Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-34411

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-16 Mar, 2023 | 11:31
Updated At-26 Feb, 2025 | 18:56
Rejected At-
Credits

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:16 Mar, 2023 | 11:31
Updated At:26 Feb, 2025 | 18:56
Rejected At:
▼CVE Numbering Authority (CNA)

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerEdge Platform
Default Status
unaffected
Versions
Affected
  • 14G,15G
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-119
Description: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:16 Mar, 2023 | 12:15
Updated At:07 Nov, 2023 | 03:48

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>r6515_firmware>>Versions before 2.9.3(exclusive)
cpe:2.3:o:dell:r6515_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r6515>>-
cpe:2.3:h:dell:r6515:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r7515_firmware>>Versions before 2.9.3(exclusive)
cpe:2.3:o:dell:r7515_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r7515>>-
cpe:2.3:h:dell:r7515:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r6525_firmware>>Versions before 2.9.3(exclusive)
cpe:2.3:o:dell:r6525_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r6525>>-
cpe:2.3:h:dell:r6525:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r7525_firmware>>Versions before 2.9.3(exclusive)
cpe:2.3:o:dell:r7525_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r7525>>-
cpe:2.3:h:dell:r7525:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>xe8545_firmware>>Versions before 2.9.4(exclusive)
cpe:2.3:o:dell:xe8545_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>xe8545>>-
cpe:2.3:h:dell:xe8545:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>c6525_firmware>>*
cpe:2.3:o:dell:c6525_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>c6525>>-
cpe:2.3:h:dell:c6525:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r6415_firmware>>Versions before 1.19.0(exclusive)
cpe:2.3:o:dell:r6415_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r6415>>-
cpe:2.3:h:dell:r6415:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r7415_firmware>>Versions before 1.19.0(exclusive)
cpe:2.3:o:dell:r7415_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r7415>>-
cpe:2.3:h:dell:r7415:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r7425_firmware>>Versions before 1.19.0(exclusive)
cpe:2.3:o:dell:r7425_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r7425>>-
cpe:2.3:h:dell:r7425:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r750_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:r750_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r750>>-
cpe:2.3:h:dell:r750:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r750xa_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:r750xa_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r750xa>>-
cpe:2.3:h:dell:r750xa:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r650_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:r650_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r650>>-
cpe:2.3:h:dell:r650:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>c6520_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:c6520_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>c6520>>-
cpe:2.3:h:dell:c6520:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>mx750c_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:mx750c_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>mx750c>>-
cpe:2.3:h:dell:mx750c:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r450_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:r450_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r450>>-
cpe:2.3:h:dell:r450:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r550_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:r550_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r550>>-
cpe:2.3:h:dell:r550:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r650xs_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:r650xs_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r650xs>>-
cpe:2.3:h:dell:r650xs:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r750xs_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:r750xs_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r750xs>>-
cpe:2.3:h:dell:r750xs:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>t550_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:t550_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>t550>>-
cpe:2.3:h:dell:t550:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>xr11_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:xr11_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>xr11>>-
cpe:2.3:h:dell:xr11:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>xr12_firmware>>Versions before 1.8.2(exclusive)
cpe:2.3:o:dell:xr12_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>xr12>>-
cpe:2.3:h:dell:xr12:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r250_firmware>>Versions before 1.4.2(exclusive)
cpe:2.3:o:dell:r250_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r250>>-
cpe:2.3:h:dell:r250:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>r350_firmware>>Versions before 1.4.2(exclusive)
cpe:2.3:o:dell:r350_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>r350>>-
cpe:2.3:h:dell:r350:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>t150_firmware>>Versions before 1.4.2(exclusive)
cpe:2.3:o:dell:t150_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>t150>>-
cpe:2.3:h:dell:t150:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>t350_firmware>>Versions before 1.4.2(exclusive)
cpe:2.3:o:dell:t350_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>t350>>-
cpe:2.3:h:dell:t350:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE-119Secondarysecurity_alert@emc.com
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-119
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerabilitysecurity_alert@emc.com
Patch
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability
Source: security_alert@emc.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

218Records found
CVE-2020-29501
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 6.63%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstoreemc_powerstore_firmwarePowerStore
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-24420
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24416
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.11% / 29.99%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-16 Sep, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24421
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24415
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 02:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24419
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-16 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-22558
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 20:50
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-m630pt430_firmwarefc430_firmwarem630p_firmwarem630_firmwarem830_firmwaret630c6320_firmwarefc830r430r430_firmwarec6320fc630r730xd_firmwarer7415r830_firmwarefc430r530_firmwarem830p_firmwarer6415_firmwarefc830_firmwaret630_firmwarer730_firmwaret430r6415r530r630c4130m630r7425_firmwarer7415_firmwarer730c4130_firmwarer830m830r630_firmwarer7425m830pfc630_firmwarer730xdPowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0693
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-23.45% / 95.75%
||
7 Day CHG~0.00%
Published-19 Jun, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.

Action-Not Available
Vendor-n/aDell Inc.
Product-wyse_device_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34376
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.9||LOW
EPSS-0.02% / 3.41%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 19:22
Updated-26 Mar, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-r750xa_firmwaret430_firmwarer6515_firmwaret350_firmwarefc430_firmwarem630_firmwaret550_firmwarer430nx3330r750xac6420r6515fc430r530_firmwarer930_firmwarer450r650_firmwarer6415t130_firmwarec6520_firmwaret440xe7420m630r640_firmwarer740r550_firmwarec4130_firmwarer830r940xar7515_firmwaret340_firmwarer240_firmwarer630_firmwarenx3230fc640_firmwarem830pr250fc630_firmwarer940xa_firmwarexe2420_firmwarenx3340t640_firmwarer940_firmwarexe7440r230_firmwarem830_firmwarec4140_firmwarec6320_firmwarexr12_firmwarem640pr750fc630r730xd_firmwarer7415r550r6415_firmwarer340xe8545r650nx430_firmwarefc640r630c4130r740xd2_firmwarer7425_firmwarer240c6420_firmwaret330_firmwaremx740cr7425r330_firmwarec6525t140r750xs_firmwarer330nx430r640nx440_firmwaremx840cm630pnx3340_firmwarer750xst630m640c6320r430_firmwarer650xsr350t150_firmwarer750_firmwaret150r6525mx840c_firmwarer740_firmwarer450_firmwarenx3240_firmwarec4140t630_firmwaret340t130t430r440_firmwarer530dss8440_firmwaremx740c_firmwarer250_firmwarer940r340_firmwarer7415_firmwarer840r730nx3240m830m640p_firmwarexe8545_firmwarer440r740xd2r7525_firmwarer6525_firmwarer730xdr540r230mx750c_firmwarer840_firmwarer740xd_firmwarer7525xe2420xr11_firmwaredss8440xr11m630p_firmwarefc830r350_firmwaret550xr12nx3330_firmwaremx750cnx440t640r830_firmwarer540_firmwarem830p_firmwaret350fc830_firmwaret140_firmwarexe7440_firmwarer730_firmwarexr2m640_firmwarer740xdr7515t330c6525_firmwarexe7420_firmwarer650xs_firmwaret440_firmwarexr2_firmwarer930nx3230_firmwarec6520PowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34399
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 12.14%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 11:20
Updated-03 Apr, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-g15_5525_firmwareg15_5515_firmwarevostro_3515_firmwarealienware_m15_ryzen_edition_r5vostro_3425alienware_m15_ryzen_edition_r5_firmwareinspiron_3585vostro_3425_firmwarealienware_m15_a6vostro_3525_firmwareinspiron_3505g15_5525inspiron_3595inspiron_3505_firmwareg15_5515alienware_m17_ryzen_edition_r5_firmwareinspiron_3785inspiron_3595_firmwareinspiron_3515inspiron_3585_firmwarealienware_m15_a6_firmwareinspiron_3785_firmwareinspiron_3525_firmwarealienware_m17_ryzen_edition_r5inspiron_3525vostro_3405_firmwarevostro_3515vostro_3405vostro_3525inspiron_3515_firmwareCPG BIOS
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7272
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.86% / 74.11%
||
7 Day CHG~0.00%
Published-10 Apr, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.

Action-Not Available
Vendor-n/aDell Inc.
Product-integrated_remote_access_controller_6integrated_remote_access_controller_7integrated_remote_access_controller_8integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-0162
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 23.09%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 16:18
Updated-04 Feb, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_c6520_firmwarepoweredge_r660xs_firmwarepoweredge_xr11_firmwarepoweredge_r6615_firmwarepoweredge_t560_firmwarepoweredge_r760xd2_firmwarepoweredge_r6525_firmwarepoweredge_r960poweredge_hs5610emc_xc_core_xc7525xc_core_xc7625poweredge_mx750cpoweredge_xr11poweredge_c6520emc_xc_core_xc750_firmwarepoweredge_r350poweredge_r7515_firmwarepoweredge_xe9680poweredge_xe8640_firmwarepoweredge_xr8610t_firmwarepoweredge_t550poweredge_c6525poweredge_xe8545_firmwarepoweredge_r860poweredge_xr5610_firmwareemc_xc_core_xc750xa_firmwarepoweredge_r6515_firmwarepoweredge_r760xapoweredge_r860_firmwarepoweredge_r6625_firmwarepoweredge_t150_firmwarepoweredge_r250emc_xc_core_xc7525_firmwareemc_xc_core_xc750emc_xc_core_xc750xapoweredge_r760poweredge_xr12poweredge_r7615_firmwarepoweredge_xr8620temc_xc_core_xc450_firmwarepoweredge_xr8620t_firmwarepoweredge_r760xs_firmwarepoweredge_xr12_firmwarepoweredge_r6515emc_xc_core_xc650_firmwarepoweredge_t150poweredge_t560poweredge_xe8545poweredge_r650_firmwarepoweredge_xe9680_firmwarepoweredge_r760xd2poweredge_r760xspoweredge_xr8610tpoweredge_r350_firmwareemc_xc_core_xc650poweredge_r7625_firmwarexc_core_xc760poweredge_r7515emc_xc_core_xc450poweredge_r660xspoweredge_r550_firmwarepoweredge_c6620_firmwarepoweredge_xr7620_firmwarexc_core_xc660poweredge_c6525_firmwarexc_core_xc760_firmwarepoweredge_xe8640poweredge_r960_firmwarepoweredge_xe9640poweredge_r650xspoweredge_r6525emc_xc_core_xc6520_firmwarepoweredge_r750xapoweredge_t350poweredge_mx750c_firmwarepoweredge_r760_firmwarepoweredge_r250_firmwarepoweredge_c6620poweredge_r7525_firmwarepoweredge_xr4510c_firmwareemc_xc_core_xc6520poweredge_r750xa_firmwarepoweredge_r660poweredge_r450_firmwarepoweredge_xr7620poweredge_r7615poweredge_xe9640_firmwarepoweredge_r750xspoweredge_r650poweredge_xr4510cpoweredge_r7525poweredge_r760xa_firmwarepoweredge_r750xs_firmwarepoweredge_r660_firmwarepoweredge_t350_firmwarepoweredge_hs5610_firmwarepoweredge_r750poweredge_r650xs_firmwarepoweredge_xr4520c_firmwarepoweredge_r7625poweredge_c6615poweredge_r750_firmwarepoweredge_hs5620_firmwarexc_core_xc7625_firmwarepoweredge_mx760cpoweredge_mx760c_firmwarepoweredge_xr5610poweredge_r6625poweredge_r450xc_core_xc660_firmwarepoweredge_r6615poweredge_r550poweredge_t550_firmwarepoweredge_hs5620poweredge_xr4520cpoweredge_c6615_firmwarePowerEdge BIOS Intel 16G
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-3582
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.6||HIGH
EPSS-1.11% / 77.26%
||
7 Day CHG~0.00%
Published-28 Aug, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.

