7255psnapdragon_x35_5g_modem-rfqdu1210qamsrv1mqcs5430qam8295p_firmwareqcs8550_firmwareqcm6490qru1052_firmwareqdu1010_firmwaresnapdragon_x50_5g_modem-rfssg2125p_firmwaresa8650p_firmwareqcn6274_firmwarewcn3950_firmwareqca6391snapdragon_x65_5g_modem-rfvision_intelligence_400qcn9274_firmwareqca6564aqca6310qdu1110sdx57m_firmwarewcn3950video_collaboration_vc3_platform_firmwarewsa8845_firmwaresnapdragon_x55_5g_modem-rfqca6574_firmwareqcm8550_firmwaresa8150p_firmwarear8035qca6564a_firmwaresrv1l_firmwaresc8180xp-aaab_firmwarewsa8845hsa6155p_firmwarewcd9341wcd9395_firmwaresa8155sc8180x-aaab_firmwarewcn3990_firmwarefastconnect_6900qca6574aqca6431wcd9375_firmwarewcd9385_firmwareqam8650p_firmwaresnapdragon_855\+_mobile_firmwareqcn9274snapdragon_850_mobile_computesnapdragon_860_mobileqca6310_firmwaresa8295psa6145p_firmwaresa6145psdx80msa8620p_firmwaresnapdragon_888_5g_mobile_firmwaresdx80m_firmwaresa7255p_firmwareqca6595_firmwaresnapdragon_765g_5g_mobilevision_intelligence_300_firmwareqamsrv1hsdx55sc8180xp-acaf_firmwaresnapdragon_865\+_5g_mobile_firmwarewcd9380snapdragon_x75_5g_modem-rf_firmwareqsm8350qca6436_firmwaresa8155pwsa8832_firmwaresd_8cxqca6564ausc8180xp-adsxr2130_firmwareqcs6490_firmwareqca6595au_firmwareqcn6224sa8255p_firmwareqca6595ausc8180xp-ad_firmwareqam8255psc8280xp-abbbqca6431_firmwaresrv1hsnapdragon_845_mobileqam8620par8035_firmwaresc8380xp_firmwareqsm8350_firmwaresd865_5g_firmwaresd865_5gwsa8845h_firmwaresnapdragon_675_mobile_firmwareqdx1010_firmwaresnapdragon_x62_5g_modem-rf_firmwarewsa8845snapdragon_ar2_gen_1_firmwarewcd9380_firmwaresd855qca6391_firmwareqca6174a_firmwareqdx1010qdu1010wcn3980wcd9370wcd9340_firmwaresc8180x-acafqca6426_firmwaressg2125pqca6678aqsnapdragon_765_5g_mobile_firmwaresnapdragon_x75_5g_modem-rfwcd9341_firmwaresa8155_firmwaresnapdragon_8_gen_1_mobilesnapdragon_870_5g_mobilesnapdragon_865_5g_mobile_firmwareqca6564au_firmwareqam8295pqam8620p_firmwaresnapdragon_888\+_5g_mobile_firmwareqca6797aqqcs8550sa8150psnapdragon_768g_5g_mobileqcm5430_firmwaresnapdragon_8_gen_1_mobile_firmwaresd_8_gen1_5gsnapdragon_ar1_gen_1_firmwarewsa8810_firmwaresd_8cx_firmwareqcc710sm7250pssg2115psnapdragon_8_gen_3_mobilesnapdragon_x72_5g_modem-rfqca6420_firmwareqca9377_firmwaresc8180xp-aaabsnapdragon_850_mobile_compute_firmwaresd670wsa8830wsa8815_firmwaresa8770psnapdragon_x24_lte_modem_firmwarefastconnect_6200wcn3980_firmwaresnapdragon_x35_5g_modem-rf_firmwareqca6678aq_firmwareqca6698aqqca6436fastconnect_6900_firmwareqfw7114sd_675aqt1000fastconnect_6800_firmwarewcd9390wcd9395qfw7114_firmwaresxr2330p_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24579
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.44%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 00:00
Updated-03 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-total_protectionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-33065
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.29%
||
7 Day CHG~0.00%
Published-07 Oct, 2024 | 12:58
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Camera

