Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-3388

Summary
Assigner-Hitachi Energy
Assigner Org ID-e383dce4-0c27-4495-91c4-0db157728d17
Published At-21 Nov, 2022 | 00:00
Updated At-23 Jul, 2025 | 20:45
Rejected At-
Credits

Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Hitachi Energy
Assigner Org ID:e383dce4-0c27-4495-91c4-0db157728d17
Published At:21 Nov, 2022 | 00:00
Updated At:23 Jul, 2025 | 20:45
Rejected At:
▼CVE Numbering Authority (CNA)
Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.

Affected Products
Vendor
Hitachi Energy Ltd.Hitachi Energy
Product
MicroSCADA Pro SYS600
Default Status
unaffected
Versions
Affected
  • 9.0
Vendor
Hitachi Energy Ltd.Hitachi Energy
Product
MicroSCADA X SYS600
Default Status
unaffected
Versions
Affected
  • 10.0
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-23CAPEC-23 File Content Injection
CAPEC ID: CAPEC-23
Description: CAPEC-23 File Content Injection
Solutions

For SYS600 9.x: update to at SYS600 version SYS600 9.4 FP2 Hotfix 5 when it is released or upgrade to at least SYS600 version 10.4.1. A requirement to install SYS600 9.4 FP2 Hotfix 5 is to have at least the SYS600 9.4 FP2 Hotfix 4 installed. CPE:  cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*

For SYS600 10.x update to at least SYS600 version 10.4.1 Or apply general mitigation factors. CPE:  cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*

Configurations
Workarounds

Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed. We recommend following the cybersecurity deployment guideline as follows: 1MRK511518 MicroSCADA X Cyber Security Deployment Guideline.

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1
N/A
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cybersecurity@hitachienergy.com
Published At:21 Nov, 2022 | 19:15
Updated At:23 Jul, 2025 | 21:15

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Hitachi Energy Ltd.
hitachienergy
>>microscada_pro_sys600>>9.0
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_pro_sys600>>9.1
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_pro_sys600>>9.2
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_pro_sys600>>9.3
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_pro_sys600>>9.4
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_x_sys600>>10
cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_x_sys600>>10.1
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_x_sys600>>10.1.1
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_x_sys600>>10.2
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_x_sys600>>10.2.1
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_x_sys600>>10.3
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_x_sys600>>10.3.1
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>microscada_x_sys600>>10.4
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarycybersecurity@hitachienergy.com
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: cybersecurity@hitachienergy.com
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1cybersecurity@hitachienergy.com
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1
Source: cybersecurity@hitachienergy.com
Resource:
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