Action-Not Available
Vendor-n/aDell Inc.
Product-latitude_d830latitude_e5500precision_m6300latitude_d631precision_m6400latitude_e4200latitude_e6400latitude_d530latitude_d531precision_m2300precision_m4300latitude_z600precision_m6500latitude_xt2precision_m2400latitude_e5400latitude_e6400_atglatitude_e6500latitude_e4300latitude_d630latitude_e6400_atg_xfrprecision_m4400n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-5383
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 51.95%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 18:25
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilonemc_powerscale_onefsIsilon OneFS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6312
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.70%
||
7 Day CHG~0.00%
Published-06 Apr, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348.

Action-Not Available
Vendor-zzincn/aCisco Systems, Inc.Zyxel Networks CorporationDell Inc.NETGEAR, Inc.
Product-gs1900-10hp_firmwaretelepresence_server_mse_8710keymouse_firmwaretelepresence_server_on_multiparty_media_320telepresence_server_on_virtual_machinetelepresence_server_on_multiparty_media_310jr6150_firmwareemc_powerscale_onefstelepresence_server_7010n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-3712
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.15% / 36.75%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 19:00
Updated-17 Sep, 2024 | 03:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DSA-2019-039: Dell Wyse Device Agent Buffer Overflow Vulnerability

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_thinlinux_hagentwindows_embedded_standard_wyse_device_agentWyse Device AgentWyse ThinLinux HAgent
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1218
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-22.38% / 95.61%
||
7 Day CHG~0.00%
Published-19 Mar, 2018 | 18:00
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial of service to the users of NetWorker systems.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerDell EMC NetWorker
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1205
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.51% / 80.46%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 21:00
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash.

Action-Not Available
Vendor-Dell Inc.
Product-emc_scaleioScaleIO
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-32491
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.1||MEDIUM
EPSS-0.03% / 6.49%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-15 May, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareinspiron_3470latitude_e7270inspiron_7570vostro_3669inspiron_5590_firmwareinspiron_5477_firmwareg7_17_7790_firmwareoptiplex_3280_aio_firmwarelatitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwarelatitude_e5270precision_7540wyse_7040_thin_clientwyse_5070inspiron_5490_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080latitude_5511latitude_7390_2-in-1latitude_7214_rugged_extreme_firmwareprecision_5530_2-in-1inspiron_7580_firmwarealienware_x14_firmwarealienware_m15_r1_firmwareprecision_7720vostro_5581_firmwarealienware_m17_r3_firmwarelatitude_5300alienware_x14precision_5530_firmwareoptiplex_5050alienware_aurora_r11latitude_7300optiplex_3050_aioprecision_3620_toweroptiplex_5055_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_7000inspiron_3782latitude_3590_firmwarelatitude_7490_firmwarealienware_m15_r2latitude_5310_2-in-1_firmwareinspiron_7490_firmwarexps_8950precision_5720_aiolatitude_7400latitude_5591inspiron_3471latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_5070g5_5000optiplex_3280_aioxps_15_9575_2-in-1inspiron_5491_2-in-1_firmwareoptiplex_3090_firmwarexps_13_9370_firmwarevostro_3581_firmwarevostro_3581latitude_9410inspiron_7777optiplex_7070optiplex_7080_firmwarelatitude_5420_rugged_firmwareinspiron_5491_aio_firmwarelatitude_5310vostro_5391latitude_3301inspiron_5594latitude_5420_ruggedvostro_3268_firmwarealienware_aurora_r8inspiron_7000_firmwarelatitude_7220_rugged_extreme_tabletalienware_x15_r1latitude_7390_2-in-1_firmwarelatitude_5495inspiron_5400latitude_7480_firmwarelatitude_e5470_firmwarevostro_5591vostro_5090latitude_3190latitude_7220ex_rugged_extreme_tablet_firmwarealienware_aurora_r8_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488latitude_7380optiplex_5480_all-in-one_firmwareprecision_3540alienware_aurora_r11_firmwarealienware_x17_r2_firmwareinspiron_3580_firmwareinspiron_3781_firmwarewyse_5070_firmwarevostro_3670_firmwarelatitude_7214_rugged_extremeinspiron_3280_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1precision_7520wyse_5470_all-in-one_firmwareinspiron_5482precision_7820_toweroptiplex_3090latitude_7290latitude_7212_rugged_extreme_tablet_firmwarealienware_area_51m_r1precision_7540_firmwareinspiron_3582inspiron_7700_aiolatitude_7480vostro_3401_firmwareinspiron_7391_firmwarevostro_3881wyse_5470_firmwareedge_gateway_5000_firmwareinspiron_5593inspiron_7580vostro_5390_firmwareinspiron_5770alienware_m17_r2_firmwarelatitude_3580precision_5820_tower_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwareinspiron_5480_firmwareinspiron_3590latitude_7210_2-in-1optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510latitude_3301_firmwareinspiron_7370vostro_3481_firmwareinspiron_3502latitude_5491optiplex_7040inspiron_7386alienware_aurora_r12optiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarelatitude_5400alienware_aurora_r13_firmwarelatitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwareprecision_3551alienware_m17_r3precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwarelatitude_7275_2-in-1_firmwareg7_17_7790embedded_box_pc_3000inspiron_7570_firmwarelatitude_5400_firmwareinspiron_7391alienware_m17_r4vostro_3671_firmwareoptiplex_7460_all_in_one_firmwareprecision_3440precision_7510_firmwareg5_5000_firmwareoptiplex_7470_all-in-oneinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwareinspiron_3781optiplex_3050_firmwarealienware_aurora_r10_firmwareinspiron_7590_firmwareinspiron_7791_firmwareprecision_7740_firmwareinspiron_15_3567alienware_m15_r2_firmwarelatitude_7389vostro_3681inspiron_5570_firmwareprecision_7920_towerlatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareinspiron_3582_firmwarelatitude_5411_firmwareinspiron_3470_firmwareinspiron_3593optiplex_7070_ultraprecision_7740inspiron_3481_firmwareprecision_5530latitude_7275_2-in-1latitude_7310_firmwareinspiron_3790_firmwarexps_13_7390_firmwarelatitude_9510inspiron_5770_firmwareinspiron_7586_firmwarelatitude_3180_firmwarevostro_3681_firmwarealienware_m17_r1_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwarevostro_3668vostro_3670edge_gateway_3000latitude_5280inspiron_5490inspiron_3501_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareinspiron_3277precision_3930_rackprecision_7550vostro_3490inspiron_5391inspiron_5598inspiron_3482xps_7590_firmwareinspiron_15_2-in-1_5582_firmwareoptiplex_3080alienware_m17_r1latitude_3480inspiron_3782_firmwarexps_13_9300_firmwarealienware_m15_r4optiplex_7460_all_in_onevostro_3671inspiron_7591latitude_7310inspiron_7790inspiron_7790_firmwarelatitude_3379vostro_3584_firmwareoptiplex_7480_all-in-onechengming_3990_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareoptiplex_7070_ultra_firmwareinspiron_7700_aio_firmwareoptiplex_7060latitude_5290_firmwareinspiron_15_2-in-1_5582latitude_7424_rugged_extremeoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390g3_15_3590latitude_3390_firmwareprecision_3240_compactprecision_7750_firmwarealienware_aurora_r12_firmwarelatitude_5285_2-in-1_firmwareprecision_7510vostro_3401chengming_3991_firmwarevostro_3480_firmwarevostro_7590_firmwarealienware_aurora_r10precision_3510_firmwareinspiron_7370_firmwarelatitude_7389_firmwareoptiplex_7470_all-in-one_firmwarelatitude_e7470precision_3630_tower_firmwareinspiron_3581inspiron_5400_firmwarelatitude_5488_firmwareinspiron_5583precision_3541_firmwareinspiron_5591_2-in-1alienware_m15_r1alienware_x15_r2inspiron_5680vostro_3881_firmwareinspiron_7373latitude_7200_2-in-1latitude_5511_firmwarevostro_3490_firmwareoptiplex_7040_firmwareinspiron_5493precision_3550latitude_7370latitude_7370_firmwarexps_13_7390_2-in-1_firmwareoptiplex_5070_firmwarealienware_aurora_r13latitude_3310_2-in-1inspiron_5390_firmwarelatitude_5490alienware_m17_r2vostro_3070_firmwareinspiron_7390_firmwareprecision_5720_aio_firmwarexps_7590latitude_3190_2-in-1optiplex_7071edge_gateway_5000vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwarelatitude_3180latitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_3070_firmwarelatitude_7410_firmwarevostro_3667alienware_x15_r2_firmwarelatitude_e7470_firmwareoptiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1inspiron_5491_aioinspiron_3780inspiron_7380_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarexps_13_7390g3_15_5590_firmwareinspiron_3502_firmwareinspiron_5584precision_3520inspiron_7573_firmwarelatitude_5495_firmwarelatitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5055optiplex_5080_firmwarelatitude_e5270_firmwareinspiron_5493_firmwarevostro_3471inspiron_3480_firmwarealienware_m15_r3optiplex_5060_firmwarevostro_3590vostro_5390vostro_5590_firmwareprecision_7530_firmwarealienware_m17_r4_firmwarealienware_x17_r1inspiron_3790vostro_3583_firmwarelatitude_3190_firmwareinspiron_5494g7_17_7590g3_3779_firmwarexps_13_9300latitude_5500precision_7550_firmwareinspiron_5477chengming_3991inspiron_5480xps_8950_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwareinspiron_7791latitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590vostro_3501chengming_3990vostro_3583alienware_x17_r2latitude_5491_firmwarevostro_5880_firmwareinspiron_3493optiplex_3060optiplex_5060latitude_5285_2-in-1chengming_3988_firmwareinspiron_5482_firmwarewyse_5470_all-in-oneinspiron_5583_firmwarelatitude_5580_firmwareinspiron_3477_firmwarelatitude_3189xps_15_9575_2-in-1_firmwarevostro_3580precision_7750inspiron_14_3467_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwareinspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080alienware_aurora_r9alienware_area_51m_r2_firmwarealienware_m15_r4_firmwareg3_15_5590latitude_5480optiplex_3046latitude_5414_rugged_firmwarelatitude_7300_firmwarealienware_x15_r1_firmwarelatitude_5510wyse_5470vostro_3501_firmwareinspiron_3593_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarealienware_x17_r1_firmwarexps_8930inspiron_7786_firmwarelatitude_3310_2-in-1_firmwarelatitude_7410inspiron_3590_firmwarelatitude_5501_firmwarexps_13_7390_2-in-1latitude_5411optiplex_7450_firmwareoptiplex_7450xps_13_9365_2-in-1optiplex_3050_aio_firmwareinspiron_15_3567_firmwareg3_3579_firmwareg7_17_7590_firmwarelatitude_3480_firmwarelatitude_3189_firmwarevostro_3590_firmwareinspiron_5498inspiron_7591_firmwarelatitude_5290latitude_5289_firmwarechengming_3980_firmwareinspiron_5491_2-in-1latitude_3120_firmwarelatitude_5590_firmwareinspiron_5590vostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671inspiron_5498_firmwareprecision_5540inspiron_3480latitude_3490precision_3930_rack_firmwareinspiron_3670inspiron_3793_firmwareprecision_3430_tower_firmwareinspiron_7390latitude_3300_firmwarelatitude_7400_2-in-1precision_3640_towervostro_5581inspiron_3490latitude_7210_2-in-1_firmwarelatitude_5510_firmwareinspiron_3670_firmwarelatitude_7212_rugged_extreme_tabletlatitude_e5570_firmwarelatitude_7220_rugged_extreme_tablet_firmwareprecision_3540_firmwareinspiron_7777_firmwareoptiplex_3046_firmwareinspiron_3482_firmwarelatitude_5289precision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3080_firmwareprecision_5510_firmwareprecision_3420_towerinspiron_3881xps_13_9380latitude_7220ex_rugged_extreme_tabletlatitude_7414_rugged_extremeprecision_3420_tower_firmwarealienware_area_51m_r2latitude_5490_firmwarelatitude_5591_firmwareinspiron_3501latitude_5310_firmwarevostro_3070inspiron_3793precision_3430_towerinspiron_5481_firmwarechengming_3988xps_15_7590inspiron_3477latitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareedge_gateway_3000_firmwareinspiron_3277_firmwareinspiron_5401_firmwareinspiron_7573precision_5540_firmwarevostro_5590xps_8940_firmwarelatitude_3120vostro_3480optiplex_5260_all-in-one_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwarevostro_3582_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedalienware_aurora_r9_firmwareoptiplex_3070inspiron_3280optiplex_3040latitude_7290_firmwareprecision_7530xps_8930_firmwarexps_13_9365_2-in-1_firmwareinspiron_5391_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3490_firmwareprecision_3510xps_13_9380_firmwarelatitude_7490inspiron_5390optiplex_7060_firmwareprecision_3240_compact_firmwareg3_3779inspiron_5401vostro_3582vostro_3667_firmwareprecision_7920_tower_firmwarevostro_5591_firmwareCPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-42425
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.8||LOW
EPSS-0.04% / 8.88%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 08:17
Updated-16 Sep, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-precision_7920_firmwareprecision_79207920_xl7920_xl_firmwareDell Precision Rack BIOS
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-5388
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.86%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 14:50
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_15_7579_firmwareinspiron_15_7579CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-36434
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 5.31%
||
7 Day CHG-0.00%
Published-15 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4.

