Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-34885

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-30 Jan, 2023 | 21:43
Updated At-27 Mar, 2025 | 18:49
Rejected At-
Credits

An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:30 Jan, 2023 | 21:43
Updated At:27 Mar, 2025 | 18:49
Rejected At:
▼CVE Numbering Authority (CNA)

An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.

Affected Products
Vendor
Motorola Mobility LLC. (Lenovo Group Limited)Motorola
Product
MR2600 Router
Default Status
unaffected
Versions
Affected
  • Versions prior to 1.0.18
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Motorola recommends updating the Motorola MR2600 router to software version 1.0.18.

Configurations
Workarounds
Exploits
Credits
finder
Motorola thanks Jiaqian Peng from Institute of Information Engineering, Chinese Academy of Science for reporting this vulnerability.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://help.motorolanetwork.com/hc/en-us/articles/8161908477595
N/A
Hyperlink: https://help.motorolanetwork.com/hc/en-us/articles/8161908477595
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://help.motorolanetwork.com/hc/en-us/articles/8161908477595
x_transferred
Hyperlink: https://help.motorolanetwork.com/hc/en-us/articles/8161908477595
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:30 Jan, 2023 | 22:15
Updated At:21 Jul, 2023 | 21:05

An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Motorola Mobility LLC. (Lenovo Group Limited)
motorola
>>mr2600_firmware>>Versions before 1.0.18(exclusive)
cpe:2.3:o:motorola:mr2600_firmware:*:*:*:*:*:*:*:*
Motorola Mobility LLC. (Lenovo Group Limited)
motorola
>>mr2600>>-
cpe:2.3:h:motorola:mr2600:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-20Secondarypsirt@lenovo.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://help.motorolanetwork.com/hc/en-us/articles/8161908477595psirt@lenovo.com
Patch
Vendor Advisory
Hyperlink: https://help.motorolanetwork.com/hc/en-us/articles/8161908477595
Source: psirt@lenovo.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