405Records found
CVE-2021-0062
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.87%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 12:47
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsgraphics_driversIntel(R) Graphics Drivers
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0159
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:36
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_gold_5215xeon_platinum_8260yxeon_platinum_8352vxeon_platinum_8352y_firmwarexeon_platinum_8260y_firmwarexeon_gold_5218txeon_platinum_8358xeon_platinum_8353hxeon_platinum_8360yxeon_platinum_8280_firmwarexeon_gold_5218nxeon_gold_5317_firmwarexeon_silver_4209t_firmwarexeon_gold_6336yxeon_gold_6250lxeon_gold_6209uxeon_silver_4314_firmwarexeon_platinum_8253xeon_gold_6252nxeon_silver_4214yxeon_platinum_8270_firmwarexeon_gold_6230txeon_platinum_8376h_firmwarexeon_silver_4210rxeon_platinum_8280xeon_gold_6238l_firmwarexeon_gold_5220t_firmwarexeon_gold_6252xeon_gold_5220rxeon_silver_4309y_firmwarexeon_gold_6246xeon_gold_6226r_firmwarexeon_silver_4214rxeon_silver_4210r_firmwarexeon_gold_6328hl_firmwarexeon_gold_6256_firmwarexeon_platinum_9221xeon_gold_6230rxeon_gold_6346_firmwarexeon_platinum_8360hlxeon_platinum_9222_firmwarexeon_gold_5315y_firmwarexeon_silver_4310txeon_silver_4208xeon_gold_5318hxeon_gold_6210u_firmwarexeon_platinum_8380_firmwarexeon_gold_5320_firmwarexeon_silver_4314xeon_silver_4210t_firmwarexeon_gold_5218t_firmwarexeon_gold_5215lxeon_silver_4316_firmwarexeon_platinum_8352sxeon_gold_5217_firmwarexeon_gold_6330n_firmwarexeon_platinum_8253_firmwarexeon_gold_6238xeon_platinum_8368_firmwarexeon_platinum_8376hxeon_gold_6240lxeon_gold_6248xeon_gold_6258rxeon_gold_6312u_firmwarexeon_gold_6240l_firmwarexeon_platinum_8256xeon_platinum_9282xeon_silver_4215_firmwarexeon_gold_6254_firmwarexeon_gold_5220_firmwarexeon_gold_6334_firmwarexeon_gold_6338nxeon_gold_6328hlxeon_gold_6252_firmwarexeon_gold_6230n_firmwarexeon_gold_6330xeon_bronze_3206rxeon_gold_6346xeon_silver_4208_firmwarexeon_gold_6240xeon_gold_5220xeon_platinum_8256_firmwarexeon_gold_5218r_firmwarexeon_gold_6348h_firmwarexeon_platinum_8268xeon_silver_4214y_firmwarexeon_gold_6240rxeon_gold_6238_firmwarexeon_gold_6330hxeon_silver_4209txeon_gold_6338xeon_gold_5315yxeon_platinum_8368q_firmwarexeon_silver_4215rxeon_gold_6212uxeon_platinum_8380xeon_silver_4215xeon_platinum_8368xeon_gold_6230nxeon_platinum_8280l_firmwarexeon_gold_6338txeon_platinum_8352mxeon_gold_6208uxeon_gold_6242_firmwarexeon_gold_6326_firmwarexeon_gold_6230r_firmwarexeon_gold_6242xeon_platinum_8360y_firmwarexeon_gold_6246_firmwarexeon_platinum_8260_firmwarexeon_platinum_8376hl_firmwarexeon_platinum_8360hxeon_gold_6230t_firmwarexeon_gold_6250_firmwarexeon_gold_5218_firmwarexeon_silver_4210txeon_gold_5320txeon_gold_6244_firmwarexeon_gold_6342xeon_gold_6330h_firmwarexeon_platinum_8276_firmwarexeon_platinum_8276xeon_silver_4316xeon_gold_6240_firmwarexeon_gold_5220txeon_gold_6336y_firmwarexeon_gold_6244xeon_gold_6242rxeon_gold_6330nxeon_platinum_9242_firmwarexeon_gold_6226rxeon_gold_6258r_firmwarexeon_bronze_3204xeon_gold_6230_firmwarexeon_gold_5218b_firmwarexeon_gold_5218bxeon_gold_6348hxeon_platinum_8354hxeon_gold_6248_firmwarexeon_gold_6328hxeon_platinum_8360hl_firmwarexeon_silver_4214r_firmwarexeon_gold_5318s_firmwarexeon_gold_6254xeon_gold_5218rxeon_gold_6334xeon_gold_6342_firmwarexeon_gold_6326xeon_gold_5320xeon_gold_6240yxeon_gold_6238lxeon_gold_5320h_firmwarexeon_gold_5218n_firmwarexeon_gold_6328h_firmwarexeon_platinum_8362_firmwarexeon_gold_5318h_firmwarexeon_gold_6348xeon_gold_6246r_firmwarexeon_gold_6354xeon_gold_6246rxeon_gold_6234_firmwarexeon_gold_5320hxeon_gold_6312uxeon_gold_5220r_firmwarexeon_gold_5222xeon_platinum_8380hlxeon_gold_6256xeon_platinum_8260l_firmwarexeon_gold_6338n_firmwarexeon_gold_6248rxeon_silver_4214xeon_gold_5318nxeon_platinum_9222xeon_platinum_8358_firmwarexeon_gold_5220sxeon_platinum_8260xeon_platinum_8280lxeon_silver_4309yxeon_platinum_8356hxeon_gold_6338t_firmwarexeon_gold_6314uxeon_gold_5320t_firmwarexeon_gold_5318y_firmwarexeon_gold_5222_firmwarexeon_platinum_9242xeon_silver_4216xeon_platinum_8358p_firmwarexeon_platinum_8362xeon_platinum_8276lxeon_platinum_8352v_firmwarexeon_platinum_8351n_firmwarexeon_gold_5318n_firmwarexeon_gold_6238txeon_gold_6314u_firmwarexeon_platinum_9221_firmwarexeon_silver_4310t_firmwarexeon_platinum_8368qxeon_gold_6240r_firmwarexeon_gold_5318yxeon_gold_6212u_firmwarexeon_gold_6208u_firmwarexeon_silver_4310xeon_gold_6209u_firmwarexeon_platinum_8352m_firmwarexeon_platinum_8356h_firmwarexeon_platinum_9282_firmwarexeon_platinum_8276l_firmwarexeon_gold_6250xeon_platinum_8260lxeon_platinum_8270xeon_gold_6248r_firmwarexeon_platinum_8380hxeon_gold_6262v_firmwarexeon_gold_6226xeon_gold_5318sxeon_silver_4214_firmwarexeon_platinum_8268_firmwarexeon_gold_6348_firmwarexeon_gold_6226_firmwarexeon_silver_4210xeon_gold_6250l_firmwarexeon_gold_6234xeon_silver_4310_firmwarexeon_platinum_8360h_firmwarexeon_gold_6252n_firmwarexeon_gold_6262vxeon_gold_6240y_firmwarexeon_platinum_8354h_firmwarexeon_gold_5215_firmwarexeon_gold_5220s_firmwarexeon_platinum_8358pxeon_gold_6330_firmwarexeon_silver_4210_firmwarexeon_platinum_8380hl_firmwarexeon_gold_5218xeon_gold_6338_firmwarexeon_gold_6238rxeon_bronze_3204_firmwarexeon_gold_6222v_firmwarexeon_gold_6238r_firmwarexeon_bronze_3206r_firmwarexeon_platinum_8352yxeon_silver_4215r_firmwarexeon_gold_5317xeon_gold_6242r_firmwarexeon_gold_5217xeon_platinum_8376hlxeon_gold_6210uxeon_gold_6222vxeon_silver_4216_firmwarexeon_platinum_8352s_firmwarexeon_platinum_8380h_firmwarexeon_gold_5215l_firmwarexeon_gold_6238t_firmwarexeon_platinum_8353h_firmwarexeon_platinum_8351nxeon_gold_6354_firmwarexeon_gold_6230Intel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2023-42766
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.61%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:03
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_8_compute_element_cm8v5cb_firmwarenuc_8_compute_element_cm8v7cb_firmwarenuc_8_compute_element_cm8v7cbnuc_8_compute_element_cm8v5cbIntel NUC 8 Compute Element BIOS firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2018-16719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.96%
||
7 Day CHG~0.00%
Published-23 Nov, 2020 | 20:33
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482.