Action-Not Available
Vendor-n/asupermicro
Product-n/ax11dph-ix11dph-tx11dph-tq
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-25545
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.09% / 26.19%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_system_d50tnp1mhcpacserver_system_d50tnp2mhsvac_firmwareserver_system_m50cyp2ur312_firmwareserver_system_d50tnp2mhsvacserver_system_d50tnp1mhcrac_firmwareserver_system_d50tnp2mhstacserver_system_m50cyp2ur208server_system_d50tnp2mfalacserver_system_d50tnp1mhcrlc_firmwareserver_system_m50cyp1ur212_firmwareserver_system_m50cyp2ur208_firmwareserver_system_m50cyp2ur312server_system_m50cyp1ur204_firmwareserver_system_d50tnp1mhcracserver_system_d50tnp1mhcrlcserver_system_d50tnp2mhstac_firmwareserver_system_m50cyp1ur204server_system_d50tnp1mhcpac_firmwareserver_system_d50tnp2mfalac_firmwareserver_system_m50cyp1ur212Intel(R) Server Board BMC firmware
CWE ID-CWE-92
DEPRECATED: Improper Sanitization of Custom Special Characters
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-21637
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.50%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 04:46
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restrictions of Operations within the Bounds of a Memory Buffer in Linux

Memory corruption in Linux while calling system configuration APIs.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_865_5gwsa8830wcd9380_firmwaresa6150p_firmwarewcn3990sa8145p_firmwaresw5100psd865_5gfastconnect_6800snapdragon_855\+\/860_firmwarewcd9360_firmwaresnapdragon_855wsa8835snapdragon_auto_5g_firmwarewcd9380sa8150p_firmwareqca6420_firmwareqca6595au_firmwaresnapdragon_865\+_5gsnapdragon_x55_5gsnapdragon_wear_4100\+snapdragon_855_firmwaresxr2130qca6574asnapdragon_auto_5gsnapdragon_835_firmwareqca6426snapdragon_855\+\/860wcn3990_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcn3980fastconnect_6200wcd9340_firmwarewcn3660bsd855wsa8815qca6320qca6426_firmwarewcn3660b_firmwareqca6320_firmwaresnapdragon_x55_5g_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6574a_firmwareqca6595aufastconnect_6200_firmwaresd835wcn3980_firmwareqca6391wcn3610_firmwareqca6420qca6436_firmwarewcd9360snapdragon_w5\+_gen_1_firmwaresnapdragon_xr2_5gsnapdragon_w5\+_gen_1aqt1000_firmwaresa6155p_firmwareqca6310snapdragon_wear_4100\+_firmwarefastconnect_6900fastconnect_6900_firmwarewcn3988_firmwareqca6430qca6574ausa6145p_firmwaresnapdragon_870_5gsa8155p_firmwarewcd9340sa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810qca6436wcd9335sa6155psw5100p_firmwaresnapdragon_865\+_5g_firmwaresa6145pwcn3680bsd835_firmwaresnapdragon_835sxr2130_firmwarewcd9341qca6696_firmwaresa8145pqca6696qca6391_firmwaresnapdragon_xr2_5g_firmwareaqt1000sa8150psa6150psdx55sa8155pwsa8830_firmwaresnapdragon_870_5g_firmwaresd855_firmwaresd865_5g_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwarefastconnect_6800_firmwaresnapdragon_865_5g_firmwarewcn3610Snapdragon
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21633
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.50%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 04:46
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6431sw5100psa6150p_firmwaresd865_5gsxr1120qca6595qcs610_firmwarewcd9335sxr2130_firmwarewcd9370snapdragon_730gqca6696wcd9341_firmwareqca6426snapdragon_720g_firmwareqca6564auwcn3610sm6250p_firmwarewsa8815_firmwaresnapdragon_865_5gsa8195p_firmwaresnapdragon_wear_4100\+_firmwareqca6426_firmwareqca6574au_firmwaresnapdragon_w5\+_gen_1qca6564_firmwaresm7250p_firmwareqam8295pwcd9341qca6574auvision_intelligence_400_firmwarewcn3950wsa8810_firmwaresd730_firmwaresnapdragon_690_5gsnapdragon_690_5g_firmwaresnapdragon_865\+_5gsnapdragon_765_5gwcn3660b_firmwaresd730fastconnect_6800_firmwaresa8295p_firmwaresnapdragon_855\+\/860sd_675_firmwaresd835_firmwaresnapdragon_865\+_5g_firmwaresm6250_firmwaresm7250psa8155snapdragon_768g_5g_firmwarevideo_collaboration_vc1_platform_firmwaresnapdragon_710_firmwaresnapdragon_x50_5gsnapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresw5100_firmwaresnapdragon_732gsnapdragon_710sxr1120_firmwaresnapdragon_730fastconnect_6800snapdragon_wear_4100\+snapdragon_765g_5g_firmwareqca6595_firmwarefastconnect_6900video_collaboration_vc1_platformwcd9371snapdragon_855\+\/860_firmwarewcd9385_firmwareqca6421fastconnect_6900_firmwaresnapdragon_670sa6145p_firmwaresa6155_firmwaresnapdragon_678_firmwaresa8155_firmwarewcd9380snapdragon_xr2_5gsa8150psnapdragon_732g_firmwaresnapdragon_765g_5gsnapdragon_x50_5g_firmwaremsm8996au_firmwaresa6155pqca6421_firmwareqca6564au_firmwarewsa8810snapdragon_670_firmwaresnapdragon_855_firmwaresw5100video_collaboration_vc3_platformqca6595auaqt1000snapdragon_678snapdragon_865_5g_firmwarewcd9326_firmwaresa6155p_firmwaresnapdragon_730g_firmwareqam8295p_firmwaresd855qca6431_firmwaresd835wcn3990_firmwaresnapdragon_750g_5gqca6564a_firmwareqca6436_firmwareqca6698aq_firmwarewcd9385wcd9371_firmwarewcn3610_firmwaresnapdragon_675_firmwareqca6420qca6430apq8064au_firmwaresm6250pwcd9370_firmwaresnapdragon_855sdx55_firmwaresnapdragon_x55_5gsnapdragon_765_5g_firmwarewcn3660bqca6574asxr2130sa8195psnapdragon_750g_5g_firmwaresnapdragon_870_5gqca6420_firmwareaqt1000_firmwaresnapdragon_x55_5g_firmwarewcn3988sd855_firmwarewcd9335_firmwarewcn3980_firmwareqca6436qca6574wsa8835qca6595au_firmwareqca6391_firmwaresd675_firmwareqca6430_firmwaresw5100p_firmwareqca6696_firmwarewcd9380_firmwaresnapdragon_820_firmwaresa6150pqca6574_firmwarewcd9326sa8155p_firmwarewsa8815qca6564asa8155pwsa8830snapdragon_870_5g_firmwaresa6145psnapdragon_730_firmwaresnapdragon_720gqca6574a_firmwaresdx55msm8996auqca6564sa6155snapdragon_820sd675wcd9375_firmwaresnapdragon_w5\+_gen_1_firmwareqca6391apq8064auqca6698aqwcn3950_firmwaresm6250sa8295psnapdragon_675fastconnect_6200sd670wcn3680bsa8145p_firmwaresd865_5g_firmwaresnapdragon_xr1wcd9375sa8150p_firmwarewcn3988_firmwaresnapdragon_768g_5gvideo_collaboration_vc3_platform_firmwaresa8145psd_675wcn3990vision_intelligence_400wsa8835_firmwaresd670_firmwarewcn3980fastconnect_6200_firmwarewsa8830_firmwarewcn3680b_firmwareqcs610Snapdragonqualcomm_video_collaboration_vc1_platform_firmwarewcd9380_firmwaresa6150p_firmwaresm6250p_firmwaresa8145p_firmwaremsm8996au_firmwareqca6431_firmwaresnapdragon_820_automotive_platform_firmwaresnapdragon_670_mobile_platform_firmwaresd670_firmwarewcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresd730_firmwaresd_675_firmwaresd675_firmwarewcn3990_firmwareqca6430_firmwarewcd9335_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9371_firmwarewcd9385_firmwarewcd9326_firmwareqca6574_firmwareqam8295p_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwarewcn3660b_firmwareqca6574a_firmwarefastconnect_6200_firmwarewcn3680b_firmwareqca6574au_firmwaresdx55_firmwarewcd9375_firmwaresa6155_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareqca6421_firmwareaqt1000_firmwareqca6564au_firmwaresa6155p_firmwaresnapdragon_690_5g_mobile_platform_firmwareapq8064au_firmwaresa8155_firmwarefastconnect_6900_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwareqca6564a_firmwarewsa8810_firmwarewcd9341_firmwaresw5100p_firmwareqcs610_firmwareqca6698aq_firmwaresd835_firmwareqca6564_firmwaresxr2130_firmwareqca6696_firmwareqca6595_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresm6250_firmwarevision_intelligence_400_platform_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwarefastconnect_6800_firmwaresxr1120_firmwaresa8295p_firmwaresnapdragon_720g_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_xr1_platform_firmwaresnapdragon_675_mobile_platform_firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21663
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.48%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:24
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restrictions of Operations within the Bounds of a Memory Buffer in Display