Memory corruption while taking snapshot when an offset variable is set by camera driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8845_firmwarewsa8840wcd9370snapdragon_8cx_compute_platform_\(sc8180xp-ac\,_af\)_\"poipu_pro\"_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-ac\,_af\)_\"poipu_pro\"wcd9340_firmwarewcd9385wcd9341_firmwaresc8380xpsnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\,_af\)_\"poipu_pro\"_firmwaresnapdragon_7c_compute_platform_\(sc7180-ac\)_firmwaresnapdragon_7c\+_gen_3_compute_firmwarefastconnect_6700qca6420snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\,_bb\)_firmwarewsa8815_firmwareqca6430wcd9370_firmwaresnapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"_firmwareqcm6490_firmwarewcd9340wcd9341qcm6490wsa8810_firmwarewsa8845h_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\,_af\)_\"poipu_pro\"snapdragon_7c\+_gen_3_computewsa8835wsa8840_firmwareqca6391_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\,_ab\)qca6430_firmwareqcs5430fastconnect_6800_firmwarewsa8845hwcd9380_firmwaresm6250_firmwareqcm5430snapdragon_7c_compute_platform_\(sc7180-ac\)qcm5430_firmwarewsa8815wsa8830snapdragon_8c_compute_platform_\(sc8180xp-ad\)_\"poipu_lite\"_firmwaresnapdragon_8c_compute_platform_\(sc8180xp-ad\)_\"poipu_lite\"snapdragon_8cx_compute_platform_\(sc8180x-aa\,_ab\)_firmwaresc8180x\+sdx55_firmwaresc8380xp_firmwarefastconnect_6800snapdragon_8c_compute_platform_\(sc8180x-ad\)_\"poipu_lite\"_firmwarewcd9375_firmwarefastconnect_7800_firmwarefastconnect_6900qca6391sc8180x\+sdx55qcs5430_firmwarewcd9385_firmwaresm6250snapdragon_8cx_compute_platform_\(sc8180x-aa\,_ab\)fastconnect_6900_firmwarewcd9380fastconnect_6200fastconnect_7800snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\,_bb\)snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\,_ab\)_firmwarewcd9375wsa8845snapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"fastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)_\"poipu_lite\"wsa8835_firmwarewsa8810qcs6490fastconnect_6200_firmwarewsa8830_firmwarevideo_collaboration_vc3_platformaqt1000Snapdragonaqt1000_firmwareqcm5430_firmwarewcd9380_firmwareqca6430_firmwareqcs6490_firmwareqcm6490_firmwareqcs5430_firmwarewsa8840_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6391_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9370_firmwaresc8380xp_firmwarewcd9340_firmwaresm6250_firmwarewsa8830_firmwarewsa8845_firmwarefastconnect_6700_firmwarewsa8815_firmwarewsa8835_firmwarewsa8810_firmwarefastconnect_6200_firmwarewcd9341_firmwarefastconnect_7800_firmwareqca6420_firmwarewcd9375_firmwarewsa8845h_firmwarefastconnect_6800_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-24569
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.62%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 12:57
Updated-24 Mar, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-24853
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.79%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-27 Feb, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in HLOS