Action-Not Available
Vendor-v-securen/a
Product-jingyun_antivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0555
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.87%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 03:29
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ac_8265ac_9462ac_3165_firmwareac_9560_firmwareac_8265_firmwareac_7265_firmwareax200ac_3165ac_9461ac_8260ac_9260ac_9461_firmwareac_9462_firmwareac_3168ac_9560ax200_firmwareac_3168_firmwareax201ax201_firmwareac_9260_firmwareac_7265ac_8260_firmwareIntel(R) Wireless Bluetooth(R) Advisory
CWE ID-CWE-20
Improper Input Validation
CVE-2022-26582
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.21% / 42.76%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability.

Action-Not Available
Vendor-paxtechnologyn/apaxtechnology
Product-a930paydroidn/aa930
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-12944
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.52%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:17
Updated-16 Sep, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7371_firmwareepyc_7443_firmwareepyc_7402pepyc_7451epyc_7261epyc_7282_firmwareepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7f32epyc_7542_firmwareepyc_7551_firmwareepyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7351p_firmwareepyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7h12epyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7281_firmwareepyc_7413_firmwareepyc_7h12_firmwareepyc_7601epyc_7302epyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_7371epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7551epyc_7281epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7401epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7351epyc_7261_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7301_firmwareepyc_73f3Athlon™ SeriesRyzen™ Series
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4006
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 10.24%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:35
Updated-05 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully.

Action-Not Available
Vendor-shimovpnn/a
Product-shimo_vpnShimo VPN
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4005
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 10.24%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:15
Updated-05 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.

Action-Not Available
Vendor-shimovpnn/a
Product-shimo_vpnShimo VPN
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4054
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9||CRITICAL
EPSS-0.05% / 13.52%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to successfully exploit this flaw.

Action-Not Available
Vendor-pixarTalos (Cisco Systems, Inc.)
Product-rendermanPixar Renderman
CWE ID-CWE-20
Improper Input Validation
CVE-2020-10058
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-11 May, 2020 | 22:26
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Syscalls In kscan Subsystem Performs No Argument Validation

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7867
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8||HIGH
EPSS-0.41% / 60.42%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 00:43
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Helpu arbitrary file creation vulnerability

An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator.

Action-Not Available
Vendor-helpuHelpU
Product-helpuviewerHelpuViewer.exe
CWE ID-CWE-20
Improper Input Validation
CVE-2022-26862
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 9.50%
||
7 Day CHG~0.00%
Published-23 Jun, 2022 | 17:55
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwareinspiron_3180inspiron_3185_firmwareinspiron_3585inspiron_5415_all-in-one_firmwarevostro_3525_firmwareg5_se_5505inspiron_27_7775_firmwareinspiron_5575_firmwareinspiron_3275vostro_5415inspiron_7415_firmwareinspiron_5415inspiron_3785_firmwareinspiron_3525_firmwareinspiron_3195inspiron_14_5425inspiron_3515_firmwareinspiron_3180_firmwareinspiron_3475inspiron_5505alienware_m15_r5_firmwareinspiron_3505inspiron_3595vostro_5515g15_5515inspiron_3275_firmwareinspiron_7425_firmwarevostro_3405inspiron_5485vostro_5515_firmwareg15_5515_firmwarevostro_5625vostro_3515_firmwareinspiron_3185inspiron_7405_firmwareinspiron_5515inspiron_5415_firmwareinspiron_5405_firmwareinspiron_3505_firmwareinspiron_5585inspiron_7375_firmwareinspiron_3785inspiron_3515inspiron_7415inspiron_3525vostro_3405_firmwarevostro_3515inspiron_5575vostro_5625_firmwareinspiron_3195_firmwareinspiron_5415_all-in-oneinspiron_27_7775inspiron_5505_firmwareinspiron_7425alienware_m15_r5inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareg5_se_5505_firmwareinspiron_5585_firmwareinspiron_7405vostro_5415_firmwareinspiron_14_5425_firmwareinspiron_5405inspiron_3475_firmwarevostro_3525CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-26864
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 9.50%
||
7 Day CHG~0.00%
Published-23 Jun, 2022 | 17:55
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwareinspiron_3180inspiron_3185_firmwareinspiron_3585inspiron_5415_all-in-one_firmwarevostro_3525_firmwareg5_se_5505inspiron_27_7775_firmwareinspiron_5575_firmwareinspiron_3275vostro_5415inspiron_7415_firmwareinspiron_5415inspiron_3785_firmwareinspiron_3525_firmwareinspiron_3195inspiron_14_5425inspiron_3515_firmwareinspiron_3180_firmwareinspiron_3475inspiron_5505alienware_m15_r5_firmwareinspiron_3505inspiron_3595vostro_5515g15_5515inspiron_3275_firmwareinspiron_7425_firmwarevostro_3405inspiron_5485vostro_5515_firmwareg15_5515_firmwarevostro_5625vostro_3515_firmwareinspiron_3185inspiron_7405_firmwareinspiron_5515inspiron_5415_firmwareinspiron_5405_firmwareinspiron_3505_firmwareinspiron_5585inspiron_7375_firmwareinspiron_3785inspiron_3515inspiron_7415inspiron_3525vostro_3405_firmwarevostro_3515inspiron_5575vostro_5625_firmwareinspiron_3195_firmwareinspiron_5415_all-in-oneinspiron_27_7775inspiron_5505_firmwareinspiron_7425alienware_m15_r5inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareg5_se_5505_firmwareinspiron_5585_firmwareinspiron_7405vostro_5415_firmwareinspiron_14_5425_firmwareinspiron_5405inspiron_3475_firmwarevostro_3525CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2018-20669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-18 Mar, 2019 | 16:33
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kernelcn1610hci_management_nodecn1610_firmwaresnapprotectsolidfiren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3409
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.09%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 13:33
Updated-06 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation

Action-Not Available
Vendor-ecryptfsecryptfs-utilsDebian GNU/Linux
Product-ecryptfs-utilsdebian_linuxecryptfs-utils
CWE ID-CWE-20
Improper Input Validation
CVE-2022-42800
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.76%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacoswatchoswatchOSmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-54564
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.41%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 00:00
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-5131
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.17%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 17:15
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier.

Action-Not Available
Vendor-SonicWall Inc.
Product-netextenderSonicWall NetExtender
CWE ID-CWE-20
Improper Input Validation
CVE-2025-5173
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 5.48%
||
7 Day CHG~0.00%
Published-26 May, 2025 | 06:31
Updated-03 Jun, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HumanSignal label-studio-ml-backend PT File neural_nets.py load deserialization

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/label_studio_ml/examples/yolo/utils/neural_nets.py of the component PT File Handler. The manipulation of the argument path leads to deserialization. An attack has to be approached locally. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Action-Not Available
Vendor-humansignalHumanSignal
Product-label_studio_ml_backendlabel-studio-ml-backend
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-5174
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 4.36%
||
7 Day CHG~0.00%
Published-26 May, 2025 | 07:00
Updated-03 Jun, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
erdogant pypickle pypickle.py load deserialization

A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic. Affected by this issue is the function load of the file pypickle/pypickle.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 14b4cae704a0bb4eb6723e238f25382d847a1917. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-erdoganterdogant
Product-pypicklepypickle
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-4607
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 12.64%
||
7 Day CHG~0.00%
Published-29 Sep, 2020 | 13:50
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM Corporation
Product-security_verify_privilege_vault_remote_on-premiseswindowsmacosSecurity Verify Privilege Vault Remote
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3898
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.54%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 17:48
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2025-50674
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.86%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 00:00
Updated-26 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-3648
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.01%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8909w_firmwaremsm8909wSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3676
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.13%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwaremsm8920qcm2150_firmwaremsm8953sdm450sdm636_firmwaresdm632_firmwareapq8098_firmwaresdm450_firmwaremsm8998_firmwaresdm632qcm2150msm8920_firmwaresdm439sdm630sdm660sm8250_firmwaresdm429msm8940_firmwaresm7150_firmwaresdm710qm215sm6150sdm710_firmwaresm7150msm8917sdm670sxr2130msm8937qcs605_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwaresdm636rennellsdm630_firmwareapq8098rennell_firmwareqm215_firmwareqcs605msm8940msm8953_firmwareapq8096au_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaremsm8937_firmwaremsm8998sdm429_firmwaresm8150sm8250sxr1130_firmwarekamortanicobar_firmwaresaipansxr1130sdm660_firmwarenicobarSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2023-39536
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.49%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 21:24
Updated-29 Aug, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in BIOS OFBD