299Records found
CVE-2023-28060
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.06%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:17
Updated-07 Nov, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_24_5410_all-in-onelatitude_5401vostro_5391_firmwareoptiplex_7770_all-in-onexps_15_9510_firmwareinspiron_3470inspiron_7300_firmwarelatitude_3520inspiron_13_5330precision_3561_firmwarevostro_3669xps_17_9710_firmwareoptiplex_tower_plus_7010_firmwareprecision_7770_firmwareprecision_7560inspiron_5590_firmwareg7_17_7790_firmwarelatitude_7380_firmwarevostro_3888xps_13_9315inspiron_5570inspiron_7490vostro_3888_firmwarelatitude_14_rugged_5414precision_7540wyse_7040_thin_clientinspiron_15_3511_firmwarewyse_5070latitude_9420inspiron_5490_firmwareprecision_5470_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080inspiron_5502latitude_5511inspiron_5620_firmwareinspiron_7501latitude_7390_2-in-1inspiron_7300_2-in-1chengming_3911_firmwareprecision_5530_2-in-1precision_5550xps_17_9700inspiron_16_7630_2-in-1alienware_x14_firmwareinspiron_3583precision_7720alienware_m17_r3_firmwarelatitude_5300vostro_3400alienware_x14g3_3500precision_5530_firmwareoptiplex_5050alienware_aurora_r11g5_15_5500_firmwarelatitude_7300inspiron_7710optiplex_7090precision_3620_towerg7_17_7700_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_5490_aio_firmwareinspiron_7000latitude_3420inspiron_3782latitude_3590_firmwarelatitude_7490_firmwarevostro_3020_talienware_m15_r2vostro_5491_firmwareprecision_5520latitude_5310_2-in-1_firmwareprecision_3570inspiron_7490_firmwareinspiron_5409xps_8950precision_5720_aiolatitude_7400latitude_5591optiplex_5270_all-in-one_firmwarexps_13_9320xps_8960_firmwarexps_13_9320_firmwareinspiron_3471inspiron_3511_firmwarelatitude_5531_firmwareoptiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwareinspiron_14_5410optiplex_7460_all-in-oneprecision_3570_firmwareoptiplex_5070latitude_3400precision_5770_firmwareinspiron_14_7430_2-in-1latitude_3420_firmwareg5_5000alienware_aurora_r15xps_15_9575_2-in-1inspiron_5491_2-in-1_firmwareoptiplex_3090_firmwareg15_5520_firmwarelatitude_3530vostro_3581_firmwareinspiron_7506_2-in-1_firmwarelatitude_7320_detachable_firmwarevostro_3581latitude_9410optiplex_7070vostro_3020_sffoptiplex_7080_firmwarevostro_16_5630latitude_5420_rugged_firmwareinspiron_3521inspiron_5491_aio_firmwarealienware_m16latitude_5310latitude_5530vostro_5391latitude_3301inspiron_5594latitude_5420_ruggedoptiplex_7090_ultra_firmwareoptiplex_7000_oemvostro_3268_firmwareinspiron_7000_firmwareg16_7620alienware_x15_r1precision_3450chengming_3900inspiron_5420latitude_7390_2-in-1_firmwareinspiron_5400latitude_7330_firmwarelatitude_7480_firmwarexps_15_9520_firmwarevostro_5591vostro_5090precision_5560latitude_3190inspiron_3510_firmwareinspiron_3020soptiplex_5400latitude_7430_firmwarelatitude_3330_firmwareinspiron_3881_firmwarelatitude_5488latitude_5521inspiron_3020_firmwarelatitude_7380optiplex_5480_all-in-one_firmwareprecision_3540alienware_aurora_r11_firmwarealienware_x17_r2_firmwareinspiron_3910inspiron_7510_firmwareprecision_5570_firmwareinspiron_3580_firmwareinspiron_3781_firmwareinspiron_7500_2-in-1_black_firmwarewyse_5070_firmwarevostro_3670_firmwareinspiron_3510inspiron_3280_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1precision_7520wyse_5470_all-in-one_firmwareprecision_7820_toweroptiplex_3090latitude_7290vostro_5410vostro_7620_firmwarelatitude_7212_rugged_extreme_tablet_firmwarealienware_area_51m_r1inspiron_16_7620_2-in-1inspiron_5402latitude_13_3380_firmwarelatitude_5430_firmwareinspiron_3582latitude_7230_rugged_extreme_tabletlatitude_7285_2-in-1_firmwarelatitude_7480precision_7540_firmwarevostro_3401_firmwareinspiron_7391_firmwarevostro_3881vostro_5401wyse_5470_firmwareinspiron_5593latitude_5420_firmwareprecision_3561optiplex_5000inspiron_5770alienware_m17_r2_firmwarelatitude_3580vostro_5300precision_5820_tower_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwarevostro_5301xps_15_9510inspiron_16_plus_7620inspiron_5481_2-in-1inspiron_3590latitude_7210_2-in-1optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarealienware_m15_r7_firmwarealienware_m15_r6_firmwareoptiplex_5270_all-in-oneoptiplex_xe3vostro_3584optiplex_7000_firmwarelatitude_3301_firmwarevostro_3481_firmwareinspiron_3502latitude_5491latitude_3140_firmwarelatitude_9520_firmwareprecision_5560_firmwarelatitude_5330vostro_3690_firmwarealienware_aurora_r12latitude_5520_firmwareoptiplex_5090inspiron_24_5410_all-in-one_firmwareoptiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarealienware_aurora_r15_firmwarelatitude_7280latitude_5400alienware_aurora_r13_firmwarelatitude_5410precision_7865_towerprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwareprecision_3551latitude_5401_firmwarealienware_m17_r3vostro_5491precision_5820_towerinspiron_3520precision_7730precision_3640_tower_firmwareinspiron_7610vostro_5301_firmwareg7_17_7790vostro_5890inspiron_5400_2-in-1optiplex_7770_all-in-one_firmwarelatitude_5400_firmwareinspiron_7610_firmwareinspiron_5400_2-in-1_firmwareg7_15_7590inspiron_7391alienware_m17_r4latitude_9330_firmwareinspiron_7700_all-in-onevostro_3671_firmwareprecision_3440latitude_rugged_7220ex_firmwareprecision_7510_firmwarevostro_5402optiplex_7090_ultrag5_5000_firmwareoptiplex_7470_all-in-oneoptiplex_5250_firmwarealienware_m15_r3_firmwareinspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwareinspiron_3781vostro_3690g16_7620_firmwareinspiron_5300_firmwareprecision_3460_small_form_factor_firmwareoptiplex_7000_oem_firmwarelatitude_7530optiplex_3050_firmwareoptiplex_7490_all-in-onevostro_7500alienware_m15_r7inspiron_7590_firmwareinspiron_7791_firmwareprecision_7740_firmwarelatitude_7285_2-in-1alienware_m15_r2_firmwarelatitude_7389vostro_3681precision_7920_towerinspiron_5570_firmwarelatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530inspiron_3582_firmwarelatitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593optiplex_7070_ultrainspiron_15_5518_firmwareprecision_7740optiplex_tower_plus_7010inspiron_3481_firmwareprecision_5530latitude_7310_firmwareoptiplex_3000_thin_clientinspiron_7306_2-in-1latitude_7530_firmwareinspiron_3790_firmwareinspiron_3584_firmwareoptiplex_3050_all-in-onelatitude_9510optiplex_3280_all-in-onexps_13_7390_firmwarexps_13_9310_firmwareinspiron_3583_firmwareinspiron_5770_firmwareprecision_5760_firmwarelatitude_3180_firmwarevostro_3420_firmwarevostro_3681_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarevostro_5890_firmwareinspiron_3910_firmwareinspiron_5406_2-in-1precision_7760_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwareinspiron_3511vostro_3668xps_13_9305_firmwareinspiron_5410optiplex_7760_all-in-onelatitude_7280_firmwarevostro_5502vostro_3670latitude_5280inspiron_7420_firmwareoptiplex_7780_all-in-oneinspiron_5490inspiron_3501_firmwareinspiron_27_7720_all-in-one_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5481_2-in-1_firmwarelatitude_5480_firmwareprecision_3930_rackprecision_7865_tower_firmwarexps_17_9720vostro_3490inspiron_5391g5_15_5590_firmwareinspiron_5598inspiron_3482inspiron_14_plus_7420latitude_5320_firmwareg7_15_7590_firmwareoptiplex_3080xps_13_9315_firmwarelatitude_3480inspiron_3782_firmwarexps_13_9300_firmwareprecision_5750alienware_m15_r4latitude_rugged_5430precision_5570vostro_3671inspiron_7591latitude_7310inspiron_14_5410_firmwareinspiron_7790inspiron_5420_firmwarelatitude_5421_firmwareinspiron_7500inspiron_7790_firmwareg15_5511inspiron_5620precision_5760vostro_3584_firmwarealienware_m16_firmwarelatitude_3390_2-in-1_firmwarechengming_3990_firmwareoptiplex_7480_all-in-oneprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwarelatitude_9430optiplex_7070_ultra_firmwarevostro_3400_firmwarevostro_5310_firmwareoptiplex_7060latitude_5290_firmwarelatitude_7424_rugged_extremeinspiron_7710_firmwareoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390vostro_3500g3_15_3590precision_3240_compactxps_13_9315_2-in-1alienware_aurora_r12_firmwarelatitude_3520_firmwareinspiron_5490_aiolatitude_5285_2-in-1_firmwarechengming_3991_firmwareinspiron_16_7630_2-in-1_firmwareprecision_7510vostro_3401vostro_3480_firmwarevostro_7590_firmwareinspiron_14_5418inspiron_7400latitude_9430_firmwareprecision_3650_tower_firmwarelatitude_7389_firmwareoptiplex_7470_all-in-one_firmwarevostro_3510precision_3630_tower_firmwarexps_13_9310_2-in-1inspiron_3581inspiron_5400_firmwarelatitude_5424_ruggedlatitude_5488_firmwareoptiplex_7760_all-in-one_firmwareinspiron_7500_firmwareprecision_3541_firmwareinspiron_5591_2-in-1latitude_7330alienware_x15_r2inspiron_7506_2-in-1latitude_5330_firmwareprecision_3650_towervostro_3881_firmwarevostro_3490_firmwarelatitude_7200_2-in-1latitude_5511_firmwarelatitude_3430_firmwareinspiron_5493optiplex_7410_all-in-oneprecision_3550inspiron_3891_firmwareoptiplex_3090_ultra_firmwarexps_13_7390_2-in-1_firmwareoptiplex_5070_firmwarealienware_aurora_r13inspiron_5501latitude_3390_2-in-1latitude_3310_2-in-1vostro_5501_firmwareoptiplex_3090_ultralatitude_5490vostro_5620_firmwarealienware_m17_r2inspiron_3520_firmwarevostro_3070_firmwareprecision_5720_aio_firmwareinspiron_3020latitude_3190_2-in-1optiplex_7071vostro_3481optiplex_3000_firmwareinspiron_3891xps_13_9305vostro_5310latitude_9410_firmwarevostro_7590latitude_5280_firmwarelatitude_3180inspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwareinspiron_13_5330_firmwarelatitude_12_rugged_extreme_7214_firmwarelatitude_5300_2-in-1latitude_7424_rugged_extreme_firmwareoptiplex_7090_firmwareoptiplex_3070_firmwarevostro_3020_t_firmwareg15_5511_firmwarelatitude_7410_firmwarevostro_3667alienware_x15_r2_firmwareprecision_3660optiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1vostro_3910inspiron_5491_aioinspiron_3780inspiron_14_5418_firmwarelatitude_7230_rugged_extreme_tablet_firmwarelatitude_rugged_7330_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarelatitude_5430vostro_5090_firmwarexps_13_7390latitude_3530_firmwarelatitude_3400_firmwarevostro_3890latitude_3510chengming_3901_firmwareprecision_3560_firmwareinspiron_3502_firmwareprecision_3520vostro_5401_firmwareinspiron_3880_firmwareinspiron_5310_firmwareinspiron_5501_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareg7_15_7500optiplex_5080_firmwareinspiron_14_5430inspiron_5493_firmwarevostro_3471xps_17_9700_firmwareinspiron_3480_firmwareinspiron_5320alienware_m15_r3vostro_3520_firmwarelatitude_5530_firmwareprecision_5470optiplex_5060_firmwareinspiron_16_5630_firmwareoptiplex_3050_all-in-one_firmwarevostro_16_5630_firmwarevostro_3590optiplex_small_form_factor_plus_7010inspiron_15_5510vostro_5590_firmwareinspiron_16_plus_7620_firmwareprecision_7530_firmwarealienware_m17_r4_firmwarealienware_x17_r1inspiron_3790optiplex_7000chengming_3901vostro_3583_firmwarelatitude_3190_firmwareinspiron_5494optiplex_7460_all-in-one_firmwarexps_8960g3_3779_firmwarexps_13_9300xps_15_9500latitude_5500inspiron_5508_firmwarelatitude_3500_firmwarechengming_3900_firmwarechengming_3991latitude_5288_firmwareinspiron_7501_firmwareinspiron_7500_2-in-1_blackxps_8950_firmwareg15_5510_firmwarevostro_7510_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwarevostro_7510inspiron_7791latitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590vostro_3501vostro_5320_firmwareprecision_3450_firmwarechengming_3990precision_3460_small_form_factorinspiron_5301inspiron_7420vostro_3583alienware_x17_r2latitude_5491_firmwarevostro_5880_firmwarexps_17_9710inspiron_3493optiplex_7400precision_5750_firmwareoptiplex_small_form_factor_plus_7010_firmwareoptiplex_3060optiplex_5060latitude_5285_2-in-1optiplex_5000_firmwarechengming_3988_firmwareinspiron_3584latitude_5520latitude_3410_firmwarewyse_5470_all-in-oneinspiron_7510inspiron_7400_firmwareprecision_3530_firmwarelatitude_3320xps_13_9310_2-in-1_firmwarelatitude_5580_firmwarevostro_5320xps_13_9315_2-in-1_firmwarelatitude_3189xps_15_9575_2-in-1_firmwarevostro_3580latitude_13_3380inspiron_24_5421_all-in-one_firmwarelatitude_3430embedded_box_pc_5000inspiron_3020s_firmwarelatitude_3320_firmwareinspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579optiplex_5490_all-in-one_firmwareoptiplex_7080g15_5510inspiron_15_5518alienware_area_51m_r2_firmwarevostro_7500_firmwarealienware_m15_r4_firmwarexps_17_9730latitude_9330inspiron_16_7620_2-in-1_firmwarelatitude_5480inspiron_15_3511inspiron_5310vostro_5510_firmwarelatitude_14_rugged_5414_firmwarelatitude_5424_rugged_firmwarelatitude_rugged_7330chengming_3910_firmwarelatitude_7300_firmwarealienware_x15_r1_firmwarelatitude_5421inspiron_16_5630latitude_9420_firmwareinspiron_24_5420_all