Memory Corruption in HLOS while registering for key provisioning notify.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwaresnapdragon_8_gen_1_mobile_platformwsa8830sa6150p_firmwaresa8145p_firmwaresxr2230p_firmwarefsm10056qca8337qam8650pqfw7124sg8275p_firmwareqca6431_firmwareqam8775pqru1052snapdragon_865_5g_mobile_platformsnapdragon_888_5g_mobile_platformqcn6224_firmwaresc8280xp-bb_firmwaresm7250-ac_firmwarewsa8840wcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6595au_firmwaresa6155wcd9370ssg2115pqca6564qca6426sc8280xp-abqdu1110snapdragon_8_gen_2_mobile_platformsm8250-abqamsrv1hwcd9385_firmwareqam8295pwcn3950fastconnect_6200qamsrv1h_firmwaresd_8_gen1_5g_firmwareqsm8350_firmwareqsm8350qam8295p_firmwaresa8155sa9000p_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574au_firmwaresnapdragon_4_gen_2_mobile_platformqca6595auqca8081_firmwaresa6155_firmwareqfw7114sm7250p_firmwarewsa8845h_firmwareqca6436_firmwareqca6564au_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcs8155wsa8840_firmwareqca6698aqsa4155p_firmwaresa8155_firmwareqcs8550_firmwaresm7250-ab_firmwaresm8250-acwcn3988_firmwareqru1062_firmwaresa6145p_firmwaresrv1hqca6421sm7250-aasnapdragon_8\+_gen_1_mobile_platformfastconnect_6700_firmwaresa8195pwcd9340wsa8810_firmwareqcn6224fsm10056_firmwareqca6436snapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresa6155psnapdragon_x75_5g_modem-rf_systemqdu1000_firmwareqca8081wcd9395_firmwarewsa8845hqca6698aq_firmwareqcm4490wcd9385sxr2130_firmwareqam8775p_firmwaresa8255pqca6431qca6696_firmwareqca6797aqar8035qru1052_firmwaresa8150pwcd9390qcc710_firmwaresm8250-ac_firmwarewsa8830_firmwaresd865_5g_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqca6564asa8295p_firmwaresa4150psnapdragon_8_gen_2_mobile_platform_firmwareqca8337_firmwarewcd9380_firmwaressg2125psd865_5gfastconnect_6800qca6595qru1032qca6564auqcm8550sm8350-ac_firmwareqdu1010_firmwareqdx1011qdu1000wsa8835qca6574sxr1230p_firmwareqdu1110_firmwaresa8540p_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresa4155pqcn6274sd_8_gen1_5gwcd9380fastconnect_6700snapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwareqca6574asxr2130sxr1230psg8275pqfw7114_firmwareqru1062wsa8845sa8650psa9000pqca6574_firmwaresm7250-abwcd9340_firmwarewsa8815sxr2230pqru1032_firmwaresnapdragon_xr2_5g_platform_firmwarewsa8845_firmwareqca6426_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresm8250-ab_firmwareqca6391sa8295pqca6421_firmwarefastconnect_7800sc8280xp-ab_firmwareqcm4490_firmwareqcn6274_firmwareqcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemsa8650p_firmwarewsa8832_firmwarefastconnect_6900snapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareqca6797aq_firmwareqdu1010qca6574ausa8155p_firmwareqdx1011_firmwareqca6564a_firmwarefastconnect_7800_firmwaresnapdragon_8\+_gen_2_mobile_platformsm7250-aa_firmwarewsa8810wsa8832qdx1010_firmwaresa8540psm7250-acsm8550psnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_ar2_gen_1_platformsa6145psm8350-acqam8650p_firmwareqca6564_firmwareqcc710qcs4490qca6595_firmwaresa8145psc8280xp-bbqca6696wcd9395qca6391_firmwareqcs8550sa4150p_firmwarewcd9370_firmwaresm8550p_firmwareqdx1010sa6150pwcd9390_firmwaresa8155pqdu1210sm7250psnapdragon_8\+_gen_1_mobile_platform_firmwaressg2115p_firmwareqcs8155_firmwareqfw7124_firmwareqam8255pqdu1210_firmwarear8035_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-23416
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.60% / 88.83%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Remote Code Execution Vulnerability

Windows Cryptographic Services Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-32903
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.4||HIGH
EPSS-0.02% / 4.00%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-20 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-23419
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.82%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2Windows 11 version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-33657
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.60%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 16:17
Updated-22 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Smm Callout in SmmComputrace Module

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.