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

Action-Not Available
Vendor-AMI
Product-aptio_vAptioVaptio_v
CWE ID-CWE-20
Improper Input Validation
CVE-2025-47968
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.31%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-autoupdateMicrosoft AutoUpdate for Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3623
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.73%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel failure due to load failures while running v1 path directly via kernel in Snapdragon Mobile in SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8250sxr2130sm8250_firmwaresxr2130_firmwareSnapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2025-47982
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.71%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Storage VSP Driver Elevation of Privilege Vulnerability

Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_11_22h2windows_server_2016windows_10_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2019windows_10_1809windows_server_2022windows_10_21h2Windows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 10 Version 1809Windows 10 Version 1607Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-39537
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.60%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 21:24
Updated-14 Aug, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in BIOS TCG2

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

Action-Not Available
Vendor-AMI
Product-aptio_vAptioVaptio_v
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4576
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.41%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 17:53
Updated-06 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeBSD: Input Validation Flaw allows local users to gain elevated privileges

Action-Not Available
Vendor-Debian GNU/LinuxFreeBSD Foundation
Product-freebsddebian_linuxFreeBSD
CWE ID-CWE-20
Improper Input Validation
CVE-2023-39538
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-7.5||HIGH
EPSS-0.01% / 1.80%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 15:17
Updated-02 Aug, 2024 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Failure when uploading a Logo image file

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. 

Action-Not Available
Vendor-AMI
Product-aptio_vAptioV
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32305
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.90%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 18:46
Updated-13 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aiven-extras PostgreSQL Privilege Escalation Through Overloaded Search Path

aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.

Action-Not Available
Vendor-The PostgreSQL Global Development GroupAiven
Product-postgresqlaivenaiven-extras
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-20
Improper Input Validation
CVE-2023-39535
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.60%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 21:23
Updated-29 Aug, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in BIOS