-in-onelatitude_5510optiplex_3000g7_17_7700inspiron_5401_aio_firmwareinspiron_24_5421_all-in-onevostro_5300_firmwarewyse_5470optiplex_5090_firmwarevostro_3501_firmwareinspiron_3593_firmwareoptiplex_7780_all-in-one_firmwarevostro_3710_firmwareinspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarealienware_x17_r1_firmwarelatitude_3310_2-in-1_firmwareg7_15_7500_firmwarelatitude_5320latitude_3330latitude_7410inspiron_3590_firmwarelatitude_5501_firmwareprecision_3571xps_13_7390_2-in-1optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411vostro_3020_sff_firmwarelatitude_12_rugged_extreme_7214precision_7760xps_17_9720_firmwareoptiplex_7450_firmwareinspiron_7306_2-in-1_firmwareoptiplex_7450vostro_3500_firmwareinspiron_3521_firmwarelatitude_7320_detachableg3_3579_firmwarelatitude_9520inspiron_5509latitude_3480_firmwarelatitude_3189_firmwarevostro_3520vostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_5498inspiron_7500_2-in-1_silver_firmwareinspiron_7591_firmwarelatitude_5290inspiron_5300inspiron_7706_2-in-1inspiron_5508latitude_5289_firmwareprecision_5550_firmwarechengming_3980_firmwareprecision_7670inspiron_5491_2-in-1inspiron_24_5420_all-in-one_firmwarelatitude_3120_firmwarelatitude_5590_firmwareinspiron_5590vostro_5490precision_7670_firmwareg15_5530inspiron_5301_firmwarevostro_3267g3_15_3590_firmwareinspiron_3671inspiron_5408_firmwareinspiron_5498_firmwareprecision_3571_firmwareprecision_5540vostro_5490_firmwarevostro_5620inspiron_3480latitude_3490optiplex_3000_thin_client_firmwareprecision_3930_rack_firmwarevostro_3710inspiron_3670latitude_5420inspiron_7300inspiron_3793_firmwareinspiron_5402_firmwareprecision_3430_tower_firmwareoptiplex_7400_firmwareprecision_7560_firmwarelatitude_3300_firmwarexps_15_9530_firmwarexps_17_9730_firmwarelatitude_7400_2-in-1precision_3640_towervostro_5510inspiron_3490precision_7770latitude_7210_2-in-1_firmwarelatitude_rugged_5430_firmwarexps_13_9310latitude_5510_firmwarevostro_3510_firmwareinspiron_3670_firmwareinspiron_5410_firmwarelatitude_7212_rugged_extreme_tabletinspiron_15_5510_firmwareinspiron_14_7430_2-in-1_firmwareinspiron_5408vostro_5410_firmwarevostro_5502_firmwareprecision_3540_firmwareinspiron_3482_firmwarexps_15_9530latitude_5289g3_3500_firmwarelatitude_7430precision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3080_firmwarelatitude_3410vostro_5402_firmwarelatitude_rugged_7220precision_3420_towerg5_15_5590inspiron_7700_all-in-one_firmwareinspiron_3881optiplex_7490_all-in-one_firmwarexps_13_9380latitude_5531latitude_7414_rugged_extremeprecision_3660_firmwareprecision_3420_tower_firmwarealienware_area_51m_r2chengming_3910vostro_3420inspiron_7500_2-in-1_silverlatitude_5490_firmwarelatitude_5591_firmwareinspiron_3501latitude_3140latitude_3500latitude_5310_firmwareoptiplex_5400_firmwarevostro_3070inspiron_3793inspiron_27_7720_all-in-oneprecision_3430_towerprecision_5520_firmwarealienware_m15_r6vostro_3890_firmwarechengming_3988xps_15_7590latitude_3300latitude_5580precision_3620_tower_firmwarevostro_5590precision_5540_firmwareinspiron_5401_firmwarevostro_5501xps_15_9520xps_8940_firmwareoptiplex_5490_all-in-onelatitude_3120latitude_rugged_7220_firmwareg15_5530_firmwareprecision_3560vostro_3480inspiron_5401_aiog5_15_5500optiplex_5260_all-in-one_firmwarelatitude_rugged_7220exinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareoptiplex_7410_all-in-one_firmwarevostro_3582_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_14_5430_firmwareinspiron_5598_firmwarevostro_3470optiplex_3070inspiron_3280vostro_3910_firmwarelatitude_7290_firmwareprecision_5770chengming_3911precision_7530vostro_7620inspiron_5391_firmwareinspiron_5502_firmwareinspiron_5320_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3490_firmwareinspiron_14_plus_7420_firmwareg15_5520inspiron_5409_firmwarexps_13_9380_firmwarelatitude_7490latitude_5288optiplex_7060_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwareg3_3779inspiron_5401optiplex_5250vostro_3582vostro_3667_firmwareprecision_7920_tower_firmwarevostro_5591_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28052
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.06%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 09:02
Updated-08 Nov, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_24_5410_all-in-onelatitude_5401vostro_5391_firmwareoptiplex_7770_all-in-onexps_15_9510_firmwareinspiron_3470inspiron_7300_firmwarelatitude_3520inspiron_13_5330precision_3561_firmwarevostro_3669xps_17_9710_firmwareoptiplex_tower_plus_7010_firmwareprecision_7770_firmwareprecision_7560inspiron_5590_firmwareg7_17_7790_firmwarelatitude_7380_firmwarevostro_3888xps_13_9315inspiron_5570inspiron_7490vostro_3888_firmwarelatitude_14_rugged_5414precision_7540wyse_7040_thin_clientinspiron_15_3511_firmwarewyse_5070latitude_9420inspiron_5490_firmwareprecision_5470_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080inspiron_5502latitude_5511inspiron_5620_firmwareinspiron_7501latitude_7390_2-in-1inspiron_7300_2-in-1chengming_3911_firmwareprecision_5530_2-in-1precision_5550xps_17_9700inspiron_16_7630_2-in-1alienware_x14_firmwareinspiron_3583precision_7720alienware_m17_r3_firmwarelatitude_5300vostro_3400alienware_x14g3_3500precision_5530_firmwareoptiplex_5050alienware_aurora_r11g5_15_5500_firmwarelatitude_7300inspiron_7710optiplex_7090precision_3620_towerg7_17_7700_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_5490_aio_firmwareinspiron_7000latitude_3420inspiron_3782latitude_3590_firmwarelatitude_7490_firmwarevostro_3020_talienware_m15_r2vostro_5491_firmwareprecision_5520latitude_5310_2-in-1_firmwareprecision_3570inspiron_7490_firmwareinspiron_5409xps_8950precision_5720_aiolatitude_7400latitude_5591optiplex_5270_all-in-one_firmwarexps_13_9320xps_8960_firmwarexps_13_9320_firmwareinspiron_3471inspiron_3511_firmwarelatitude_5531_firmwareoptiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwareinspiron_14_5410optiplex_7460_all-in-oneprecision_3570_firmwareoptiplex_5070latitude_3400precision_5770_firmwareinspiron_14_7430_2-in-1latitude_3420_firmwareg5_5000alienware_aurora_r15xps_15_9575_2-in-1inspiron_5491_2-in-1_firmwareoptiplex_3090_firmwareg15_5520_firmwarelatitude_3530vostro_3581_firmwareinspiron_7506_2-in-1_firmwarelatitude_7320_detachable_firmwarevostro_3581latitude_9410optiplex_7070vostro_3020_sffoptiplex_7080_firmwarevostro_16_5630latitude_5420_rugged_firmwareinspiron_3521inspiron_5491_aio_firmwarealienware_m16latitude_5310latitude_5530vostro_5391latitude_3301inspiron_5594latitude_5420_ruggedoptiplex_7090_ultra_firmwareoptiplex_7000_oemvostro_3268_firmwareinspiron_7000_firmwareg16_7620alienware_x15_r1precision_3450chengming_3900inspiron_5420latitude_7390_2-in-1_firmwareinspiron_5400latitude_7330_firmwarelatitude_7480_firmwarexps_15_9520_firmwarevostro_5591vostro_5090precision_5560latitude_3190inspiron_3510_firmwareinspiron_3020soptiplex_5400latitude_7430_firmwarelatitude_3330_firmwareinspiron_3881_firmwarelatitude_5488latitude_5521inspiron_3020_firmwarelatitude_7380optiplex_5480_all-in-one_firmwareprecision_3540alienware_aurora_r11_firmwarealienware_x17_r2_firmwareinspiron_3910inspiron_7510_firmwareprecision_5570_firmwareinspiron_3580_firmwareinspiron_3781_firmwareinspiron_7500_2-in-1_black_firmwarewyse_5070_firmwarevostro_3670_firmwareinspiron_3510inspiron_3280_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1precision_7520wyse_5470_all-in-one_firmwareprecision_7820_toweroptiplex_3090latitude_7290vostro_5410vostro_7620_firmwarelatitude_7212_rugged_extreme_tablet_firmwarealienware_area_51m_r1inspiron_16_7620_2-in-1inspiron_5402latitude_13_3380_firmwarelatitude_5430_firmwareinspiron_3582latitude_7230_rugged_extreme_tabletlatitude_7285_2-in-1_firmwarelatitude_7480precision_7540_firmwarevostro_3401_firmwareinspiron_7391_firmwarevostro_3881vostro_5401wyse_5470_firmwareinspiron_5593latitude_5420_firmwareprecision_3561optiplex_5000inspiron_5770alienware_m17_r2_firmwarelatitude_3580vostro_5300precision_5820_tower_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwarevostro_5301xps_15_9510inspiron_16_plus_7620inspiron_5481_2-in-1inspiron_3590latitude_7210_2-in-1optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarealienware_m15_r7_firmwarealienware_m15_r6_firmwareoptiplex_5270_all-in-oneoptiplex_xe3vostro_3584optiplex_7000_firmwarelatitude_3301_firmwarevostro_3481_firmwareinspiron_3502latitude_5491latitude_3140_firmwarelatitude_9520_firmwareprecision_5560_firmwarelatitude_5330vostro_3690_firmwarealienware_aurora_r12latitude_5520_firmwareoptiplex_5090inspiron_24_5410_all-in-one_firmwareoptiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarealienware_aurora_r15_firmwarelatitude_7280latitude_5400alienware_aurora_r13_firmwarelatitude_5410precision_7865_towerprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwareprecision_3551latitude_5401_firmwarealienware_m17_r3vostro_5491precision_5820_towerinspiron_3520precision_7730precision_3640_tower_firmwareinspiron_7610vostro_5301_firmwareg7_17_7790vostro_5890inspiron_5400_2-in-1optiplex_7770_all-in-one_firmwarelatitude_5400_firmwareinspiron_7610_firmwareinspiron_5400_2-in-1_firmwareg7_15_7590inspiron_7391alienware_m17_r4latitude_9330_firmwareinspiron_7700_all-in-onevostro_3671_firmwareprecision_3440latitude_rugged_7220ex_firmwareprecision_7510_firmwarevostro_5402optiplex_7090_ultrag5_5000_firmwareoptiplex_7470_all-in-oneoptiplex_5250_firmwarealienware_m15_r3_firmwareinspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwareinspiron_3781vostro_3690g16_7620_firmwareinspiron_5300_firmwareprecision_3460_small_form_factor_firmwareoptiplex_7000_oem_firmwarelatitude_7530optiplex_3050_firmwareoptiplex_7490_all-in-onevostro_7500alienware_m15_r7inspiron_7590_firmwareinspiron_7791_firmwareprecision_7740_firmwarelatitude_7285_2-in-1alienware_m15_r2_firmwarelatitude_7389vostro_3681precision_7920_towerinspiron_5570_firmwarelatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530inspiron_3582_firmwarelatitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593optiplex_7070_ultrainspiron_15_5518_firmwareprecision_7740optiplex_tower_plus_7010inspiron_3481_firmwareprecision_5530latitude_7310_firmwareoptiplex_3000_thin_clientinspiron_7306_2-in-1latitude_7530_firmwareinspiron_3790_firmwareinspiron_3584_firmwareoptiplex_3050_all-in-onelatitude_9510optiplex_3280_all-in-onexps_13_7390_firmwarexps_13_9310_firmwareinspiron_3583_firmwareinspiron_5770_firmwareprecision_5760_firmwarelatitude_3180_firmwarevostro_3420_firmwarevostro_3681_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarevostro_5890_firmwareinspiron_3910_firmwareinspiron_5406_2-in-1precision_7760_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwareinspiron_3511vostro_3668xps_13_9305_firmwareinspiron_5410optiplex_7760_all-in-onelatitude_7280_firmwarevostro_5502vostro_3670latitude_5280inspiron_7420_firmwareoptiplex_7780_all-in-oneinspiron_5490inspiron_3501_firmwareinspiron_27_7720_all-in-one_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5481_2-in-1_firmwarelatitude_5480_firmwareprecision_3930_rackprecision_7865_tower_firmwarexps_17_9720vostro_3490inspiron_5391g5_15_5590_firmwareinspiron_5598inspiron_3482inspiron_14_plus_7420latitude_5320_firmwareg7_15_7590_firmwareoptiplex_3080xps_13_9315_firmwarelatitude_3480inspiron_3782_firmwarexps_13_9300_firmwareprecision_5750alienware_m15_r4latitude_rugged_5430precision_5570vostro_3671inspiron_7591latitude_7310inspiron_14_5410_firmwareinspiron_7790inspiron_5420_firmwarelatitude_5421_firmwareinspiron_7500inspiron_7790_firmwareg15_5511inspiron_5620precision_5760vostro_3584_firmwarealienware_m16_firmwarelatitude_3390_2-in-1_firmwarechengming_3990_firmwareoptiplex_7480_all-in-oneprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwarelatitude_9430optiplex_7070_ultra_firmwarevostro_3400_firmwarevostro_5310_firmwareoptiplex_7060latitude_5290_firmwarelatitude_7424_rugged_extremeinspiron_7710_firmwareoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390vostro_3500g3_15_3590precision_3240_compactxps_13_9315_2-in-1alienware_aurora_r12_firmwarelatitude_3520_firmwareinspiron_5490_aiolatitude_5285_2-in-1_firmwarechengming_3991_firmwareinspiron_16_7630_2-in-1_firmwareprecision_7510vostro_3401vostro_3480_firmwarevostro_7590_firmwareinspiron_14_5418inspiron_7400latitude_9430_firmwareprecision_3650_tower_firmwarelatitude_7389_firmwareoptiplex_7470_all-in-one_firmwarevostro_3510precision_3630_tower_firmwarexps_13_9310_2-in-1inspiron_3581inspiron_5400_firmwarelatitude_5424_ruggedlatitude_5488_firmwareoptiplex_7760_all-in-one_firmwareinspiron_7500_firmwareprecision_3541