Action-Not Available
Vendor-AMI
Product-AptioVaptio_v
CWE ID-CWE-20
Improper Input Validation
CVE-2023-2264
Matching Score-4
Assigner-Schweitzer Engineering Laboratories, Inc.
ShareView Details
Matching Score-4
Assigner-Schweitzer Engineering Laboratories, Inc.
CVSS Score-4||MEDIUM
EPSS-0.05% / 16.60%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:55
Updated-03 Jun, 2025 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validition could lead to code injection

An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details.

Action-Not Available
Vendor-Schweitzer Engineering Laboratories, Inc. (SEL)
Product-sel-411l_firmwaresel-411lSEL-411L
CWE ID-CWE-20
Improper Input Validation
CVE-2009-2835
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.06% / 18.37%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21502
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.04% / 10.24%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21767
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.10%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Overlay Filter Elevation of Privilege Vulnerability

Windows Overlay Filter Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1984
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.75%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 18:41
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secdo: Privilege escalation via hardcoded script path

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.

Action-Not Available
Vendor-SecdoPalo Alto Networks, Inc.Microsoft Corporation
Product-secdowindowsSecdo
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21749
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.16%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21192
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.02%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21657
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.60%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Audio

Memoru corruption in Audio when ADSP sends input during record use case.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwareqam8255p_firmwareqca9377_firmwaresnapdragon_662_mobile_platform_firmwaresm7325-ae_firmwaresa6150p_firmwarewsa8830sa8145p_firmwareqcs610qcs2290_firmwareqam8650pwcn785x-5qam8775psnapdragon_820_automotive_platform_firmwareflight_rb5_5g_platformmdm9650csra6620flight_rb5_5g_platform_firmwaresm7250-ac_firmwareqcs4290wcn3950_firmwaresa8150p_firmwareqcs2290qca6595au_firmwareqca6390_firmwaresm8350wcd9370csra6620_firmwarecsra6640_firmwareqca6426wcn685x-1qrb5165n_firmwaresm7350-ab_firmwarewcn3990_firmwareqca9377sm4375wcn3998sm8250-abwcd9385_firmwareqam8295pwcn3950sm4125wcd9326_firmwarewcn3615_firmwaresm6375_firmwarewcn3660bqam8295p_firmwaresm7325-afqcn9011_firmwaresm7315_firmwareqca6320_firmwaresm7325-aeqca6574au_firmwaresm4250-aasnapdragon_835_mobile_pc_platform_firmwaresnapdragon_x55_5g_modem-rf_systemqca6595auwcn3998_firmwaresm6225-adsm7325-af_firmwaresm7250p_firmwarewcd9375_firmwarewcn3615qca6436_firmwaresm4350-acqrb5165nsnapdragon_xr2\+_gen_1_platformsnapdragon_auto_5g_modem-rf_firmwaresa6155p_firmwareqca6310sm6225smart_audio_400_platform_firmwaresm6225-ad_firmwareqcs6490qrb5165m_firmwareqrb5165_firmwareqca6698aqsa4155p_firmwareqcs8550_firmwaresm8250_firmwaresm7250-ab_firmwaresm8250-acwcn3988_firmwaresa6145p_firmwareqm215sm7250-aawcd9340sa8195pwsa8810_firmwaresm4375_firmwareqca6436wcd9326sa8255p_firmwaresa6155psg4150pwcd9335qca6698aq_firmwareqca6174a_firmwarewcn685x-1_firmwareqcs4290_firmwaresxr2130_firmwareqam8775p_firmwaresa8255pwcd9341wcd9385qca6696_firmwareqcs6490_firmwaresnapdragon_x12_lte_modem_firmwaresnapdragon_x12_lte_modemqca6797aqqca6390sm4350_firmwarewcd9375wcn3910_firmwaresa8150psnapdragon_662_mobile_platformsm8250-ac_firmwarewsa8830_firmwaresd660sd865_5g_firmwaresm7225_firmwareqcm6490snapdragon_7c\+_gen_3_compute_firmwarewcn3620_firmwaresd660_firmwarewcn3620sm4250-aa_firmwaresa8195p_firmwarewcn3988sm7350-abwsa8815_firmwarewsa8835_firmwarewcn6750_firmwaresa8295p_firmwaresa4150psg4150p_firmwarewcn785x-1qcm4325qcm2290_firmwaresm6375wcn3991wcd9380_firmwarewcn3990