Memory Corruption while accessing metadata in Display.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sda429w_firmwarewcd9380_firmwaresa6150p_firmwarewsa8830sa8145p_firmwaresw5100pqcc5100wcn6856_firmwarewsa8835sd_8_gen1_5gwcd9380sa8150p_firmwaresd888_5gqca6420_firmwarewcn6855_firmwareqca6430_firmwarewcn3980wcn3998wcd9385_firmwaresd_8_gen1_5g_firmwaresd855wcn3660bwcn6850wsa8815wcn3660b_firmwarewcn7850qca6574au_firmwarewcn3680b_firmwarewcn3998_firmwarewcn3980_firmwarewcn3610_firmwareqca6420qcc5100_firmwareaqt1000_firmwaresa6155p_firmwarewcn7851wcn6851_firmwarewcn3988_firmwareqca6430qca6574ausa6145p_firmwaresa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810wcn6855wcn6851sa6155psw5100p_firmwarewcn7851_firmwarewcn6856sa6145pwcn3680bwcd9385wcd9341qca6696_firmwaresa8145pqca6696aqt1000sa8150psa6150psa8155pwsa8830_firmwaresda429wsd855_firmwarewsa8815_firmwarewcn3988wsa8835_firmwaresd888_5g_firmwarewcn6850_firmwarewcn7850_firmwaresa8195p_firmwaresw5100_firmwarewcn3610Snapdragon
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21634
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.11%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:03
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restriction of Operations within the Bounds of a Memory Buffer in Radio Interface Layer

Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_855\+\/860_mobile_platform_firmwarewsa8830wcd9380_firmwaresa6150p_firmwarewcn3990sa8145p_firmwaresw5100psd865_5gfastconnect_6800snapdragon_w5\+_gen_1_wearable_platformsnapdragon_835_mobile_pc_platformsnapdragon_870_5g_mobile_platform_firmwaresnapdragon_865_5g_mobile_platformwsa8835wcd9380sa8150p_firmwareqca6420_firmwareqca6595au_firmwaresnapdragon_wear_4100\+_platform_firmwaresnapdragon_855\+\/860_mobile_platformsxr2130snapdragon_wear_4100\+_platformqca6426wcn3990_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcn3980fastconnect_6200wcd9340_firmwarewcn3660bsd855wsa8815qca6320snapdragon_865\+_5g_mobile_platformsnapdragon_xr2_5g_platform_firmwareqca6426_firmwarewcn3660b_firmwareqca6320_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574au_firmwaresnapdragon_835_mobile_pc_platform_firmwarewcn3680b_firmwarefastconnect_6200_firmwareqca6595ausd835wcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6391wcn3610_firmwareqca6420qca6436_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwareaqt1000_firmwaresa6155p_firmwareqca6310snapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_870_5g_mobile_platformsnapdragon_xr2_5g_platformfastconnect_6900fastconnect_6900_firmwarewcn3988_firmwareqca6430qca6574ausa6145p_firmwaresa8155p_firmwarewcd9340sa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810qca6436wcd9335sa6155psw5100p_firmwaresa6145pwcn3680bsd835_firmwaresxr2130_firmwarewcd9341qca6696_firmwaresa8145pqca6696qca6391_firmwaresnapdragon_855_mobile_platform_firmwareaqt1000sa8150psa6150psa8155pwsa8830_firmwaresd855_firmwaresd865_5g_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwarefastconnect_6800_firmwaresnapdragon_855_mobile_platformwcn3610Snapdragon
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21264
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.49%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 20:59
Updated-09 Oct, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-21654
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.48%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:23
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restriction of Operations within the Bounds of a Memory Buffer in Audio