_firmwareinspiron_5591_2-in-1latitude_7330alienware_x15_r2inspiron_7506_2-in-1latitude_5330_firmwareprecision_3650_towervostro_3881_firmwarevostro_3490_firmwarelatitude_7200_2-in-1latitude_5511_firmwarelatitude_3430_firmwareinspiron_5493optiplex_7410_all-in-oneprecision_3550inspiron_3891_firmwareoptiplex_3090_ultra_firmwarexps_13_7390_2-in-1_firmwareoptiplex_5070_firmwarealienware_aurora_r13inspiron_5501latitude_3390_2-in-1latitude_3310_2-in-1vostro_5501_firmwareoptiplex_3090_ultralatitude_5490vostro_5620_firmwarealienware_m17_r2inspiron_3520_firmwarevostro_3070_firmwareprecision_5720_aio_firmwareinspiron_3020latitude_3190_2-in-1optiplex_7071vostro_3481optiplex_3000_firmwareinspiron_3891xps_13_9305vostro_5310latitude_9410_firmwarevostro_7590latitude_5280_firmwarelatitude_3180inspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwareinspiron_13_5330_firmwarelatitude_12_rugged_extreme_7214_firmwarelatitude_5300_2-in-1latitude_7424_rugged_extreme_firmwareoptiplex_7090_firmwareoptiplex_3070_firmwarevostro_3020_t_firmwareg15_5511_firmwarelatitude_7410_firmwarevostro_3667alienware_x15_r2_firmwareprecision_3660optiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1vostro_3910inspiron_5491_aioinspiron_3780inspiron_14_5418_firmwarelatitude_7230_rugged_extreme_tablet_firmwarelatitude_rugged_7330_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarelatitude_5430vostro_5090_firmwarexps_13_7390latitude_3530_firmwarelatitude_3400_firmwarevostro_3890latitude_3510chengming_3901_firmwareprecision_3560_firmwareinspiron_3502_firmwareprecision_3520vostro_5401_firmwareinspiron_3880_firmwareinspiron_5310_firmwareinspiron_5501_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareg7_15_7500optiplex_5080_firmwareinspiron_14_5430inspiron_5493_firmwarevostro_3471xps_17_9700_firmwareinspiron_3480_firmwareinspiron_5320alienware_m15_r3vostro_3520_firmwarelatitude_5530_firmwareprecision_5470optiplex_5060_firmwareinspiron_16_5630_firmwareoptiplex_3050_all-in-one_firmwarevostro_16_5630_firmwarevostro_3590optiplex_small_form_factor_plus_7010inspiron_15_5510vostro_5590_firmwareinspiron_16_plus_7620_firmwareprecision_7530_firmwarealienware_m17_r4_firmwarealienware_x17_r1inspiron_3790optiplex_7000chengming_3901vostro_3583_firmwarelatitude_3190_firmwareinspiron_5494optiplex_7460_all-in-one_firmwarexps_8960g3_3779_firmwarexps_13_9300xps_15_9500latitude_5500inspiron_5508_firmwarelatitude_3500_firmwarechengming_3900_firmwarechengming_3991latitude_5288_firmwareinspiron_7501_firmwareinspiron_7500_2-in-1_blackxps_8950_firmwareg15_5510_firmwarevostro_7510_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwarevostro_7510inspiron_7791latitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590vostro_3501vostro_5320_firmwareprecision_3450_firmwarechengming_3990precision_3460_small_form_factorinspiron_5301inspiron_7420vostro_3583alienware_x17_r2latitude_5491_firmwarevostro_5880_firmwarexps_17_9710inspiron_3493optiplex_7400precision_5750_firmwareoptiplex_small_form_factor_plus_7010_firmwareoptiplex_3060optiplex_5060latitude_5285_2-in-1optiplex_5000_firmwarechengming_3988_firmwareinspiron_3584latitude_5520latitude_3410_firmwarewyse_5470_all-in-oneinspiron_7510inspiron_7400_firmwareprecision_3530_firmwarelatitude_3320xps_13_9310_2-in-1_firmwarelatitude_5580_firmwarevostro_5320xps_13_9315_2-in-1_firmwarelatitude_3189xps_15_9575_2-in-1_firmwarevostro_3580latitude_13_3380inspiron_24_5421_all-in-one_firmwarelatitude_3430embedded_box_pc_5000inspiron_3020s_firmwarelatitude_3320_firmwareinspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579optiplex_5490_all-in-one_firmwareoptiplex_7080g15_5510inspiron_15_5518alienware_area_51m_r2_firmwarevostro_7500_firmwarealienware_m15_r4_firmwarexps_17_9730latitude_9330inspiron_16_7620_2-in-1_firmwarelatitude_5480inspiron_15_3511inspiron_5310vostro_5510_firmwarelatitude_14_rugged_5414_firmwarelatitude_5424_rugged_firmwarelatitude_rugged_7330chengming_3910_firmwarelatitude_7300_firmwarealienware_x15_r1_firmwarelatitude_5421inspiron_16_5630latitude_9420_firmwareinspiron_24_5420_all-in-onelatitude_5510optiplex_3000g7_17_7700inspiron_5401_aio_firmwareinspiron_24_5421_all-in-onevostro_5300_firmwarewyse_5470optiplex_5090_firmwarevostro_3501_firmwareinspiron_3593_firmwareoptiplex_7780_all-in-one_firmwarevostro_3710_firmwareinspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarealienware_x17_r1_firmwarelatitude_3310_2-in-1_firmwareg7_15_7500_firmwarelatitude_5320latitude_3330latitude_7410inspiron_3590_firmwarelatitude_5501_firmwareprecision_3571xps_13_7390_2-in-1optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411vostro_3020_sff_firmwarelatitude_12_rugged_extreme_7214precision_7760xps_17_9720_firmwareoptiplex_7450_firmwareinspiron_7306_2-in-1_firmwareoptiplex_7450vostro_3500_firmwareinspiron_3521_firmwarelatitude_7320_detachableg3_3579_firmwarelatitude_9520inspiron_5509latitude_3480_firmwarelatitude_3189_firmwarevostro_3520vostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_5498inspiron_7500_2-in-1_silver_firmwareinspiron_7591_firmwarelatitude_5290inspiron_5300inspiron_7706_2-in-1inspiron_5508latitude_5289_firmwareprecision_5550_firmwarechengming_3980_firmwareprecision_7670inspiron_5491_2-in-1inspiron_24_5420_all-in-one_firmwarelatitude_3120_firmwarelatitude_5590_firmwareinspiron_5590vostro_5490precision_7670_firmwareg15_5530inspiron_5301_firmwarevostro_3267g3_15_3590_firmwareinspiron_3671inspiron_5408_firmwareinspiron_5498_firmwareprecision_3571_firmwareprecision_5540vostro_5490_firmwarevostro_5620inspiron_3480latitude_3490optiplex_3000_thin_client_firmwareprecision_3930_rack_firmwarevostro_3710inspiron_3670latitude_5420inspiron_7300inspiron_3793_firmwareinspiron_5402_firmwareprecision_3430_tower_firmwareoptiplex_7400_firmwareprecision_7560_firmwarelatitude_3300_firmwarexps_15_9530_firmwarexps_17_9730_firmwarelatitude_7400_2-in-1precision_3640_towervostro_5510inspiron_3490precision_7770latitude_7210_2-in-1_firmwarelatitude_rugged_5430_firmwarexps_13_9310latitude_5510_firmwarevostro_3510_firmwareinspiron_3670_firmwareinspiron_5410_firmwarelatitude_7212_rugged_extreme_tabletinspiron_15_5510_firmwareinspiron_14_7430_2-in-1_firmwareinspiron_5408vostro_5410_firmwarevostro_5502_firmwareprecision_3540_firmwareinspiron_3482_firmwarexps_15_9530latitude_5289g3_3500_firmwarelatitude_7430precision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3080_firmwarelatitude_3410vostro_5402_firmwarelatitude_rugged_7220precision_3420_towerg5_15_5590inspiron_7700_all-in-one_firmwareinspiron_3881optiplex_7490_all-in-one_firmwarexps_13_9380latitude_5531latitude_7414_rugged_extremeprecision_3660_firmwareprecision_3420_tower_firmwarealienware_area_51m_r2chengming_3910vostro_3420inspiron_7500_2-in-1_silverlatitude_5490_firmwarelatitude_5591_firmwareinspiron_3501latitude_3140latitude_3500latitude_5310_firmwareoptiplex_5400_firmwarevostro_3070inspiron_3793inspiron_27_7720_all-in-oneprecision_3430_towerprecision_5520_firmwarealienware_m15_r6vostro_3890_firmwarechengming_3988xps_15_7590latitude_3300latitude_5580precision_3620_tower_firmwarevostro_5590precision_5540_firmwareinspiron_5401_firmwarevostro_5501xps_15_9520xps_8940_firmwareoptiplex_5490_all-in-onelatitude_3120latitude_rugged_7220_firmwareg15_5530_firmwareprecision_3560vostro_3480inspiron_5401_aiog5_15_5500optiplex_5260_all-in-one_firmwarelatitude_rugged_7220exinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareoptiplex_7410_all-in-one_firmwarevostro_3582_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_14_5430_firmwareinspiron_5598_firmwarevostro_3470optiplex_3070inspiron_3280vostro_3910_firmwarelatitude_7290_firmwareprecision_5770chengming_3911precision_7530vostro_7620inspiron_5391_firmwareinspiron_5502_firmwareinspiron_5320_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3490_firmwareinspiron_14_plus_7420_firmwareg15_5520inspiron_5409_firmwarexps_13_9380_firmwarelatitude_7490latitude_5288optiplex_7060_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwareg3_3779inspiron_5401optiplex_5250vostro_3582vostro_3667_firmwareprecision_7920_tower_firmwarevostro_5591_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-48189
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.52%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 14:39
Updated-09 Sep, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t14sthinkpad_x13_yoga_gen_1thinkpad_p17_gen_1thinkpad_e490thinkpad_e590_firmwarethinkpad_thinkpad_r14_gen_2_firmwarethinkpad_t490thinkpad_p16_gen_1thinkpad_p73_firmwarethinkpad_t590thinkpad_x1_extreme_gen_5_firmwarethinkpad_p53thinkpad_x1_carbon_9th_gen_firmwarethinkpad_x1_yoga_5th_genthinkpad_z16_gen_1_firmwarethinkpad_x1_carbon_8th_gen_firmwarethinkpad_x12_detachable_gen_1_firmwarethinkpad_l590thinkpad_p14s_gen_3_firmwarethinkpad_x1_carbon_9th_genthinkpad_t14_gen_3thinkpad_x1_carbon_7th_genthinkpad_x1_extreme_4th_gen_firmwarethinkpad_l15_gen_3_firmwarethinkpad_x1_carbon_7th_gen_firmwarethinkpad_t15p_gen_2_firmwarethinkpad_p15v_gen_3thinkpad_x390_firmwarethinkpad_x13_gen_3_firmwarethinkpad_x1_yoga_6th_genthinkpad_t15p_gen_2thinkpad_e14_gen_4thinkpad_e15_firmwarethinkpad_l13_gen_3_firmwarethinkpad_t14_gen_2_firmwarethinkpad_x13thinkpad_t14s_firmwarethinkpad_p15_gen_2_firmwarethinkpad_t14s_gen_3_firmwarethinkpad_e14_gen_2thinkpad_x390thinkpad_z13_gen_1_firmwarethinkpad_e15_gen_4thinkpad_t15g_gen_1thinkpad_x1_yoga_6th_gen_firmwarethinkpad_p15s_gen_1_firmwarethinkpad_x1_extreme_2nd_genthinkpad_x13_yoga_gen_1_firmwarethinkpad_e14_gen_4_firmwarethinkpad_z13_gen_1thinkpad_l15_gen_2thinkpad_t490_firmwarethinkpad_x390_yoga_firmwarethinkpad_p14s_gen_3thinkpad_p15v_gen_1thinkpad_t15_firmwarethinkpad_t590_firmwarethinkpad_p17_gen_2_firmwarethinkpad_x1_yoga_7th_gen_firmwarethinkpad_t15p_gen_1_firmwarethinkpad_x1_yoga_7th_genthinkpad_l490_firmwarethinkpad_x1_extreme_4th_genthinkpad_thinkpad_r14_gen_4thinkpad_l13_yoga_gen_3_firmwarethinkpad_p1_gen_2_firmwarethinkpad_p15v_gen_2thinkpad_t15g_gen_2_firmwarethinkpad_l13_gen_3thinkpad_x13_firmwarethinkpad_x1_carbon_8th_genthinkpad_x13_gen_2thinkpad_t15p_gen_1thinkpad_l15_gen_2_firmwarethinkpad_t14s_gen_3thinkpad_e590thinkpad_e490sthinkpad_x1_nano_gen_1thinkpad_p15_gen_1_firmwarethinkpad_t15thinkpad_x1_extreme_3rd_gen_firmwarethinkpad_x1_extreme_3rd_genthinkpad_p14s_gen_2_firmwarethinkpad_t15g_gen_1_firmwarethinkpad_x1_nano_gen_2thinkpad_x1_yoga_4th_genthinkpad_p15s_gen_1thinkpad_x13_yoga_gen_3thinkpad_t14s_gen_2thinkpad_x13_gen_3thinkpad_thinkpad_s3_2nd_gen_firmwarethinkpad_e15thinkpad_p53sthinkpad_p17_gen_2thinkpad_e15_gen_4_firmwarethinkpad_t15p_gen_3_firmwarethinkpad_x13_yoga_gen_2thinkpad_t15p_gen_3thinkpad_x390_yogathinkpad_e14thinkpad_l15_gen_3thinkpad_x1_extreme_gen_5thinkpad_t16_gen_1_firmwarethinkpad_p14s_gen_1thinkpad_p43sthinkpad_x1_yoga_4th_gen_firmwarethinkpad_l14_firmwarethinkpad_t490s_firmwarethinkpad_t14_gen_2thinkpad_p14s_gen_1_firmwarethinkpad_t15g_gen_2thinkpad_p1_gen_3thinkpad_p16s_gen_1thinkpad_l13_yoga_gen_3thinkpad_e490s_firmwarethinkpad_thinkpad_r14_gen_4_firmwarethinkpad_x1_titanium_firmwarethinkpad_p1_gen_2thinkpad_x13_yoga_gen_2_firmwarethinkpad_t14s_gen_2_firmwarethinkpad_p1_gen_5thinkpad_thinkpad_s3_2nd_genthinkpad_z16_gen_1thinkpad_x13_gen_2_firmwarethinkpad_e490_firmwarethinkpad_e14_gen_2_firmwarethinkpad_p17_gen_1_firmwarethinkpad_p15s_gen_2_firmwarethinkpad_p53_firmwarethinkpad_t15_gen_2_firmwarethinkpad_x1_nano_gen_2_firmwarethinkpad_p15v_gen_2_firmwarethinkpad_p16_gen_1_firmwarethinkpad_l15_firmwarethinkpad_x12_detachable_gen_1thinkpad_p1_gen_3_firmwarethinkpad_p15_gen_2thinkpad_l490thinkpad_thinkpad_r14_gen_2thinkpad_l14thinkpad_t490sthinkpad_p73thinkpad_l590_firmwarethinkpad_p1_gen_5_firmwarethinkpad_x1_carbon_10th_genthinkpad_e15_gen_2_firmwarethinkpad_x1_extreme_2nd_gen_firmwarethinkpad_e15_gen_2thinkpad_l15thinkpad_t14_gen_1thinkpad_t15_gen_2thinkpad_x1_titaniumthinkpad_t16_gen_1thinkpad_t14_gen_1_firmwarethinkpad_e14_firmwarethinkpad_p1_gen_4_firmwarethinkpad_x1_nano_gen_1_firmwarethinkpad_t14_gen_3_firmwarethinkpad_p14s_gen_2thinkpad_x1_yoga_5th_gen_firmwarethinkpad_p15s_gen_2thinkpad_p53s_firmwarethinkpad_p15v_gen_1_firmwarethinkpad_p15_gen_1thinkpad_x13_yoga_gen_3_firmwarethinkpad_x1_carbon_10th_gen_firmwarethinkpad_p16s_gen_1_firmwarethinkpad_p15v_gen_3_firmwarethinkpad_p43s_firmwarethinkpad_p1_gen_4ThinkPad BIOSthinkpad
CWE ID-CWE-20
Improper Input Validation
CVE-2022-46372
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.2||HIGH
EPSS-0.06% / 17.79%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Alotcer - AR7088H-A Authenticated Command execution

Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution.

Action-Not Available
Vendor-alotceriotAlotcer
Product-ar7088h-aar7088h-a_firmwareAR7088H-A
CWE ID-CWE-20
Improper Input Validation
CVE-2024-6333
Matching Score-4
Assigner-Xerox Corporation
ShareView Details
Matching Score-4
Assigner-Xerox Corporation
CVSS Score-7.2||HIGH
EPSS-1.31% / 79.03%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 13:51
Updated-29 Oct, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.

Action-Not Available
Vendor-Xerox Corporation
Product-WorkCentre 3655/3655iXerox® EC8036 / EC8056VersaLink® B625 / C625 | B425 / C425 Common Criteria Certified (2024)Xerox® EC8036 / EC8056 - Common Criteria (June 2024)WorkCentre EC7856AltaLink® C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023)AltaLink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807WorkCentre 7845/7855iWorkCentre 7220/7225iWorkCentre 5945/55iWorkCentre 6655/6655iXerox® EC8036 / EC8056 - Common Criteria (June 2022)WorkCentre 7845/7855 (IBG)AltaLink®C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (Aug 2024)WorkCentre 7830/7835iWorkCentre EC7836WorkCentre 7970/7970iversalink_firmwarexerox_firmwareworkcentre_firmwarealtalink_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2024-55567
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.17%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 00:00
Updated-20 Aug, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-insydeh2on/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-4573
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.01%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 14:34
Updated-06 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x1_fold_gen_1thinkpad_x1_fold_gen_1_firmwareThinkPad X1 Fold Gen 1thinkpad_x1_fold_gen_1
CWE ID-CWE-20
Improper Input Validation
CVE-2022-4574
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.23%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 14:36
Updated-09 Sep, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.  

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t14sthinkpad_x13_yoga_gen_1thinkpad_p17_gen_1thinkpad_x1_fold_gen_1thinkpad_p17_gen_2thinkpad_t15p_gen_3_firmwarethinkpad_x13_yoga_gen_2thinkpad_p16_gen_1thinkpad_x1_extreme_gen_5_firmwarethinkpad_t15p_gen_3thinkpad_x1_carbon_9th_gen_firmwarethinkpad_x1_yoga_5th_genthinkpad_x1_carbon_8th_gen_firmwarethinkpad_x1_carbon_9th_genthinkpad_p14s_gen_3_firmwarethinkpad_x1_extreme_gen_5thinkpad_t16_gen_1_firmwarethinkpad_t14_gen_3thinkpad_x1_carbon_7th_genthinkpad_p14s_gen_1thinkpad_x1_yoga_4th_gen_firmwarethinkpad_x1_extreme_4th_gen_firmwarethinkpad_x1_carbon_7th_gen_firmwarethinkpad_t15p_gen_2_firmwarethinkpad_l14_firmwarethinkpad_t14_gen_2thinkpad_p15v_gen_3thinkpad_x13_gen_3_firmwarethinkpad_p14s_gen_1_firmwarethinkpad_x1_yoga_6th_genthinkpad_t15p_gen_2thinkpad_t15g_gen_2thinkpad_p1_gen_3thinkpad_l14_gen_2thinkpad_x13thinkpad_t14_gen_2_firmwarethinkpad_p16s_gen_1thinkpad_t14s_firmwarethinkpad_p15_gen_2_firmwarethinkpad_x1_titanium_firmwarethinkpad_t14s_gen_3_firmwarethinkpad_x13_yoga_gen_2_firmwarethinkpad_t14s_gen_2_firmwarethinkpad_p1_gen_5thinkpad_t15g_gen_1thinkpad_x1_yoga_6th_gen_firmwarethinkpad_p15s_gen_1_firmwarethinkpad_x13_yoga_gen_1_firmwarethinkpad_x13_gen_2_firmwarethinkpad_l15_gen_2thinkpad_p17_gen_1_firmwarethinkpad_p15v_gen_1thinkpad_p14s_gen_3thinkpad_t15_gen_2_firmwarethinkpad_p15s_gen_2_firmwarethinkpad_x1_nano_gen_2_firmwarethinkpad_x1_yoga_7th_gen_firmwarethinkpad_p17_gen_2_firmwarethinkpad_p15v_gen_2_firmwarethinkpad_p16_gen_1_firmwarethinkpad_t15p_gen_1_firmwarethinkpad_x1_yoga_7th_genthinkpad_l15_firmwarethinkpad_x1_extreme_4th_genthinkpad_p15_gen_2thinkpad_p1_gen_3_firmwarethinkpad_p15v_gen_2thinkpad_t15g_gen_2_firmwarethinkpad_x13_firmwarethinkpad_x1_fold_gen_1_firmwarethinkpad_l14thinkpad_x1_carbon_8th_genthinkpad_x13_gen_2thinkpad_t15p_gen_1thinkpad_p1_gen_5_firmwarethinkpad_x1_carbon_10th_genthinkpad_l15_gen_2_firmwarethinkpad_l14_gen_2_firmwarethinkpad_t14s_gen_3thinkpad_l15thinkpad_t14_gen_1thinkpad_t15_gen_2thinkpad_x1_titaniumthinkpad_t16_gen_1thinkpad_t14_gen_1_firmwarethinkpad_p1_gen_4_firmwarethinkpad_x1_nano_gen_1thinkpad_x1_nano_gen_1_firmwarethinkpad_t14_gen_3_firmwarethinkpad_p15_gen_1_firmwarethinkpad_x1_extreme_3rd_gen_firmwarethinkpad_x1_yoga_5th_gen_firmwarethinkpad_x1_extreme_3rd_genthinkpad_p14s_gen_2thinkpad_p15s_gen_2thinkpad_p15v_gen_1_firmwarethinkpad_p15_gen_1thinkpad_x1_yoga_4th_genthinkpad_t15g_gen_1_firmwarethinkpad_x1_nano_gen_2thinkpad_p14s_gen_2_firmwarethinkpad_p15s_gen_1thinkpad_x1_carbon_10th_gen_firmwarethinkpad_p16s_gen_1_firmwarethinkpad_p15v_gen_3_firmwarethinkpad_t14s_gen_2thinkpad_p1_gen_4thinkpad_x13_gen_3ThinkPad BIOSthinkpad
CWE ID-CWE-20
Improper Input Validation
CVE-2024-49774
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-0.22% / 44.18%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 18:37
Updated-13 Nov, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ModuleScanner flaws in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses token_get_all to parse PHP scripts and check the resulted AST against blacklists. But it doesn't take into account all scenarios. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-SalesAgility Ltd.
Product-suitecrmSuiteCRMsuitecrm
CWE ID-CWE-20
Improper Input Validation
CVE-2024-47238
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.14%
||
7 Day CHG-0.00%
Published-12 Dec, 2024 | 17:38
Updated-04 Feb, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-edge_gateway_3000embedded_box_pc_3000_firmwareedge_gateway_3003edge_gateway_5100_firmwareedge_gateway_5100embedded_box_pc_3000edge_gateway_3002_firmwareedge_gateway_3003_firmwareedge_gateway_3002edge_gateway_3001_firmwareedge_gateway_3200_firmwareedge_gateway_3001edge_gateway_3000_firmwareedge_gateway_5000_firmwareedge_gateway_3200edge_gateway_5000Dell Client Platform BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2019-19902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.61% / 68.89%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 05:03
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to potentially be uploaded to the server. This issue is mitigated by the fact that the attacker would be required to have the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other measures in the product prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.

Action-Not Available
Vendor-backdropcmsn/a
Product-backdrop_cmsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43863
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.13%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 21:25
Updated-25 Feb, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar SIEM privilege escalation

IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-41167
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.7||HIGH
EPSS-0.03% / 6.88%
||
7 Day CHG-0.00%
Published-13 Nov, 2024 | 21:10
Updated-19 Nov, 2024 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-m10jnp2sb_firmwarem10jnp2sbIntel(R) Server Board M10JNP2SB Familym10jnp2sb_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2024-40518
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.17% / 77.82%
||
7 Day CHG-0.59%
Published-12 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 04:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.