sdm429wsd865_5gqca6595sm8350-ac_firmwaresdm439snapdragon_835_mobile_pc_platformqcn9012sd888sdm429wsa8835qca6574sdm429w_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_auto_5g_modem-rfwcd9380qcs410sxr2130qca6574asmart_audio_400_platformwcn685x-5_firmwareqca6174asm7325pqca6310_firmwaresm7325wcn6750qcn9012_firmwarewcd9335_firmwarewcn3980sm7225qcm4325_firmwaresm7250-abqca6574_firmwarewcd9340_firmwaresm4125_firmwarewcn3680b_firmwaresm7325p_firmwarewsa8815wcn3910qca6320sdm429_firmwaremdm9650_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwareqcs8250wcn3660b_firmwareqca6574a_firmwaresd835qrb5165mwcn785x-5_firmwaresm7315sm8250-ab_firmwareqca6391snapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_xr2\+_gen_1_platform_firmwarewcn3980_firmwaresnapdragon_820_automotive_platformsa8295psm6350wcn6740_firmwaresnapdragon_xr2_5g_platformqcm4290qcm6490_firmwaresm8350_firmwareqrb5165wcn685x-5sdm660qcn9011sm6225_firmwareqca6797aq_firmwaresm6350_firmwarewcn785x-1_firmwareqca6574ausa8155p_firmwareqcs8250_firmwarewcd9341_firmwareqcm4290_firmwaresm7250-aa_firmwarewsa8810sm7250-acqcs610_firmwaresa6145pwcn3680bsd835_firmwaresm8350-acqam8650p_firmwaresdm439_firmwareqca6595_firmwaresa8145pwcn6740qca6696qca6391_firmwareqcs8550sa4150p_firmwaresm4350qm215_firmwarewcd9370_firmwaresm4350-ac_firmwaresa6150psd888_firmwaresa8155pcsra6640sm8250sm7250pqcs410_firmwareqam8255psa4155psdm660_firmwareqcm2290sm7325_firmwareSnapdragonqcm2290_firmwareqam8255p_firmwareqca9377_firmwarerobotics_rb5_platform_firmwaresnapdragon_662_mobile_platform_firmwarewcd9380_firmwaresa6150p_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresa8145p_firmwareqcs2290_firmwaresnapdragon_820_automotive_platform_firmwareflight_rb5_5g_platform_firmwaresdm429w_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6595au_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarecsra6620_firmwarecsra6640_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwarewcn3990_firmwareqrb5165n_firmwareqca6310_firmwareqcn9012_firmwarewcd9335_firmwarewcd9385_firmwarewcd9326_firmwarewcn3615_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm4125_firmwaresm7325p_firmwaresnapdragon_660_mobile_platform_firmwareqam8295p_firmwaremdm9650_firmwaresnapdragon_xr2_5g_platform_firmwareqcn9011_firmwaresnapdragon_439_mobile_platform_firmwaresm7315_firmwareqca6320_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwaresnapdragon_429_mobile_platform_firmwaresnapdragon_835_mobile_pc_platform_firmwarewcn3680b_firmwarewcd9375_firmwarewcn3660b_firmwareqca6574a_firmwarefastconnect_6200_firmwaresm7250p_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6436_firmwaresnapdragon_680_4g_mobile_platform_firmwarewcn6740_firmwaresnapdragon_auto_5g_modem-rf_firmwaresa6155p_firmwaresnapdragon_690_5g_mobile_platform_firmwaresmart_audio_400_platform_firmwareqrb5165m_firmwareqcm6490_firmwaresa4155p_firmwarefastconnect_6900_firmwareqcs8550_firmwarewcn3988_firmwareqca6797aq_firmwaresa6145p_firmwaresa8155p_firmwarefastconnect_6700_firmwarewsa8810_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcm4290_firmwaresa8255p_firmwareqcs610_firmwareqca6698aq_firmwareqca6426_firmwarequalcomm_215_mobile_platform_firmwaresd835_firmwareqca6174a_firmwareqcs4290_firmwareqam8650p_firmwaresxr2130_firmwareqam8775p_firmwareqca6696_firmwareqcs6490_firmwareqca6595_firmwaresnapdragon_x12_lte_modem_firmwareqca6391_firmwaresa4150p_firmwarewcn3910_firmwarewcd9370_firmwaresd888_firmwarewsa8830_firmwaresd865_5g_firmwarewcn3620_firmwarewsa8815_firmwarewsa8835_firmwaresd660_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqcs410_firmwaresa8295p_firmwaresg4150p_firmwaresnapdragon_750g_5g_mobile_platform_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21121
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.56%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-18 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21501
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.2||HIGH
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21671
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 19.37%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Core