Memory corruption in Audio during playback session with audio effects enabled.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwarewsa8830sda429w_firmwaresa6150p_firmwarewcd9380_firmwaresa8145p_firmwareqcs610sw5100pmsm8996au_firmwaresd865_5gqca6564auqcc5100sdx55m_firmwaremdm9628_firmwarewsa8835msm8996auwcn3950_firmwarewcd9380sa8150p_firmwareqca6420_firmwareqca6390_firmwareqcs410wcd9370qca6574aqca6426qca6564aqca6430_firmwarewcn3980sa415mwcn3998qam8295psdxr2_5g_firmwarewcn3950mdm9628wcn3660bsd855wsa8815wcn6850qam8295p_firmwareqca6426_firmwarewcn3660b_firmwareqca6574a_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwarewcn3998_firmwarewcn3980_firmwareqca6391wcn3610_firmwareqca6420qca6436_firmwaresdx55msa8295pqcc5100_firmwareaqt1000_firmwareqca6564au_firmwaresa6155p_firmwaresdxr2_5gwcn6851_firmwaresa415m_firmwarewcn3988_firmwareqca6430qca6574auqcn9074sa6145p_firmwaresa8155p_firmwareqca6564a_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810sd870qca6436wcn6851sa6155psw5100p_firmwareqcs610_firmwaremdm9150qsm8250sa6145pwcn3680bwcd9341apq8096auqca6696_firmwaresa8145psd870_firmwareqca6696qca6391_firmwareqca6390wcd9370_firmwareaqt1000sa8150psa6150psdx55apq8096au_firmwarewsa8830_firmwaresda429wsa8155psd855_firmwaresd865_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwaresa8295p_firmwarewcn3610qsm8250_firmwareSnapdragon
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0206
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:27
Updated-04 Feb, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX servers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-0202
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:23
Updated-04 Feb, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX servers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-31155
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.7||HIGH
EPSS-0.02% / 2.83%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:19
Updated-19 Feb, 2025 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Processors
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-21237
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.01%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:35
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_11_pro_kit_nuc11tnhi30l_firmwarenuc11dbbi7_firmwarenuc_9_pro_compute_element_nuc9vxqnb_firmwarenuc_11_pro_kit_nuc11tnki7nuc11pa_firmwarenuc8i3cysnnuc_9_pro_kit_nuc9vxqnx_firmwarenuc_11_compute_element_cm11ebi58w_firmwarenuc_11_pro_board_nuc11tnbi50znuc_11_pro_kit_nuc11tnki30z_firmwarenuc_8_compute_element_cm8pcbnuc_8_compute_element_cm8pcb_firmwarelapkc71fnuc_11_pro_board_nuc11tnbi70z_firmwarenuc_11_pro_board_nuc11tnbi7nuc_11_compute_element_cm11ebc4w_firmwarenuc_11_pro_kit_nuc11tnki50znuc_11_pro_kit_nuc11tnki5nuc_kit_nuc8i5benuc8i3cysmlapbc710nuc_11_pro_kit_nuc11tnhi50znuc_8_compute_element_cm8i3cbnuc8i3cysn_firmwarenuc_kit_nuc8i5be_firmwarenuc11pahnuc_11_pro_board_nuc11tnbi30z_firmwarenuc_9_pro_kit_nuc9v7qnx_firmwarenuc_8_compute_element_cm8ccbnuc11dbbi9_firmwarenuc_11_pro_board_nuc11tnbi5nuc_9_pro_compute_element_nuc9v7qnblapbc710_firmwarelapkc51enuc_11_pro_kit_nuc11tnki3nuc_11_pro_kit_nuc11tnki70znuc_8_compute_element_cm8i7cblapkc71f_firmwarenuc_11_enthusiast_kit_nuc11phki7cnuc11panuc_11_pro_kit_nuc11tnhi70lnuc_11_pro_kit_nuc11tnhi50lnuc_8_compute_element_cm8i7cb_firmwarenuc9i9qnnuc_11_pro_board_nuc11tnbi70znuc_11_pro_kit_nuc11tnhi30znuc_11_pro_kit_nuc11tnhi50w_firmwarelapbc510_firmwarenuc_11_compute_element_cm11ebi716wnuc_11_pro_kit_nuc11tnki30znuc_kit_nuc8i3b_firmwarenuc11btmi9nuc11btmi7nuc9i7qnnuc9i7qn_firmwarenuc_8_compute_element_cm8i5cb_firmwarenuc_11_compute_element_cm11ebi38w_firmwarenuc_11_pro_kit_nuc11tnhi70l_firmwarenuc_11_pro_kit_nuc11tnhi70qnuc_11_pro_kit_nuc11tnhi70znuc9i5qn_firmwarenuc_kit_nuc8i7be_firmwarenuc_11_pro_kit_nuc11tnhi30lnuc8i3cysm_firmwarelapkc71e_firmwarenuc_11_pro_kit_nuc11tnhi30z_firmwarenuc_11_pro_board_nuc11tnbi5_firmwarenuc_11_pro_kit_nuc11tnki50z_firmwarenuc11paq_firmwarenuc_11_pro_board_nuc11tnbi3_firmwarenuc_11_pro_kit_nuc11tnhi5_firmwarenuc_11_pro_kit_nuc11tnhi7_firmwarenuc_kit_nuc8i3bnuc_11_pro_kit_nuc11tnhi50l_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caanuc11btmi9_firmwarenuc_9_pro_kit_nuc9vxqnxnuc_11_pro_board_nuc11tnbi30znuc_11_pro_kit_nuc11tnhi3nuc_11_enthusiast_kit_nuc11phki7c_firmwarenuc_11_pro_board_nuc11tnbi3nuc_11_pro_kit_nuc11tnhi7nuc_11_pro_board_nuc11tnbi7_firmwarenuc_11_pro_kit_nuc11tnki5_firmwarelapbc510nuc_11_pro_kit_nuc11tnki3_firmwarenuc_8_compute_element_cm8i5cbnuc_11_pro_kit_nuc11tnhi70q_firmwarenuc11pah_firmwarenuc_8_compute_element_cm8i3cb_firmwarelapkc51e_firmwarenuc_11_compute_element_cm11ebi716w_firmwarenuc11paqnuc_9_pro_compute_element_nuc9v7qnb_firmwarenuc_11_pro_kit_nuc11tnki70z_firmwarenuc_9_pro_kit_nuc9v7qnxnuc_11_compute_element_cm11ebi58wnuc_11_pro_kit_nuc11tnhi5nuc_11_pro_kit_nuc11tnhi3_firmwarenuc_11_pro_board_nuc11tnbi50z_firmwarenuc_11_compute_element_cm11ebc4wnuc11dbbi9nuc11btmi7_firmwarenuc_11_pro_kit_nuc11tnhi50wnuc_kit_nuc8i7benuc_11_pro_kit_nuc11tnki7_firmwarenuc_11_pro_kit_nuc11tnhi30p_firmwarenuc_11_pro_kit_nuc11tnhi30pnuc_11_pro_kit_nuc11tnhi70z_firmwarenuc_8_compute_element_cm8ccb_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caa_firmwarenuc9i5qnnuc11dbbi7nuc9i9qn_firmwarenuc_11_pro_kit_nuc11tnhi50z_firmwarenuc_9_pro_compute_element_nuc9vxqnblapkc71enuc_11_compute_element_cm11ebi38wIntel(R) NUCs
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-23980
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.73%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:46
Updated-20 Aug, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-UEFI firmware for some Intel(R) Server D50FCP Family productsserver_system_d50tnp2mhsvac_firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-36372
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.68%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-09 Oct, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_enthusiast_nuc8i7hvkva_firmwarenuc_business_nuc8i7hnkqc_firmwarenuc_8_compute_element_cm8ccb4rnuc_kit_nuc8i7hnkqcnuc_pro_kit_nuc8i3pnh_firmwarenuc_business_nuc8i7hnkqcnuc_pro_compute_element_nuc9v7qnb_firmwarenuc_pro_compute_element_nuc9v7qnx_firmwarenuc_8_compute_element_cm8i3cb4nnuc_rugged_kit_nuc8cchbnnuc_8_compute_element_cm8i7cb8nnuc_kit_nuc8i7hnknuc_rugged_kit_nuc8cchkrnuc_business_nuc8i7hvkva_firmwarenuc_enthusiast_nuc8i7hvkvanuc_8_compute_element_cm8i5cb8nnuc_pro_board_nuc8i3pnh_firmwarenuc_kit_nuc8i7hvknuc_pro_compute_element_nuc9v7qnbnuc_pro_compute_element_nuc9vxqnb_firmwarenuc_business_nuc8i7hvkvanuc_kit_nuc8i7hnk_firmwarenuc_pro_kit_nuc8i3pnknuc_enthusiast_nuc8i7hnknuc_pro_compute_element_nuc9vxqnxnuc_pro_board_nuc8i3pnk_firmwarenuc_business_nuc8i7hvkvawnuc_business_nuc8i7hnknuc_kit_nuc8i7hvkvawnuc_8_compute_element_cm8pcb4r_firmwarenuc_pro_board_nuc8i3pnb_firmwarenuc_pro_board_nuc8i3pnhnuc_8_compute_element_cm8ccb4r_firmwarenuc_enthusiast_nuc8i7hnkqcnuc_business_nuc8i7hnk_firmwarenuc_rugged_kit_nuc8cchbn_firmwarenuc_kit_nuc8i7hvk_firmwarenuc_8_compute_element_cm8pcb4rnuc_pro_kit_nuc8i3pnbnuc_enthusiast_nuc8i7hvkvaw_firmwarenuc_rugged_kit_nuc8cchbnuc_enthusiast_nuc8i7hvknuc_kit_nuc8i7hvkva_firmwarenuc_pro_kit_nuc8i3pnb_firmwarenuc_8_compute_element_cm8i3cb4n_firmwarenuc_rugged_kit_nuc8cchkr_firmwarenuc_kit_nuc8i7hvkvanuc_pro_kit_nuc8i3pnk_firmwarenuc_enthusiast_nuc8i7hvk_firmwarenuc_business_nuc8i7hvk_firmwarenuc_kit_nuc8i7hnkqc_firmwarenuc_8_compute_element_cm8i7cb8n_firmwarenuc_8_compute_element_cm8i5cb8n_firmwarenuc_kit_nuc8i7hvkvaw_firmwarenuc_rugged_kit_nuc8cchb_firmwarenuc_enthusiast_nuc8i7hnk_firmwarenuc_pro_compute_element_nuc9vxqnx_firmwarenuc_pro_board_nuc8i3pnknuc_pro_kit_nuc8i3pnhnuc_pro_board_nuc8i3pnbnuc_pro_compute_element_nuc9v7qnxnuc_pro_compute_element_nuc9vxqnbnuc_rugged_kit_nuc8cchkrn_firmwarenuc_rugged_kit_nuc8cchkrnnuc_enthusiast_nuc8i7hvkvawnuc_business_nuc8i7hvkvaw_firmwarenuc_enthusiast_nuc8i7hnkqc_firmwarenuc_business_nuc8i7hvkIntel(R) NUC BIOS firmwarebios
CWE ID-CWE-92
DEPRECATED: Improper Sanitization of Custom Special Characters
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-33246
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.23%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of out-of-range pointer offset in Audio

Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sda429w_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmwareqcs610msm8996au_firmwaresd865_5gqca6564ausdx55m_firmwaremsm8996auwcn3950_firmwarewcd9380sa8150p_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwareqcs410wcd9370qca6574aqca6426qca6430_firmwarewcn3980wcn3998sdxr2_5g_firmwarewcn3950sd855wsa8815wcn6850qca6426_firmwareqca6574a_firmwareqca6574au_firmwareqca6595auwcn3998_firmwarewcn3980_firmwareqca6391wcn3610_firmwareqca6420qca6436_firmwaresdx55maqt1000_firmwareqca6564au_firmwaresa6155p_firmwaresdxr2_5gwcn6851_firmwareqca6430qca6574auqcn9074sa6145p_firmwaresa8155p_firmwareqca6564a_firmwaresa8195pwsa8810_firmwarewcd9341_firmwarewsa8810sd870qca6436wcn6851sa6155pqcs610_firmwaresa6145pwcd9341apq8096auqca6696_firmwaresa8145psd870_firmwareqca6696qca6391_firmwareqca6390wcd9370_firmwareaqt1000sa8150psa6150papq8096au_firmwaresa8155psda429wsd855_firmwaresd865_5g_firmwarewsa8815_firmwarewcn6850_firmwaresa8195p_firmwareqcn9074_firmwareqcs410_firmwareqca6564awcn3610Snapdragonaqt1000_firmwareqca6564au_firmwaresa6155p_firmwaresda429w_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmwaremsm8996au_firmwarewcn6851_firmwaresdx55m_firmwaresa6145p_firmwaresa8155p_firmwareqca6564a_firmwarewcn3950_firmwarewsa8810_firmwaresa8150p_firmwarewcd9341_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwareqcs610_firmwareqca6696_firmwareqca6430_firmwaresd870_firmwareqca6391_firmwaresdxr2_5g_firmwarewcd9370_firmwareapq8096au_firmwaresd855_firmwaresd865_5g_firmwareqca6426_firmwarewcn6850_firmwarewsa8815_firmwareqca6574a_firmwareqca6574au_firmwaresa8195p_firmwareqcn9074_firmwareqcs410_firmwarewcn3980_firmwarewcn3998_firmwarewcn3610_firmwareqca6436_firmware
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-32926
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.34%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-watchostvosmacosipadosiphone_osmacOStvOSwatchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-29510
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.55%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_hns2600bps24compute_module_hns2600bpblc24rserver_board_s2600bpsserver_board_s2600bpqrcompute_module_hns2600bps_firmwarecompute_module_hns2600bpcompute_module_hns2600bpq24_firmwarecompute_module_hns2600bpb24rcompute_module_hns2600bpq_firmwarecompute_module_hns2600bpblc24_firmwareserver_board_s2600bpqr_firmwareserver_system_vrn2224bphy6compute_module_hns2600bpq24r_firmwarecompute_module_hns2600bps24rcompute_module_hns2600bpbserver_board_s2600bpb_firmwarecompute_module_hns2600bpsrserver_system_m70klp4s2uhhserver_system_vrn2224bphy6_firmwarecompute_module_hns2600bpblc_firmwarecompute_module_hns2600bpbrctcompute_module_hns2600bpblcrcompute_module_hns2600bpbr_firmwareserver_system_m20ntp1ur304server_system_vrn2224bpaf6compute_module_hns2600bpqrcompute_module_hns2600bpbrserver_system_vrn2224bpaf6_firmwarecompute_module_hns2600bpb_firmwarecompute_module_hns2600bpr_firmwareserver_board_m20ntp2sbserver_board_m10jnp2sb_firmwareserver_board_s2600bpbrserver_system_m70klp4s2uhh_firmwarecompute_module_hns2600bps24_firmwareserver_board_m70klp2sbcompute_module_hns2600bps24r_firmwareserver_system_zsb2224bpaf2compute_module_hns2600bprcompute_module_hns2600bp_firmwarecompute_module_hns2600bpsr_firmwarecompute_module_hns2600bpb24_firmwareserver_system_mcb2208wfaf5_firmwareserver_board_s2600bpbr_firmwarecompute_module_hns2600bpqcompute_module_hns2600bpblcr_firmwarecompute_module_hns2600bpblc24server_board_s2600bpbserver_system_zsb2224bphy1_firmwareserver_system_m20ntp1ur304_firmwarecompute_module_hns2600bpblc24r_firmwareserver_board_m70klp2sb_firmwareserver_board_s2600bpqserver_board_m10jnp2sbserver_system_zsb2224bpaf1server_board_s2600bpq_firmwarecompute_module_hns2600bpblcserver_system_zsb2224bpaf1_firmwareserver_board_s2600bpsrcompute_module_hns2600bpqr_firmwareserver_board_s2600bps_firmwarecompute_module_hns2600bpb24r_firmwarecompute_module_hns2600bpsserver_board_s2600bpsr_firmwarecompute_module_hns2600bpb24server_system_zsb2224bphy1compute_module_hns2600bpbrct_firmwareserver_system_zsb2224bpaf2_firmwarecompute_module_hns2600bpq24rcompute_module_hns2600bpq24server_board_m20ntp2sb_firmwareserver_system_mcb2208wfaf5Intel(R) Server Board M10JNP2SB BIOS firmware
CWE ID-CWE-92
DEPRECATED: Improper Sanitization of Custom Special Characters
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-35098
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:51
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarewcn3991_firmwaremdm9150_firmwarewsa8830mdm9640_firmwareqcs610mdm9650csra6620qcs4290wcn3950_firmwaresd765g_firmwareqca6420_firmwareqca6390_firmwaresd690_5gwcd9370csra6620_firmwareqcs605_firmwarecsra6640_firmwareqcs6125_firmwareqca6426wcn3990_firmwareqrb5165n_firmwareqca9377wcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950wcd9326_firmwarewcn3615_firmwarewcn3660bsd662sd460_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwarewcd9375_firmwaresdx12_firmwarewcn3615wcn3998_firmwaresm7250p_firmwareqca6420qca6436_firmwareapq8053_firmwareqrb5165nsd680_firmwaresd778gsa515m_firmwaresd429qrb5165_firmwareqrb5165m_firmwaresdxr2_5gqcs6125sd662_firmwareqcs405qca6430wcn3988_firmwaresd429_firmwaresd778g_firmwarewsa8810_firmwarequalcomm215_firmwaresd765gsd765_firmwareqca6436sd680wcd9326wcd9335wcn6851qcs603_firmwareqca6174a_firmwareqcs4290_firmwarewcd9385wcd9341sd750gsd870_firmwareqca6390wcd9375sd750g_firmwareaqt1000msm8953_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewcn3620_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwarewcn3620wsa8815_firmwarewsa8835_firmwarewcn6750_firmwareqcm6125_firmwaremdm9640wcn3991wcd9380_firmwarewcn3990sdm429wsd780gsd865_5gsdx55m_firmwarewcn6856_firmwarewsa8835sdm429w_firmwarewcd9380sd888_5gqualcomm215qcs410qca6574asd690_5g_firmwarewcn6855_firmwareqca6174asm7325pqca6430_firmwarewcd9335_firmwarewcn3980wcn6750sa515mqcs605sd855wsa8815sm7325p_firmwarewcn6850mdm9650_firmwaresd765qca6426_firmwarewcn3660b_firmwarewcn3680qca6574a_firmwaresd695sd768g_firmwareqrb5165mwcn3980_firmwaresd460qca6391sdx55maqt1000_firmwarewcn6740_firmwaremsm8953ar8031_firmwareqcm4290wcn3680_firmwareqrb5165sd480_firmwareqcs603wcn6851_firmwareqca6574auwcd9341_firmwareqcm6125qcm4290_firmwaresd480sd870wcn6855wsa8810qcs610_firmwaremdm9150wcn6856wcn3680bsd695_firmwaresd768gapq8096auar8031qcs405_firmwarewcn6740qca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55apq8053apq8096au_firmwarecsra6640sm7250psdx12qcs410_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-34376
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.7||HIGH
EPSS-0.05% / 15.81%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-4949
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-8.1||HIGH
EPSS-0.03% / 7.98%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 16:57
Updated-03 Sep, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption Vulnerability in Grub-Legacy's XFS Implementation

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.

Action-Not Available
Vendor-Free Software FoundationGNUXen Project
Product-grubxenGrub-Legacy
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49618
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.7||HIGH
EPSS-0.02% / 2.83%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:20
Updated-18 Feb, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) System Security Report and System Resources Defense firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-13754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.12%
||
7 Day CHG-0.00%
Published-02 Jun, 2020 | 13:37
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