Action-Not Available
Vendor-seacmsn/aseacms
Product-seacmsn/aseacms
CWE ID-CWE-20
Improper Input Validation
CVE-2022-42500
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OEM_OnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701389References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38483
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.8||MEDIUM
EPSS-0.03% / 5.22%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 09:24
Updated-18 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5480latitude_7280_firmwarelatitude_5280latitude_5420_rugged_firmwarelatitude_7212_rugged_extreme_tabletlatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwarewyse_7040_thin_client_firmwarelatitude_5420_ruggedoptiplex_7450_all-in-one_firmwarelatitude_7414_rugged_firmwarelatitude_5480_firmwarelatitude_7380_firmwarelatitude_7390_2-in-1_firmwarelatitude_7480_firmwarelatitude_5400_firmwarewyse_7040_thin_clientlatitude_5288_firmwarelatitude_3390_2-in-1precision_3420latitude_5490latitude_5590latitude_7390_2-in-1precision_5530_2-in-1precision_5530_2-in-1_firmwareprecision_3420_tower_firmwarelatitude_5290_2-in-1_firmwarelatitude_5488latitude_5490_firmwareprecision_7720latitude_7380optiplex_7450_all-in-oneprecision_5520_firmwarelatitude_5280_firmwarelatitude_12_rugged_extreme_7214_firmwarelatitude_7424_rugged_extreme_firmwarelatitude_12_rugged_extreme_7214optiplex_5050optiplex_3050_firmwarelatitude_3300latitude_5580precision_7520latitude_5290_2-in-1latitude_3390_2-in-1_firmwareprecision_3620_towerlatitude_7285_2-in-1latitude_7414_ruggedprecision_7720_firmwarelatitude_7290precision_3520_firmwarelatitude_7212_rugged_extreme_tablet_firmwarelatitude_13_3380_firmwarelatitude_7490_firmwarelatitude_7480latitude_7285_2-in-1_firmwarelatitude_7390_firmwarelatitude_5290latitude_7424_rugged_extremeprecision_5520latitude_5290_firmwarelatitude_5414_ruggedlatitude_5590_firmwarelatitude_7390precision_3520latitude_7290_firmwarelatitude_5580_firmwarelatitude_5424_ruggedoptiplex_5050_firmwareprecision_7520_firmwareoptiplex_3050optiplex_3050_all-in-onelatitude_13_3380embedded_box_pc_5000_firmwareprecision_3620_firmwareembedded_box_pc_5000latitude_7490latitude_5288optiplex_3050_all-in-one_firmwarelatitude_3300_firmwarelatitude_7280latitude_5488_firmwarelatitude_5400Dell Client Platform BIOSwyse_7040_thin_client_firmwareprecision_3420_tower_firmwareprecision_3620_tower_firmwarelatitude_5290_2-in-1_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2024-37373
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.2||HIGH
EPSS-2.77% / 85.49%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 02:38
Updated-16 Aug, 2024 | 04:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-20
Improper Input Validation
CVE-2022-38123
Matching Score-4
Assigner-Secomea A/S
ShareView Details
Matching Score-4
Assigner-Secomea A/S
CVSS Score-8.7||HIGH
EPSS-0.15% / 35.87%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 15:58
Updated-23 Apr, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient validation of plugin files

Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.