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

Action-Not Available
Vendor-AMI
Product-aptio_vAptioVaptio_v
CWE ID-CWE-20
Improper Input Validation
CVE-2020-26193
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.52%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-32706
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-15.66% / 94.44%
||
7 Day CHG+3.50%
Published-13 May, 2025 | 16:58
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-06-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022windows_server_2022_23h2windows_10_22h2windows_server_2025windows_10_1809windows_11_23h2windows_11_24h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2019windows_server_2016windows_11_22h2windows_10_1607Windows Server 2025Windows 10 Version 1809Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2025 (Server Core installation)Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2019Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0984
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 66.75%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka 'Microsoft (MAU) Office Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-autoupdateMicrosoft AutoUpdate for Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0590
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.64%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 17:54
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel CorporationSiemens AG
Product-xeon_platinum_8276lxeon_platinum_8153xeon_silver_4210r_firmwarexeon_platinum_8170_firmwarexeon_platinum_9222xeon_bronze_3104_firmwarexeon_gold_6230txeon_gold_6146xeon_gold_6126f_firmwarexeon_gold_6126txeon_gold_6140_firmwarexeon_platinum_8168_firmwarexeon_silver_4108_firmwarexeon_gold_5115xeon_gold_6238_firmwarexeon_platinum_8170xeon_gold_6136xeon_gold_6138f_firmwarexeon_gold_5217_firmwarexeon_gold_6138xeon_gold_6246simatic_ipc547g_firmwarexeon_platinum_8164xeon_gold_6240_firmwarexeon_gold_6234xeon_silver_4116t_firmwarexeon_gold_6238rxeon_gold_5215xeon_platinum_8268_firmwarexeon_gold_6248_firmwarexeon_gold_6262vxeon_platinum_8168xeon_gold_6244_firmwarexeon_gold_5218xeon_silver_4109txeon_bronze_3206r_firmwarexeon_silver_4215rxeon_gold_5215lxeon_silver_4215_firmwarexeon_gold_5220r_firmwarexeon_gold_5122_firmwarexeon_gold_6138t_firmwarexeon_gold_6138fxeon_silver_4116_firmwarexeon_gold_5122xeon_platinum_8180_firmwarexeon_silver_4210_firmwarexeon_gold_6132_firmwarexeon_gold_6136_firmwarexeon_silver_4210txeon_gold_6212u_firmwarexeon_gold_6212uxeon_gold_6126_firmwarexeon_gold_6240l_firmwarexeon_silver_4114xeon_gold_6248rxeon_gold_6250l_firmwarexeon_silver_4214r_firmwarexeon_platinum_8276_firmwarexeon_gold_6258rxeon_bronze_3104xeon_gold_6240xeon_gold_6238lxeon_gold_6240lxeon_gold_6150_firmwarexeon_gold_6250xeon_platinum_8156xeon_bronze_3106_firmwarexeon_gold_6138_firmwarexeon_gold_5218n_firmwarexeon_gold_5215_firmwarexeon_gold_5220s_firmwaresimatic_ipc527gxeon_platinum_8260y_firmwarexeon_gold_6144_firmwarexeon_gold_6126fxeon_silver_4109t_firmwarexeon_gold_5218tsimatic_ipc847e_firmwarexeon_gold_6240y_firmwaresimatic_ipc527g_firmwarexeon_gold_6150xeon_gold_6242_firmwarexeon_gold_5220rxeon_gold_6140xeon_silver_4114_firmwarexeon_gold_6230_firmwarexeon_platinum_8280l_firmwarexeon_platinum_8160fxeon_gold_6148f_firmwarexeon_gold_6250lxeon_gold_6210uxeon_gold_6126simatic_ipc647exeon_platinum_8158_firmwarexeon_gold_5120_firmwarexeon_silver_4216xeon_silver_4114t_firmwarexeon_gold_6230xeon_platinum_8253xeon_gold_6134_firmwarexeon_gold_6130t_firmwarexeon_gold_5218r_firmwarexeon_gold_6242r_firmwarexeon_gold_6130f_firmwarexeon_silver_4116tclustered_data_ontapxeon_gold_6246r_firmwarexeon_gold_6142fsimatic_ipc627exeon_gold_6238xeon_platinum_8153_firmwarexeon_gold_6126t_firmwarexeon_gold_6130xeon_silver_4214y_firmwarexeon_silver_4208xeon_platinum_8260xeon_platinum_8160t_firmwarexeon_bronze_3204_firmwarexeon_silver_4214_firmwarexeon_gold_5220ssimatic_ipc547gxeon_platinum_9242xeon_platinum_9282xeon_gold_5119t_firmwarexeon_platinum_8280lxeon_silver_4110xeon_gold_6142_firmwarexeon_bronze_3204xeon_platinum_9242_firmwarexeon_platinum_8280_firmwarexeon_gold_6240r_firmwarexeon_gold_5119txeon_silver_4108xeon_gold_6130txeon_silver_4210xeon_platinum_8256_firmwarexeon_gold_6246rcloud_backupxeon_gold_5217xeon_gold_6230nxeon_silver_4215r_firmwarexeon_gold_5218nxeon_gold_6246_firmwarexeon_gold_5222_firmwarexeon_bronze_3106xeon_gold_6138tsimatic_ipc647e_firmwarexeon_gold_6248r_firmwarexeon_platinum_9221_firmwarexeon_gold_6256_firmwarexeon_gold_5120simatic_ipc627e_firmwarexeon_gold_5220xeon_gold_6154_firmwarexeon_platinum_8160txeon_silver_4214rxeon_gold_6254xeon_silver_4209t_firmwarexeon_silver_4114txeon_gold_6240yxeon_platinum_8176_firmwarexeon_gold_6154xeon_gold_6230t_firmwarexeon_gold_5215l_firmwarexeon_silver_4208_firmwarexeon_gold_6208uxeon_platinum_8268xeon_gold_6252n_firmwarexeon_gold_5120t_firmwarexeon_gold_6230n_firmwarexeon_gold_5222xeon_platinum_8270_firmwarexeon_gold_6230r_firmwarexeon_silver_4209txeon_gold_6234_firmwarexeon_silver_4116xeon_gold_6210u_firmwarexeon_gold_6252nxeon_platinum_9221xeon_gold_6244xeon_platinum_8160xeon_gold_5218t_firmwarexeon_gold_6248xeon_gold_5115_firmwarexeon_platinum_8260l_firmwarexeon_gold_6226_firmwarexeon_platinum_8156_firmwaresimatic_ipc847exeon_gold_5118_firmwarexeon_platinum_8280xeon_gold_6152_firmwarexeon_gold_6146_firmwarexeon_platinum_8176f_firmwarexeon_gold_6148fxeon_gold_5218_firmwarexeon_gold_6132xeon_gold_6238t_firmwarexeon_platinum_8256xeon_gold_6152xeon_gold_6238l_firmwarexeon_platinum_8158xeon_gold_5218b_firmwarexeon_gold_6222vxeon_platinum_8176xeon_platinum_8160_firmwarexeon_gold_6242xeon_silver_4112_firmwarexeon_gold_6262v_firmwarexeon_gold_6142xeon_platinum_8260yxeon_platinum_8270xeon_gold_6242rxeon_gold_6148_firmwarexeon_silver_4215xeon_gold_6128xeon_platinum_9222_firmwarexeon_gold_5220t_firmwarexeon_platinum_8253_firmwarexeon_gold_5118xeon_silver_4210t_firmwarexeon_gold_6130fxeon_gold_5220_firmwarexeon_gold_6208u_firmwarexeon_silver_4214xeon_platinum_8276xeon_gold_6142f_firmwarexeon_gold_6250_firmwarexeon_gold_6238txeon_silver_4210rxeon_platinum_8164_firmwarexeon_silver_4214yxeon_gold_5218bxeon_silver_4216_firmwarexeon_gold_6138pxeon_gold_6254_firmwarexeon_gold_6138p_firmwarexeon_platinum_8176fxeon_gold_6240rsimatic_ipc677exeon_gold_6258r_firmwarexeon_gold_6209uxeon_silver_4112xeon_gold_6226xeon_gold_6256xeon_gold_6130_firmwarexeon_gold_6238r_firmwarexeon_gold_5120txeon_gold_6230rxeon_gold_6252xeon_gold_6134xeon_gold_6222v_firmwarexeon_platinum_8160f_firmwarexeon_gold_6226r_firmwarexeon_platinum_8260_firmwarexeon_gold_5218rxeon_gold_6226rxeon_bronze_3206rxeon_gold_6252_firmwaresimatic_ipc677e_firmwarexeon_gold_6148xeon_gold_6209u_firmwarexeon_silver_4110_firmwarefas\/aff_biosxeon_platinum_8260lxeon_gold_6144xeon_platinum_9282_firmwarexeon_platinum_8180xeon_platinum_8276l_firmwarexeon_gold_6128_firmwarexeon_gold_5220tIntel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0808
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.00%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations, aka 'Provisioning Runtime Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-20
Improper Input Validation
CVE-2020-10028
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-11 May, 2020 | 22:26
Updated-16 Sep, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Syscalls In GPIO Subsystem Performs No Argument Validation

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-20
Improper Input Validation
CVE-2025-31259
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.66%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0166
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.00%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:10
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of URI.java, there is a possible escalation of privilege due to missing validation in the parceling of URI information. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526860

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0041
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-22.95% / 95.69%
||
7 Day CHG-1.18%
Published-10 Mar, 2020 | 19:56
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLCAndroid
Product-androidAndroidAndroid Kernel
CWE ID-CWE-20
Improper Input Validation
CVE-2025-29811
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-10 Jul, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_23h2windows_11_24h2windows_server_2025windows_11_22h2Windows 11 Version 23H2Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 version 22H3Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2023-40097
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.50%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 22:40
Updated-02 Aug, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0130
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.44%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:46
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In screencap, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege in a system process with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123230379

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2025-30442
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.72%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-39539
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.58%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 15:15
Updated-02 Dec, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Failure when uploading a Logo image file

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. 

Action-Not Available
Vendor-AMI
Product-aptio_vAptioV
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-20
Improper Input Validation
CVE-2019-8579
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.87%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:26
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • Next
Details not found