Action-Not Available
Vendor-n/aQEMUCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxqemun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-12373
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.46%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 13:54
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-hns2600bpb24rr1304wftysrr2208wf0zsrr1208wftysr2208wftzsrr1304wf0ysr2312wf0nprhns2600bpbr1304wftyshns2600bpqr2224wfqzsr1000wfhns2600bpblc24rs2600bpqrhns2600bpbrs2600stqhns2600bpblcr2308wftzshns2600bpsrr1208wftysrr2208wf0zsr2208wftzsr2312wf0npr1208wfqysrr2224wftzsrr2208wfqzsrs2600stbr2224wftzsr2312wftzsrr2308wftzsrs2600wf0bmc_firmwarehns2600bps24rhns2600bpqrs2600wfqr2208wfqzshns2600bpshns2600bpq24rhns2600bpb24hns2600bps24r1304wf0ysrhns2600bpq24s2600wfts2600bpbrhns2600bpblc24s2600bpsrr2312wfqzsr2312wftzsIntel(R) Graphics Drivers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4439
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.42% / 60.95%
||
7 Day CHG-0.02%
Published-20 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxubuntu_linuxqemun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11149
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.79%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access due to usage of an out-of-range pointer offset in the camera driver. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qpm5579qfs2580qca8337qdm5579qdm2307qfs2530qpa8802qln1030pm6125qat3519pm8150aqtc800hqdm5670pm7150lqpa8821qdm5671pmc1000hqat3518sd8cwcn3998wcn3950qpa5460wcn3660bqca4020qdm5652sd6905gqpm8870qpm5679qbt2000pm855pqca6420pm6150asdx20msdr735gwcn3999pm8150bqsm7250qcs405qca6430qat3522pmr735awcd9340sd765gqca6436sdr660wcn6851sa6155pqpa6560sdr865wcd9341pmi8952smr545qca6431qln5020sd750gsmb1350qdm3302pm6350qdm5621qtc800sqdm5650wcn3988wtr3925smb1390pm6150lsd8885gqet4100wcn3610qpm6585qtc410swcn3991smb1355qln4650qpa8801sdm429wwgr7640qat5568qet5100qca6564ausdxr25gpm6150pm7250bqca6574qfs2630qpa8842pmm8996auwcd9380qualcomm215smb1381sdr735pm7250smb1395pm660lwtr4905qpa8803smr526wtr5975wcn3980pmk8003qdm2301qsw8573qcs605wsa8815wcn6850qpm6375smb1394wcn3680pm8009sdx55mpm670apm8008qsw8574pmi8998pme605pm855lqcs603sd8655gqpm5621qpm6582pm670pm8150lqdm5677pm8005sa6145ppm215qdm2302pmm6155ausdxr1apq8096auar8031qpm5577wtr2965pm8150qpm5875sdx55qet5100mapq8053sa8155pcsra6640pm8350bhssd675qet4101qat3516pm670lqpm5658qca9379pm855bsmb2351qpm5870pm8909wsa8830pm660qln5030qpm6325qbt1500pmi632qpa5581mdm9650csra6620qpm4621qcs4290qet6100pmm855ausdr660gqpa8686smb1396pm7150awcd9370pm8350qca6564sdr425qca6426qca9377qpm5641qpm5541qat5516qdm5620sd662pm8350bhpm3003asa8155qat5533qca6595auwcn3615sm7350qpm6670smb1354qca6584auqdm2305qpm8820qpm4641pm855sd429pm8250smb1398qdm4643pmx55sd205qca6421qdm3301pm8953qat5515qpm5677qat3514wcd9326wcd9335wcd9385pmm8155auqpm4630ar8035qca6390wcd9375aqt1000qpa8673qdm2310qln4642sda429wsd210pm8998pmk7350wcn3620qca6564asmr546pmx24qet6110qln5040qpm8895qpm5670wcn3990qtm527pmk8350sdx24qpm8830pm8350bqat5522wsa8835pm8150cpmr735bqpa4360pm855aqca6574aqpa4361qca6174apm8350csmr525qpm4640wcn6750pmr525pm7350cqpm4650qtm525sd855sd8cxsd665sd765pm640ppmx20qat3555sd460qca6391smb1351qpa5461qcm4290pm640asdr8150qfs2608sdx20pm8916qtc801sqdm4650pmd9655qca6574auqsw6310qpm6621wsa8810qdm2308pmw3100qat3550wcn6856qdm5679wcn3680bsdr8250sd768gwcn6740qca6696pm8004pm640lpmk8002qpa2625sm7250psdm830smb1357qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11150
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.79%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qpm5579qfs2580qca8337qdm5579qdm2307qfs2530qpa8802pm6125qat3519pm8150aqtc800hqdm5670sa6155pm7150lqpa8821qdm5671pmc1000hqat3518sd8cwcn3998wcn3950wcn3660bqca4020qdm5652sd6905gqpm8870qpm5679qbt2000pm855pqca6420pm6150asdr735gwcn3999pm8150bqsm7250qcs405qca6430qat3522pmr735awcd9340sd765gqca6436sdr660wcn6851sa6155pqpa6560sdr865wcd9341smr545qca6431qln5020sd750gqdm3302sa8150ppm6350qdm5621qdm5650wcn3988wtr3925smb1390pm6150lsd8885gwcn3610qpm6585qtc410swcn3991smb1355qln4650qpa8801sdm429wwgr7640qat5568qet5100qca6564ausdxr25gpm6150pm7250bqca6574qfs2630qpa8842wcd9380qualcomm215smb1381sdr735pm7250smb1395pm660lwtr4905qpa8803smr526wcn3980pmk8003qdm2301qsw8573qcs605wsa8815wcn6850qpm6375smb1394wcn3680pm8009sdx55mpm670apm8008qsw8574pme605pm855lqcs603sd8655gqpm5621qpm6582pm670pm8150lqdm5677pm8005sa6145ppm215qdm2302pmm6155ausdxr1ar8031qpm5577wtr2965pm8150qpm5875qet5100msdx55sa8155pcsra6640pm8350bhssd675qet4101qat3516pm670lqpm5658qca9379pm855bsmb2351qln1031qpm5870pm8909wsa8830pm660qln5030qpm6325qbt1500pmi632qpa5581csra6620qpm4621qcs4290qet6100pmm855ausdr660gqpa8686smb1396pm7150awcd9370pm8350qca6564sdr425qca6426qca9377qpm5641qpm5541qat5516qdm5620qln1021aqsd662pm8350bhpm3003asa8155qat5533qca6595auwcn3615sm7350qpm6670smb1354qca6584auqdm2305qpm8820qpm4641pm855pm8250smb1398qdm4643pmx55sd205qca6421qdm3301sa8195pqpm5677qat5515qat3514wcd9326wcd9335qet4200aqwcd9385pmm8155auqpm4630ar8035qca6390wcd9375aqt1000qpa8673qdm2310pmm8195auqln4642sda429wsd210wcn3620pmk7350qca6564asmr546pmx24qet6110qln5040qpm8895qpm5670wcn3990qtm527qca6595pmk8350sdx24qpm8830pm8350bqat5522wsa8835pm8150cpmr735bqpa4360qca6574aqpa4361qca6174apm8350csmr525qpm4640wcn6750pmr525pm7350cqpm4650qtm525sd855sd8cxsd665qca6175asd765pm640pqat3555sd460qca6391smb1351qpa5461qcm4290pm640asdr8150qfs2608pm8916qln1036aqqtc801sqdm4650pmd9655qca6574auqsw6310qpm6621wsa8810qdm2308qat3550wcn6856qdm5679wcn3680bsdr8250sd768gwcn6740qca6696qpa2625pm640lpmk8002sm7250pqpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-0054
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.25%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 19:07
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_8_compute_element_cm8pcbnuc_10_performance_kit_nuc10i5fnhf_firmwarenuc_11_pro_kit_nuc11tnhi5_firmwarenuc_8_mainstream-g_kit_nuc8i7inh_firmwarenuc_8_pro_board_nuc8i3pnb_firmwarenuc_11_performance_kit_nuc11pahi3nuc_8_business\,_a_mini_pc_with_windows_10_nuc8i7hnkqcnuc_m15_laptop_kit_lapbc710_firmwarenuc_8_mainstream-g_kit_nuc8i5inhnuc_10_performance_mini_pc_nuc10i5fnkpanuc_11_pro_kit_nuc11tnhi30lnuc_8_enthusiast\,_a_mini_pc_with_windows_10_nuc8i7hvkvanuc_11_pro_kit_nuc11tnhi70qnuc_10_performance_kit_nuc10i5fnh_firmwarenuc_11_pro_kit_nuc11tnhi50l_firmwarenuc_11_pro_kit_nuc11tnki5_firmwarenuc_9_pro_compute_element_nuc9v7qnbnuc_10_performance_mini_pc_nuc10i7fnkpanuc_10_performance_mini_pc_nuc10i5fnhca_firmwarenuc_11_pro_kit_nuc11tnhi70q_firmwarenuc_8_mainstream-g_mini_pc_nuc8i5inh_firmwarenuc_11_pro_board_nuc11tnbi5_firmwarenuc_11_pro_kit_nuc11tnhi7nuc_11_pro_kit_nuc11tnhi50lnuc_11_pro_board_nuc11tnbi7nuc_10_performance_kit_nuc10i7fnhcnuc_10_performance_mini_pc_nuc10i3fnhfa_firmwarenuc_10_performance_kit_nuc10i7fnknuc_10_performance_mini_pc_nuc10i5fnhjanuc_kit_nuc8i7hvk_firmwarenuc_9_pro_kit_nuc9v7qnx_firmwarenuc_m15_laptop_kit_lapbc710nuc_11_performance_kit_nuc11paki5_firmwarenuc_10_performance_mini_pc_nuc10i5fnhja_firmwarenuc_11_pro_board_nuc11tnbi3_firmwarenuc_10_performance_mini_pc_nuc10i3fnhja_firmwarenuc_10_performance_kit_nuc10i3fnhfnuc_10_performance_kit_nuc10i3fnk_firmwarenuc_10_performance_kit_nuc10i5fnhj_firmwarenuc_11_pro_kit_nuc11tnhi3_firmwarenuc_10_performance_kit_nuc10i7fnh_firmwarenuc_8_pro_kit_nuc8i3pnknuc_8_pro_board_nuc8i3pnbnuc_11_pro_board_nuc11tnbi5nuc_7_essential\,_a_mini_pc_with_windows_10_nuc7cjysal_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caanuc_10_performance_mini_pc_nuc10i5fnhcanuc_10_performance_kit_nuc10i5fnhnuc_8_compute_element_cm8pcb_firmwarenuc_9_pro_compute_element_nuc9vxqnbnuc_10_performance_kit_nuc10i7fnk_firmwarenuc_8_mainstream-g_mini_pc_nuc8i5inhnuc_11_performance_kit_nuc11pahi5_firmwarenuc_8_compute_element_cm8i5cb_firmwarenuc_11_pro_kit_nuc11tnhi30p_firmwarenuc_8_compute_element_cm8ccbnuc_8_mainstream-g_kit_nuc8i5inh_firmwarenuc_11_performance_kit_nuc11paki3nuc_11_pro_kit_nuc11tnhi30pnuc_11_enthusiast_mini_pc_nuc11phki7caa_firmwarenuc_11_pro_kit_nuc11tnhi7_firmwarenuc_8_rugged_kit_nuc8cchkr_firmwarenuc_10_performance_kit_nuc10i5fnkp_firmwarenuc_10_performance_kit_nuc10i5fnkpnuc_11_performance_mini_pc_nuc11paqi70qanuc_10_performance_mini_pc_nuc10i7fnkpa_firmwarenuc_m15_laptop_kit_lapbc510nuc_8_enthusiast\,_a_mini_pc_with_windows_10_nuc8i7hvkva_firmwarenuc_10_performance_kit_nuc10i5fnknuc_10_performance_kit_nuc10i7fnkpnuc_10_performance_mini_pc_nuc10i7fnhjanuc_11_pro_kit_nuc11tnki7_firmwarenuc_11_enthusiast_kit_nuc11phki7c_firmwarenuc_10_performance_kit_nuc10i3fnhf_firmwarenuc_8_compute_element_cm8ccb_firmwarenuc_10_performance_mini_pc_nuc10i3fnhfanuc_8_enthusiast\,_a_mini_pc_with_windows_10_nuc8i7hvkvaw_firmwarenuc_11_pro_kit_nuc11tnhi70lnuc_8_mainstream-g_mini_pc_nuc8i7inh_firmwarenuc_8_compute_element_cm8i5cbnuc_kit_nuc7pjyhnuc_11_enthusiast_kit_nuc11phki7cnuc_11_pro_kit_nuc11tnki3_firmwarenuc_11_pro_board_nuc11tnbi7_firmwarenuc_11_pro_kit_nuc11tnhi3nuc_8_pro_kit_nuc8i3pnhnuc_11_performance_kit_nuc11pahi3_firmwarenuc_8_enthusiast\,_a_mini_pc_with_windows_10_nuc8i7hvkvawnuc_10_performance_kit_nuc10i7fnhnuc_8_compute_element_cm8i3cb_firmwarenuc_8_business\,_a_mini_pc_with_windows_10_nuc8i7hnkqc_firmwarenuc_8_mainstream-g_mini_pc_nuc8i7inhnuc_11_pro_kit_nuc11tnhi70l_firmwarenuc_board_nuc8cchbnuc_kit_nuc8i7hnknuc_11_pro_board_nuc11tnbi3nuc_11_compute_element_cm11ebi58wnuc_11_performance_mini_pc_nuc11paqi50wanuc_10_performance_kit_nuc10i3fnknuc_kit_nuc8i7hvknuc_11_performance_kit_nuc11paki7_firmwarenuc_11_performance_mini_pc_nuc11paqi50wa_firmwarenuc_board_nuc8cchb_firmwarenuc_11_performance_kit_nuc11pahi7nuc_10_performance_kit_nuc10i5fnhjnuc_kit_nuc8i7hnk_firmwarenuc_11_performance_mini_pc_nuc11paqi70qa_firmwarenuc_10_performance_mini_pc_nuc10i7fnhaanuc_8_compute_element_cm8i3cbnuc_10_performance_kit_nuc10i5fnhfnuc_11_pro_kit_nuc11tnhi5nuc_10_performance_kit_nuc10i3fnhnuc_10_performance_mini_pc_nuc10i7fnhja_firmwarenuc_kit_nuc7cjyhnuc_11_compute_element_cm11ebc4nuc_10_performance_kit_nuc10i7fnkp_firmwarenuc_8_pro_kit_nuc8i3pnh_firmwarenuc_11_pro_kit_nuc11tnki7nuc_10_performance_mini_pc_nuc10i7fnhaa_firmwarenuc_9_pro_kit_nuc9vxqnxnuc_10_performance_kit_nuc10i3fnh_firmwarenuc_11_performance_kit_nuc11paki5nuc_10_performance_mini_pc_nuc10i5fnkpa_firmwarenuc_11_compute_element_cm11ebi38w_firmwarenuc_11_performance_kit_nuc11paki3_firmwarenuc_11_compute_element_cm11ebi716w_firmwarenuc_8_pro_kit_nuc8i3pnk_firmwarenuc_11_compute_element_cm11ebc4_firmwarenuc_8_mainstream-g_kit_nuc8i7inhnuc_9_pro_compute_element_nuc9vxqnb_firmwarenuc_10_performance_kit_nuc10i7fnhc_firmwarenuc_11_compute_element_cm11ebi38wnuc_9_pro_compute_element_nuc9v7qnb_firmwarenuc_10_performance_kit_nuc10i5fnk_firmwarenuc_11_compute_element_cm11ebi58w_firmwarenuc_11_performance_kit_nuc11paki7nuc_8_rugged_kit_nuc8cchkrnuc_kit_nuc7cjyh_firmwarenuc_kit_nuc7pjyh_firmwarenuc_11_performance_kit_nuc11pahi5nuc_11_performance_kit_nuc11pahi7_firmwarenuc_8_compute_element_cm8i7cb_firmwarenuc_11_compute_element_cm11ebi716wnuc_10_performance_mini_pc_nuc10i3fnhjanuc_11_pro_kit_nuc11tnki5nuc_9_pro_kit_nuc9v7qnxnuc_9_pro_kit_nuc9vxqnx_firmwarenuc_11_pro_kit_nuc11tnhi30l_firmwarenuc_11_pro_kit_nuc11tnhi50w_firmwarenuc_11_pro_kit_nuc11tnki3nuc_7_essential\,_a_mini_pc_with_windows_10_nuc7cjysalnuc_8_compute_element_cm8i7cbnuc_11_pro_kit_nuc11tnhi50wnuc_m15_laptop_kit_lapbc510_firmwareIntel(R) NUCs
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-8703
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.81%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 18:48
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel CorporationSiemens AG
Product-core_i7-7700kcore_i7-8705gcore_i7-8665uz270c627core_i3-8300tcore_i7-7660ucore_i7-8706gcore_i7-1068ng7core_i7-11700fcore_i7-1160g7core_i5-1035g7pentium_gold_g5420core_i7-10850hcore_i7-1185grecore_i7-11375hcore_i5-8400hcore_i7-8700core_i5-10400fc621acore_i5-8400core_i5-7y54core_i3-10300core_i3-7100tcore_i7-7700tcore_i7-10700tcore_i3-1110g4core_i7-8086kceleron_4305ucore_i5-10210usimatic_ipc547g_firmwarecore_i5-8257ucore_i7-8700kcore_i5-10200hpentium_gold_g5400tpentium_gold_g6405tq150core_i5-1035g4core_i3-8145ucore_i5-10400hceleron_4205ucore_i7-11700core_i5-7442eqcore_i3-10100ycore_i3-7020ucore_i5-10400tcore_i3-8109ucore_i7-11370hcore_i5-10310ucore_i7-7600ucore_i9-11900tcore_i9-11900kbcore_i5-10505c246core_i5-1030g7xeon_w-1270core_i3-1000ng4core_i3-7100ecore_i5-11600tcore_i3-7300pentium_gold_4417ucore_i7-11850hcore_i9-11900core_i3-1000g1core_i7-10510ycore_i3-10110ucore_i7-11800hcore_i5_l16g7simatic_field_pg_m6_firmwarec625simatic_ipc477ecore_i5-10400simatic_ipc427e_firmwarexeon_w-1270tecore_i5-8400bcore_i7-7700hqcore_i5-1155g7core_i5-10500tecore_i3-10105fcore_i7-7820hkcore_i3-8100hpentium_gold_4415ypentium_gold_g5620core_i9-11950hxeon_w-1290tcore_i5-11600h110core_i5-10300hpentium_gold_g6505tcore_i5-8350ucore_i9-10980hkcore_i5-7300uq270core_i7-11700tcore_i5-8600xeon_w-11855mcore_i5-8500tcore_i7-10510ucore_i5-7500core_i3-10100ecore_i5-1030ng7core_i3-8100core_i7-1060g7simatic_ipc527gcore_i9-11900hcore_i9-10900h410pentium_gold_g6500txeon_w-10855mcore_i5-7200ucore_i9-11900kcore_i3-10100tsimatic_ipc847e_firmwarecore_i9-8950hksimatic_ipc527g_firmwarecore_i9-10900ecore_i7-7700simatic_field_pg_m5core_i9-10850kcore_i9-10900kcore_i7-7920hqcore_i3-7102eh270core_i5-8600ksimatic_ipc477e_firmwareq470core_i9-10900fpentium_gold_g6400tcore_i5-8400tpentium_gold_g5600tsimatic_field_pg_m6xeon_w-1270pcore_i7-8750hcore_i7-10700simatic_ipc477e_procore_i5-8365ub150core_i3-10100tecore_i9-10910core_i5-7600simatic_ipc647ecore_i3-10105txeon_w-1250ecore_i7-10700fcore_i9-10885hcore_i5-11400tcore_i5-11300hcore_i9-11900kfcore_i3-10325core_i5-1145g7core_i3-1125g4core_i7-10750hq470ecore_i3-7100hcore_i3-8300core_i3-1000g4core_i5-7400tcore_i7-10875hq370core_i3-7100core_i7-8809gcore_i3-8145uecore_i5-7260ucore_i7-8700bcore_i7-8709gsimatic_ipc627ecore_i3-10100pentium_gold_g6505core_i5-7267uxeon_w-1250pcore_i3-1115g4celeron_6305core_i3-8100tcore_i3-8121uh170core_i5-10210yh310core_i5-1140g7core_i7-8557ucore_i5-10500esimatic_ipc547gcore_i7-8700tsimatic_ipc477e_pro_firmwarecore_i5-8300hcore_i5-10600tcore_m3-7y32core_i3-10110ycore_i5-7400core_i5-10600kfcore_i7-8650ucore_i5-11400fc629acore_i7-10700ecore_i5-1145grecore_i3-7320core_i7-1180g7c242pentium_gold_4410ycore_i5-11600kfz370pentium_gold_g5500tcore_i7-11700kfcloud_backupcore_i7-10870hpentium_gold_4415uw480core_i5-1035g1core_i5-1038ng7h420ecore_i5-11500bz170c624mobile_cm246simatic_ipc647e_firmwarex299pentium_gold_6405usimatic_ipc627e_firmwarecore_i5-8500bc627acore_i7-10700kcore_i5-11500tc622core_i7-1185g7core_i7-1165g7core_i7-1195g7core_i5-8269ucore_i5-11600kcore_i7-11390hcore_i5-1030g4core_i7-10700tecore_i5-10500core_i7-11700kcore_i7-10710ucore_i5-7287ucore_i7-10700kfcore_i5-7440eqh370xeon_w-1250texeon_w-1250core_i5-8279uw480exeon_w-1290ecore_i3-7100ucore_i7-8565ucore_i3-7101tecore_i3-7350kcore_i5-11400hcore_i7-11700bcore_i5-7600kcore_i5-8250ucore_i3-10305b365core_i5-7300hqcore_i7-7560uxeon_w-1270epentium_gold_g5420tcore_i7-7820eqcore_i9-11900fcore_i5-8259ucore_i5-7360ucore_i9-11980hkpentium_gold_g5500core_i5-10600kceleron_4305uesimatic_ipc847ecore_i3-8140usimatic_ipc427ecore_m3-8100ycore_i9-10900kfcore_i3-10105core_i3-11100bq170b460simatic_itp1000_firmwarecore_i5-1130g7core_i3-1120g4core_i5-7600tcore_i7-1060ng7core_i7-7500ucore_i7-8550ucore_i5-10310yxeon_w-1290pcore_i5-10500hcore_i5-8260ucore_i5-11320hpentium_gold_4425yb250core_i7-10810upentium_gold_g6500core_i3-1115grecore_i7-8850hcore_i5-11500hcore_i3-7130ucore_i7-10610usimatic_itp1000xeon_w-11955mcore_i3-10100fcore_i3-7167upentium_gold_g6400ecore_i7-8500ycore_i7-7567uc629pentium_gold_7505b360core_i5-10600c621core_i5-11260hsimatic_field_pg_m5_firmwarecore_i3-1115g4epentium_gold_g6400core_i7-7820hqcore_i5-8210ycore_m3-7y30core_i3-7300tcore_i5-8365uecore_i7-8665uexeon_w-1290celeron_6305ecore_i5-1145g7exeon_w-10885mcore_i3-10320core_i9-10900tcore_i5-8200ypentium_gold_g5400simatic_ipc677ecore_i3-10300tcore_i3-7101ecore_i5-8310yxeon_w-1290tecore_i5-1135g7core_i5-11500core_i5-8500c626core_i5-7440hqpentium_gold_g6600core_i7-8569uq250z490core_i5-8265ucore_i5-10500tpentium_gold_g6605core_i7-1185g7econverged_security_and_manageability_enginecore_i3_l13g4pentium_gold_5405ucore_i7-7y75core_i3-1005g1pentium_gold_g6405core_i3-8100bcore_i5-7y57simatic_ipc677e_firmwarecore_i3-10305tcore_i3-8350kcore_i5-11400core_i5-8600tcore_i5-7500tcore_i5-8305gcore_i7-1065g7core_i7-8559ucore_i9-10900tepentium_gold_g6400tez390core_i3-8130uc420h470pentium_gold_6500yc628pentium_gold_g5600Intel(R) CSME versions
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-3545
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.06% / 18.99%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 02:25
Updated-13 Nov, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software Buffer Overflow Vulnerability

A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300firepower_4112firepower_4150firepower_4140firepower_4145firepower_4110firepower_4120firepower_extensible_operating_systemfirepower_4125firepower_4115Cisco Firepower Extensible Operating System (FXOS)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found