Action-Not Available
Vendor-Secomea A/S
Product-gatemanagerGateManager
CWE ID-CWE-20
Improper Input Validation
CVE-2024-36482
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.96%
||
7 Day CHG-0.01%
Published-13 Nov, 2024 | 21:11
Updated-04 Feb, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-computing_improvement_programIntel(R) CIP softwarecip_software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-24571
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.84%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 09:55
Updated-26 Feb, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-embedded_box_pc_3000_firmwareembedded_box_pc_3000Embedded Box PC 3000 , CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-37336
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.9||HIGH
EPSS-0.02% / 4.44%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-02 Oct, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_10_performance_kit_nuc10i3fnhfnuc_10_performance_kit_nuc10i5fnhj_firmwarenuc_10_performance_kit_nuc10i3fnk_firmwarenuc_10_performance_kit_nuc10i7fnh_firmwarenuc_10_performance_kit_nuc10i7fnkn_firmwarenuc_10_performance_kit_nuc10i7fnhc_firmwarenuc_10_performance_mini_pc_nuc10i3fnhja_firmwarenuc_10_performance_kit_nuc10i7fnhnuc_10_performance_kit_nuc10i5fnhf_firmwarenuc_10_performance_mini_pc_nuc10i5fnhcanuc_10_performance_kit_nuc10i5fnhnuc_10_performance_kit_nuc10i7fnk_firmwarenuc_10_performance_kit_nuc10i5fnk_firmwarenuc_10_performance_kit_nuc10i3fnknuc_10_performance_kit_nuc10i7fnhnnuc_10_performance_mini_pc_nuc10i5fnkpanuc_10_performance_kit_nuc10i7fnknnuc_10_performance_kit_nuc10i5fnhjnuc_10_performance_mini_pc_nuc10i7fnhaanuc_10_performance_kit_nuc10i5fnh_firmwarenuc_10_performance_kit_nuc10i5fnhfnuc_10_performance_kit_nuc10i5fnkp_firmwarenuc_10_performance_kit_nuc10i5fnkpnuc_10_performance_kit_nuc10i5fnhnnuc_10_performance_mini_pc_nuc10i7fnkpa_firmwarenuc_10_performance_kit_nuc10i3fnhnuc_10_performance_mini_pc_nuc10i7fnhja_firmwarenuc_10_performance_mini_pc_nuc10i7fnkpanuc_10_performance_kit_nuc10i3fnhn_firmwarenuc_10_performance_mini_pc_nuc10i5fnhca_firmwarenuc_10_performance_mini_pc_nuc10i3fnhjanuc_10_performance_kit_nuc10i5fnknuc_10_performance_kit_nuc10i7fnkpnuc_10_performance_kit_nuc10i3fnhnnuc_10_performance_mini_pc_nuc10i7fnhjanuc_10_performance_kit_nuc10i7fnkp_firmwarenuc_10_performance_kit_nuc10i3fnhf_firmwarenuc_10_performance_mini_pc_nuc10i3fnhfa_firmwarenuc_10_performance_kit_nuc10i7fnhcnuc_10_performance_mini_pc_nuc10i7fnhaa_firmwarenuc_10_performance_kit_nuc10i7fnhn_firmwarenuc_10_performance_kit_nuc10i3fnh_firmwarenuc_10_performance_kit_nuc10i7fnknuc_10_performance_mini_pc_nuc10i5fnhjanuc_10_performance_mini_pc_nuc10i5fnkpa_firmwarenuc_10_performance_kit_nuc10i5fnknnuc_10_performance_mini_pc_nuc10i3fnhfanuc_10_performance_kit_nuc10i3fnkn_firmwarenuc_10_performance_mini_pc_nuc10i5fnhja_firmwarenuc_10_performance_kit_nuc10i5fnkn_firmwarenuc_10_performance_kit_nuc10i5fnhn_firmwarenuc_10_performance_kit_nuc10i3fnknIntel(R) NUC
CWE ID-CWE-20
Improper Input Validation
CVE-2024-0158
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 13.23%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 06:20
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_24_5410_all-in-onelatitude_5401optiplex_7770_all-in-onexps_15_9510_firmwareinspiron_7300_firmwarelatitude_3520alienware_m18_r2inspiron_13_5330precision_3561_firmwareinspiron_3030sxps_17_9710_firmwareoptiplex_tower_plus_7010_firmwareprecision_7770_firmwareprecision_7560vostro_14_3440inspiron_14_plus_7430alienware_x14_r2latitude_7380_firmwareoptiplex_all-in-one_7410_firmwarevostro_3888xps_13_9315inspiron_7490vostro_3888_firmwareoptiplex_5090_small_form_factor_firmwareprecision_7540wyse_7040_thin_clientvostro_3030s_firmwareinspiron_15_3511_firmwarewyse_5070latitude_9420alienware_x16_r1precision_5470_firmwarelatitude_5590optiplex_5080inspiron_5502latitude_5511latitude_7390_2-in-1inspiron_7501optiplex_xe4_tower_firmwareprecision_5530_2-in-1chengming_3911_firmwareprecision_5550vostro_14_3430_firmwarexps_17_9700inspiron_16_7630_2-in-1optiplex_3000_microoptiplex_7000_microprecision_7720latitude_5300vostro_3400latitude_3380_firmwareg3_3500optiplex_3000_tower_firmwareprecision_5530_firmwareoptiplex_5050optiplex_micro_7010_firmwarelatitude_7320latitude_7300alienware_m18_r1precision_3620_towerprecision_3431_toweroptiplex_3060_firmwarelatitude_3420latitude_7490_firmwareoptiplex_tower_7010precision_5520latitude_5310_2-in-1_firmwareprecision_3570inspiron_7490_firmwareinspiron_5409latitude_7400latitude_5591optiplex_5270_all-in-one_firmwarelatitude_5430_ruggedlatitude_5531_firmwareoptiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwarealienware_x16_r2inspiron_14_5410precision_3570_firmwareoptiplex_5070latitude_3400precision_5770_firmwareinspiron_14_7430_2-in-1latitude_3420_firmwareg5_5000vostro_14_5410precision_5480inspiron_14_5420_firmwareoptiplex_3090_firmwareg15_5520_firmwarelatitude_3530inspiron_7506_2-in-1_firmwarexps_13_plus_9320alienware_m16_r1optiplex_7000_small_form_factor_firmwarelatitude_7320_detachable_firmwarelatitude_9410optiplex_7400_all-in-oneoptiplex_7070optiplex_7080_firmwarevostro_16_5630latitude_5420_rugged_firmwarelatitude_5310latitude_5530precision_7680latitude_5431_firmwarelatitude_3301latitude_5420_ruggedoptiplex_7090_ultra_firmwareoptiplex_7450_all-in-one_firmwareg16_7620precision_3450chengming_3900latitude_7390_2-in-1_firmwarelatitude_5495inspiron_5400latitude_7330_firmwarelatitude_7480_firmwarexps_15_9520_firmwarevostro_3020_small_desktopprecision_5680_firmwarevostro_5090precision_5560latitude_7640latitude_3190vostro_15_3520_firmwareoptiplex_5400_all-in-one_firmwarelatitude_7430_firmwarelatitude_3330_firmwarelatitude_5540inspiron_3881_firmwarelatitude_5488latitude_5521vostro_15_3510latitude_7380optiplex_5480_all-in-one_firmwareoptiplex_7000_tower_firmwareprecision_3540precision_5570_firmwareinspiron_3910xps_9315_2-in-1inspiron_3580_firmwarelatitude_7520optiplex_7400_all-in-one_firmwarewyse_5070_firmwarelatitude_3310precision_7520latitude_5290_2-in-1g7_7700_firmwarewyse_5470_all-in-one_firmwareprecision_7820_toweroptiplex_3090latitude_7290latitude_3340vostro_7620_firmwarelatitude_7212_rugged_extreme_tablet_firmwareinspiron_16_7620_2-in-1inspiron_5402latitude_5430_firmwareprecision_7540_firmwarelatitude_7480latitude_7285_2-in-1_firmwarevostro_3401_firmwarevostro_3881wyse_5470_firmwareedge_gateway_5000_firmwareinspiron_24_5411_all-in-one_firmwareinspiron_5593latitude_5420_firmwareprecision_3561inspiron_14_7420_2-in-1precision_5820_tower_firmwareinspiron_3493_firmwareoptiplex_3000_towerlatitude_5440_firmwarelatitude_3190_2-in-1_firmwareprecision_3460_xe_small_form_factor_firmwarevostro_5301precision_7875_tower_firmwarexps_15_9510inspiron_16_plus_7620latitude_7210_2-in-1optiplex_xe3_firmwarevostro_5880precision_3260_compactoptiplex_7070_firmwarealienware_m15_r7_firmwarealienware_m15_r6_firmwareoptiplex_5270_all-in-oneoptiplex_xe3latitude_3301_firmwarelatitude_5491latitude_3140_firmwarelatitude_9520_firmwareprecision_5560_firmwarelatitude_5330vostro_3690_firmwarelatitude_5520_firmwareoptiplex_5480_all-in-oneinspiron_24_5410_all-in-one_firmwarelatitude_7280latitude_5400latitude_5410precision_7865_towerprecision_3541xps_8940latitude_9440_2-in-1precision_7730_firmwareprecision_3551latitude_5401_firmwareoptiplex_all-in-one_7410optiplex_3000_small_form_factor_firmwareprecision_5820_towerprecision_7730inspiron_16_7610_firmwarelatitude_7414_rugged_firmwarevostro_5301_firmwarevostro_5890latitude_7230_rugged_extreme_firmwareembedded_box_pc_3000alienware_m18_r1_firmwareoptiplex_7770_all-in-one_firmwarelatitude_5400_firmwareg16_7630latitude_9330_firmwareinspiron_7700_all-in-oneoptiplex_7460_all_in_one_firmwarelatitude_rugged_7220ex_firmwareinspiron_13_5320precision_3440vostro_5402optiplex_tower_7010_firmwareoptiplex_7090_ultrag5_5000_firmwareoptiplex_7470_all-in-oneprecision_7960_tower_firmwareprecision_3550_firmwarelatitude_3310_firmwarevostro_3690g16_7620_firmwareprecision_3460_small_form_factor_firmwarexps_9315_2-in-1_firmwarelatitude_7530optiplex_3050_firmwareoptiplex_7490_all-in-onevostro_7500alienware_m15_r7precision_7740_firmwarelatitude_7285_2-in-1optiplex_5055_a-serial_firmwareoptiplex_5090_towervostro_15_3530g16_7630_firmwarevostro_3681latitude_3440precision_7920_towerprecision_7780latitude_7400_2-in-1_firmwarevostro_15_7510precision_3530latitude_5411_firmwarelatitude_3510_firmwareinspiron_3593inspiron_13_5310_firmwareoptiplex_7070_ultrainspiron_15_5518_firmwareprecision_7740optiplex_tower_plus_7010precision_5530latitude_7310_firmwareinspiron_16_5640_firmwareoptiplex_3000_thin_clientoptiplex_5055_ryzen_cpu_firmwareinspiron_7306_2-in-1latitude_7530_firmwareoptiplex_3050_all-in-onexps_13_9310_firmwarexps_13_7390_firmwareoptiplex_3280_all-in-oneinspiron_16_plus_7630precision_5760_firmwareinspiron_14_7440_2-in-1vostro_14_3420latitude_3180_firmwareprecision_3580_firmwarevostro_3681_firmwarevostro_3580_firmwarevostro_5890_firmwareinspiron_3910_firmwareinspiron_5406_2-in-1alienware_x16_r2_firmwareprecision_7760_firmwarelatitude_5300_2-in-1_firmwarexps_13_9305_firmwareinspiron_5410optiplex_7760_all-in-onelatitude_7280_firmwarevostro_15_7510_firmwareg7_7700vostro_5502edge_gateway_3000latitude_5280latitude_3540_firmwareoptiplex_7780_all-in-oneinspiron_3501_firmwareinspiron_27_7720_all-in-one_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880latitude_5480_firmwareoptiplex_7000_xe_microprecision_3930_rackprecision_7865_tower_firmwareprecision_7550xps_17_9720latitude_7440_firmwareoptiplex_small_form_factor_7010inspiron_15_3530_firmwareinspiron_14_plus_7420latitude_5320_firmwareprecision_3581optiplex_3080xps_13_9315_firmwareinspiron_15_3530optiplex_7450_all-in-oneprecision_5750xps_13_9300_firmwareinspiron_27_7710_all-in-one_firmwareoptiplex_7460_all_in_oneprecision_5570vostro_16_5640latitude_7310inspiron_14_5410_firmwarelatitude_5421_firmwarelatitude_7330_rugged_laptopinspiron_7500g15_5511precision_5760latitude_3390_2-in-1_firmwareoptiplex_7480_all-in-onechengming_3990_firmwarelatitude_7414_ruggedprecision_3520_firmwareprecision_3551_firmwareinspiron_3020_small_desktop_firmwarelatitude_9430optiplex_7070_ultra_firmwarevostro_3400_firmwareoptiplex_7060latitude_5290_firmwarelatitude_7424_rugged_extremeoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390latitude_5440vostro_3500precision_3240_compactoptiplex_5055_ryzen_cpuprecision_7750_firmwarelatitude_3520_firmwarevostro_3401vostro_3480_firmwarechengming_3991_firmwareinspiron_16_7630_2-in-1_firmwareprecision_5680inspiron_14_5418inspiron_7400latitude_9430_firmwareprecision_3650_tower_firmwarevostro_14_3420_firmwareinspiron_24_5411_all-in-oneoptiplex_7470_all-in-one_firmwareprecision_3630_tower_firmwarelatitude_7340_firmwarexps_13_9310_2-in-1latitude_7440inspiron_5400_firmwarelatitude_5424_ruggedlatitude_5488_firmwareinspiron_14_5440vostro_15_3520optiplex_7760_all-in-one_firmwarelatitude_9510_2in1inspiron_7500_firmwareprecision_3541_firmwareg5_5500latitude_7330inspiron_14_5420inspiron_7506_2-in-1optiplex_5055_ryzen_apu_firmwarelatitude_5330_firmwareg7_7500precision_3650_towervostro_3881_firmwarelatitude_7200_2-in-1latitude_5511_firmwarelatitude_3430_firmwareoptiplex_5055_a-serialvostro_14_3440_firmwareinspiron_5493precision_7960_towerprecision_3550inspiron_3891_firmwareoptiplex_3090_ultra_firmwareprecision_5480_firmwarexps_13_7390_2-in-1_firmwarelatitude_7420_firmwareoptiplex_5070_firmwareprecision_5860_tower_firmwarelatitude_3390_2-in-1latitude_3310_2-in-1optiplex_3090_ultraoptiplex_5090_tower_firmwarelatitude_5490vostro_5620_firmwareinspiron_16_7610latitude_7330_rugged_laptop_firmwarelatitude_3190_2-in-1optiplex_7071edge_gateway_5000inspiron_3891xps_13_9305optiplex_7000_xe_micro_firmwarelatitude_9410_firmwarelatitude_5280_firmwarelatitude_3180inspiron_7706_2-in-1_firmwareinspiron_13_5330_firmwarelatitude_12_rugged_extreme_7214_firmwarelatitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_7220_rugged_extremeoptiplex_3070_firmwareg15_5511_firmwarelatitude_7410_firmwareprecision_3660optiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1vostro_16_5640_firmwareoptiplex_7090_tower_firmwarevostro_3910inspiron_15_7510_firmwareinspiron_14_5418_firmwareg5_5500_firmwareinspiron_3020_desktoplatitude_7390_firmwarelatitude_5500_firmwarelatitude_5410_firmwarelatitude_5430vostro_5090_firmwarexps_13_7390latitude_3530_firmwarelatitude_3400_firmwarevostro_3890latitude_3510precision_3560_firmwareprecision_3520latitude_5495_firmwareinspiron_3880_firmwareg5_5090optiplex_3050precision_5860_towerprecision_7820_tower_firmwareoptiplex_5080_firmwareinspiron_14_5430inspiron_14_7420_2-in-1_firmwareinspiron_5493_firmwarexps_17_9700_firmwareinspiron_3480_firmwareinspiron_15_7510latitude_7030_rugged_extreme_firmwarelatitude_5530_firmwareoptiplex_7000_micro_firmwareprecision_5470optiplex_5060_firmwareinspiron_16_5630_firmwareoptiplex_3050_all-in-one_firmwarevostro_16_5630_firmwarevostro_3590precision_3470_firmwareoptiplex_small_form_factor_plus_7010inspiron_15_5510vostro_3020_tower_desktop_firmwareinspiron_16_plus_7620_firmwareprecision_7530_firmwarevostro_3583_firmwarelatitude_3190_firmwareoptiplex_5000_tower_firmwareoptiplex_micro_7010optiplex_xe4_towerlatitude_5430_rugged_firmwarexps_13_9300xps_15_9500latitude_5500precision_7550_firmwarelatitude_3500_firmwarechengming_3900_firmwarechengming_3991latitude_5288_firmwareprecision_3260_xe_compact_firmwareprecision_3260_xe_compactinspiron_7501_firmwareoptiplex_5090_small_form_factorg15_5510_firmwarelatitude_5290_2-in-1_firmwarelatitude_7220_rugged_extreme_firmwarelatitude_5501latitude_7400_firmwarevostro_3501vostro_5320_firmwarevostro_15_5510precision_3450_firmwarechengming_3990inspiron_15_3520_firmwareprecision_3460_small_form_factorinspiron_5301precision_3581_firmwarelatitude_5340optiplex_7090_towervostro_3583latitude_5491_firmwareprecision_3470vostro_5880_firmwareprecision_3480xps_17_9710inspiron_3493precision_5750_firmwareoptiplex_small_form_factor_plus_7010_firmwareprecision_7875_toweroptiplex_3060optiplex_5060latitude_5520latitude_3410_firmwarewyse_5470_all-in-oneprecision_7680_firmwarevostro_13_5310_firmwareinspiron_7400_firmwareprecision_3260_compact_firmwarelatitude_7640_firmwareoptiplex_5400_all-in-onelatitude_3320inspiron_3030s_firmwareprecision_3530_firmwareprecision_3580latitude_3540xps_13_9310_2-in-1_firmwarealienware_x14_r2_firmwarelatitude_5580_firmwarevostro_5320latitude_3189vostro_3580inspiron_3020_small_desktopprecision_7750latitude_3430embedded_box_pc_5000embedded_box_pc_3000_firmwarelatitude_3320_firmwareinspiron_3580optiplex_5490_all-in-one_firmwareoptiplex_7080g15_5510inspiron_15_5518vostro_7500_firmwarevostro_14_3430xps_17_9730latitude_9330inspiron_16_7620_2-in-1_firmwarelatitude_5480inspiron_15_3511latitude_7230_rugged_extremelatitude_9440_2-in-1_firmwarelatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwareinspiron_15_3520optiplex_5000_small_form_factor_firmwarechengming_3910_firmwarelatitude_7300_firmwarelatitude_5421inspiron_16_5630latitude_9420_firmwareinspiron_24_5420_all-in-onelatitude_5510inspiron_5401_aio_firmwarelatitude_7030_rugged_extremewyse_5470latitude_7340optiplex_5090_micro_firmwarevostro_3501_firmwareinspiron_3593_firmwareinspiron_14_plus_7430_firmwareoptiplex_7780_all-in-one_firmwarevostro_3710_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwareoptiplex_5000_micro_firmwareprecision_3640_firmwarelatitude_3310_2-in-1_firmwareinspiron_16_5620latitude_5320latitude_3330vostro_13_5310optiplex_7000_small_form_factorlatitude_7410latitude_5501_firmwareprecision_3571xps_13_7390_2-in-1optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411optiplex_5090_microlatitude_12_rugged_extreme_7214precision_7760vostro_3020_tower_desktopxps_17_9720_firmwarealienware_x16_r1_firmwareinspiron_7306_2-in-1_firmwarevostro_3500_firmwarelatitude_7320_detachablelatitude_9520inspiron_5509optiplex_5055_ryzen_apulatitude_3189_firmwarevostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_27_7710_all-in-onelatitude_7420latitude_5290inspiron_7706_2-in-1precision_7670precision_5550_firmwareg7_7500_firmwareinspiron_16_5640inspiron_24_5420_all-in-one_firmwarelatitude_3120_firmwarelatitude_5590_firmwareinspiron_16_plus_7630_firmwareinspiron_16_5620_firmwareprecision_7670_firmwareg15_5530inspiron_5301_firmwarealienware_m18_r2_firmwareprecision_3571_firmwareinspiron_14_5440_firmwareprecision_5540vostro_5620inspiron_3480latitude_7520_firmwarelatitude_5431precision_3930_rack_firmwareoptiplex_3000_thin_client_firmwarevostro_3710latitude_5420precision_3480_firmwareinspiron_7300inspiron_3793_firmwareprecision_3430_tower_firmwareinspiron_5402_firmwareprecision_7560_firmwareoptiplex_micro_plus_7010latitude_3300_firmwarelatitude_3440_firmwarexps_15_9530_firmwarexps_17_9730_firmwarelatitude_7400_2-in-1precision_7770latitude_7210_2-in-1_firmwarexps_13_9310latitude_5510_firmwarelatitude_3340_firmwareinspiron_5410_firmwarelatitude_7212_rugged_extreme_tabletoptiplex_5000_microinspiron_15_5510_firmwareinspiron_14_7430_2-in-1_firmwarevostro_5502_firmwareprecision_3540_firmwarelatitude_3380xps_15_9530latitude_7430g3_3500_firmwareprecision_3431_tower_firmwareoptiplex_3000_small_form_factoroptiplex_3080_firmwarexps_13_plus_9320_firmwarelatitude_3410optiplex_small_form_factor_7010_firmwarevostro_5402_firmwarevostro_15_3510_firmwareprecision_3420_towerinspiron_7700_all-in-one_firmwareinspiron_3881optiplex_7490_all-in-one_firmwarevostro_14_5410_firmwarevostro_15_3530_firmwarelatitude_5531precision_3660_firmwarevostro_3020_small_desktop_firmwareprecision_3420_tower_firmwarechengming_3910optiplex_3000_micro_firmwareoptiplex_5000_small_form_factorprecision_7780_firmwarelatitude_5490_firmwarelatitude_5591_firmwareinspiron_3501inspiron_13_5310latitude_3140latitude_3500latitude_5310_firmwarelatitude_9510_2in1_firmwareinspiron_3793inspiron_27_7720_all-in-oneprecision_3430_towerlatitude_5540_firmwareprecision_5520_firmwarealienware_m15_r6vostro_3890_firmwarexps_15_7590latitude_3300latitude_5580precision_3620_tower_firmwareedge_gateway_3000_firmwareoptiplex_micro_plus_7010_firmwareinspiron_5401_firmwareprecision_5540_firmwareprecision_3460_xe_small_form_factorvostro_15_5510_firmwarexps_15_9520latitude_7320_firmwareoptiplex_5490_all-in-oneinspiron_14_7440_2-in-1_firmwarexps_8940_firmwarelatitude_3120vostro_3480g15_5530_firmwareprecision_3560inspiron_5401_aioprecision_3640optiplex_5260_all-in-one_firmwarelatitude_rugged_7220exinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareprecision_3630_toweralienware_m16_r1_firmwareinspiron_14_5430_firmwareinspiron_3020_desktop_firmwarelatitude_5414_ruggedoptiplex_3070inspiron_13_5320_firmwarevostro_3910_firmwarelatitude_7290_firmwareprecision_5770chengming_3911precision_7530vostro_7620inspiron_5502_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareinspiron_5409_firmwareinspiron_14_plus_7420_firmwareg15_5520latitude_5340_firmwarelatitude_7490latitude_5288optiplex_7000_toweroptiplex_7060_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwareoptiplex_5000_towerinspiron_5401precision_7920_tower_firmwarevostro_3030sCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20718
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645181; Issue ID: ALPS07645181.