Memory Corruption in Core during syscall for Sectools Fuse comparison feature.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_780g_5g_mobile_platformsm7315_firmwaresnapdragon_782g_mobile_platformwcd9380_firmwarewcd9370snapdragon_888\+_5g_mobile_platform_sm7315snapdragon_778g\+_5g_mobile_platformwsa8830snapdragon_780g_5g_mobile_platform_firmwaresnapdragon_888_5g_mobile_platformwcd9385sd888qsm8350sd888_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn6740wcn6740_firmwarefastconnect_6700snapdragon_778g\+_5g_mobile_platform_firmwareqsm8350_firmwarewcd9375_firmwarefastconnect_6900qca6391wcd9370_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_782g_mobile_platform_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380qcm6490_firmwaresm7325p_firmwaresnapdragon_888_5g_mobile_platform_firmwarewcd9375sm7325pqcm6490snapdragon_778g_5g_mobile_platformfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_888\+_5g_mobile_platform__firmwareqcs6490_firmwarewsa8835_firmwareqcs6490snapdragon_7c\+_gen_3_computewsa8835qca6391_firmwarewsa8830_firmwarevideo_collaboration_vc3_platformSnapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21451
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.47%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21498
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6||MEDIUM
EPSS-0.02% / 4.53%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20507
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.35%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21627
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.05%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:14
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Type Conversion or Cast in Trusted Execution Environment

Memory corruption in Trusted Execution Environment while calling service API with invalid address.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830sda429w_firmwaresa6150p_firmwarewcd9380_firmwaresa8145p_firmwaresw5100psd865_5gqcc5100sdx55m_firmwarewcn6856_firmwarewsa8835sd_8_gen1_5gwcd9380sa8150p_firmwaresd888_5gqca6420_firmwareqca6595au_firmwareqca6390_firmwarewcn6855_firmwareqca6426qca6430_firmwarewcn3980wcn3998wcd9385_firmwaresdxr2_5g_firmwaresd_8_gen1_5g_firmwarewcn3660bsd855wsa8815wcn6850qca6426_firmwarewcn3660b_firmwarewcn7850qca6574au_firmwarewcn3680b_firmwareqca6595auwcn3998_firmwarewcn3980_firmwareqca6391wcn3610_firmwareqca6420qca6436_firmwaresdx55mqcc5100_firmwareaqt1000_firmwaresa6155p_firmwareqcs8155wcn7851sdxr2_5gwcn6851_firmwarewcn3988_firmwareqca6430qca6574ausa6145p_firmwaresa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810sd870qca6436wcn6851wcn6855sa6155psw5100p_firmwarewcn7851_firmwarewcn6856sa6145pwcn3680bwcd9385wcd9341qca6696_firmwaresa8145psd870_firmwareqca6696qca6391_firmwareqca6390aqt1000sa8150psa6150psa8155pwsa8830_firmwaresda429wsd855_firmwaresd865_5g_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqcs8155_firmwaresw5100_firmwarewcn3610Snapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2023-21138
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.56%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found