Action-Not Available
Vendor-yoctoprojectGoogle LLCMediaTek Inc.
Product-mt6781mt6853tmt6855mt8789mt6889mt6893mt6833mt8365mt6769androidmt6877mt8175mt8195yoctomt8791tmt8168mt6768mt6785mt8786mt6873mt6891mt6853mt6789mt8673mt6883mt8797mt8395mt6875mt6885mt6779mt8781MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2021-43861
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-0.49% / 64.68%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 13:40
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect sanitisation function leads to `XSS`

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading.

Action-Not Available
Vendor-mermaid_projectmermaid-js
Product-mermaidmermaid
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33945
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.07% / 20.55%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-14 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_hns2600bps24compute_module_hns2600bpblc24rserver_board_s2600bpsserver_board_s2600bpqrcompute_module_hns2600bps_firmwarecompute_module_hns2600bpq24_firmwarecompute_module_hns2600bpq_firmwarecompute_module_hns2600bpblc24_firmwareserver_board_s2600bpqr_firmwareserver_system_vrn2224bphy6compute_module_hns2600bpq24r_firmwarecompute_module_hns2600bps24rcompute_module_hns2600bpbserver_board_s2600bpb_firmwarecompute_module_hns2600bpsrcompute_module_liquid-cooled_hns2600bpbrctserver_system_m70klp4s2uhhserver_system_vrn2224bphy6_firmwarecompute_module_hns2600bpblc_firmwarecompute_module_hns2600bpblcrcompute_module_hns2600bpbr_firmwareserver_system_m20ntp1ur304server_system_vrn2224bpaf6compute_module_hns2600bpqrcompute_module_hns2600bpbrserver_system_vrn2224bpaf6_firmwarecompute_module_hns2600bpb_firmwareserver_board_m20ntp2sbserver_board_m10jnp2sb_firmwareserver_board_s2600bpbrserver_system_m70klp4s2uhh_firmwareserver_board_m70klp2sbcompute_module_hns2600bps24_firmwarecompute_module_hns2600bps24r_firmwareserver_system_zsb2224bpaf2compute_module_hns2600bpsr_firmwarecompute_module_hns2600bpb24_firmwareserver_system_mcb2208wfaf5_firmwarecompute_module_liquid-cooled_hns2600bpbrct_firmwareserver_board_s2600bpbr_firmwarecompute_module_hns2600bpqcompute_module_hns2600bpblcr_firmwareserver_board_s2600bpbcompute_module_hns2600bpblc24server_system_zsb2224bphy1_firmwareserver_system_m20ntp1ur304_firmwareserver_board_m70klp2sb_firmwarecompute_module_hns2600bpblc24r_firmwareserver_board_s2600bpqserver_board_m10jnp2sbserver_system_zsb2224bpaf1server_board_s2600bpq_firmwarecompute_module_hns2600bpblcserver_system_zsb2224bpaf1_firmwareserver_board_s2600bpsrcompute_module_hns2600bpqr_firmwareserver_board_s2600bps_firmwarecompute_module_hns2600bpsserver_board_s2600bpsr_firmwarecompute_module_hns2600bpb24server_system_zsb2224bphy1server_system_zsb2224bpaf2_firmwarecompute_module_hns2600bpq24rcompute_module_hns2600bpq24server_board_m20ntp2sb_firmwareserver_system_mcb2208wfaf5Intel(R) Server board and Intel(R) Server System BIOS firmwareserver_system_m70klp_familyserver_board_m10jnp2sb_familyserver_board_s2600bp_familyserver_m20ntp_family
CWE ID-CWE-20
Improper Input Validation
CVE-2022-32652
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.72%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262617; Issue ID: ALPS07262617.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt6833mt8791mt6893mt6877mt6853MT6833, MT6853, MT6877, MT6893, MT8791
CWE ID-CWE-20
Improper Input Validation
CVE-2022-32653
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.72%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262518; Issue ID: ALPS07262518.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt6855mt8781mt6879mt6983mt6789MT6789, MT6855, MT6879, MT6983, MT8781
CWE ID-CWE-20
Improper Input Validation
CVE-2023-6395
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.41% / 60.71%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 14:33
Updated-13 Feb, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mock: privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.

Action-Not Available
Vendor-rpm-software-managementn/aRed Hat, Inc.Fedora Project
Product-mockextra_packages_for_enterprise_linuxfedoraRed Hat Enterprise Linux 6Extra Packages for Enterprise LinuxmockFedora
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-33178
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.2||HIGH
EPSS-0.81% / 73.31%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 00:00
Updated-07 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-fabric_operating_systemBrocade Fabric OS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20636
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt6985mt8781mt6895mt8168MT6895, MT6985, MT8168, MT8781
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30542
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-r2000wf_firmwarer2000wfr1000wfs2600wf_firmwarer1000wf_firmwares2600wfIntel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families
CWE ID-CWE-20
Improper Input Validation
CVE-2023-5964
Matching Score-4
Assigner-1E Limited
ShareView Details
Matching Score-4
Assigner-1E Limited
CVSS Score-9.9||CRITICAL
EPSS-0.18% / 39.27%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 12:27
Updated-12 Jun, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
1E-Exchange-DisplayMessage instruction allows for arbitrary code execution

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%” from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as “Show %Type% type notification with header %Header% and message %Message%” with a version of 7.1 or above.

Action-Not Available
Vendor-1E Ltd
Product-platformPlatform
CWE ID-CWE-20
Improper Input Validation
CVE-2023-5624
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.2||HIGH
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 16:36
Updated-09 Sep, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Blind SQL Injection

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.

Action-Not Available
Vendor-Tenable, Inc.
Product-nessus_network_monitorNessus Network Monitornessus_network_monitor
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28781
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.7||HIGH
EPSS-0.02% / 2.37%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:39
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28699
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.79%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc8i3cysnnuc8i7inh_firmwarenuc8i7hvk_firmwarenuc7cjyhn_firmwarenuc8cchbnuc7pjyh_firmwarenuc8cchbn_firmwarestk2mv64cc_firmwarenuc8i7inhnuc7cjyhnuc8i5inhnuc8i7hnknuc8cchkrnnuc8i7hvknuc7cjyhnnuc8i7hnk_firmwarenuc8i3cysn_firmwarenuc8cchkrn_firmwarenuc8cchkrnuc7cjyh_firmwarenuc7pjyhn_firmwarenuc7cjysamn_firmwarenuc7pjyhnuc8i5inh_firmwarenuc8cchbnnuc7cjysamnnuc7pjyhnnuc8i7hvkvaw_firmwarenuc7cjysalnuc8i7hvkvanuc8i7hvkva_firmwarenuc8cchkr_firmwarenuc8cchb_firmwarenuc8i7hnkqc_firmwarenuc7cjysal_firmwarestk2mv64ccnuc8i7hvkvawnuc8i7hnkqcIntel(R) NUC BIOS firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29257
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.41% / 60.67%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 21:25
Updated-23 Apr, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electron's AutoUpdater module fails to validate certain nested components of the bundle

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds.

Action-Not Available
Vendor-Electron UserlandElectron (OpenJS Foundation)
Product-electronelectron
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28695
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.2||HIGH
EPSS-0.44% / 62.31%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:34
Updated-17 Sep, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_advanced_firewall_managerBIG-IP AFM
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27573
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 33.43%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27574
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 33.37%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27634
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.60% / 68.43%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:12
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerBIG-IP APM
CWE ID-CWE-20
Improper Input Validation
CVE-2023-5528
Matching Score-4
Assigner-Kubernetes
ShareView Details
Matching Score-4
Assigner-Kubernetes
CVSS Score-7.2||HIGH
EPSS-21.08% / 95.44%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 20:32
Updated-03 Jan, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Action-Not Available
Vendor-Fedora ProjectKubernetesMicrosoft Corporation
Product-kuberneteswindowsfedorakubelet
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27421
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.61% / 68.95%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:21
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.

Action-Not Available
Vendor-chamilon/a
Product-chamilo_lmsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-26006
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.04% / 12.23%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:49
Updated-05 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_e5-2699r_v4_firmwarecore_i7-3920xmxeon_e5-4667_v3_firmwarexeon_e5-4620_v4_firmwarexeon_e5-2623_v4xeon_e5-1630_v4xeon_e5-2603_v3xeon_e5-4660_v4xeon_e5-2640_v3_firmwarexeon_e5-2640_v4xeon_e5-2690_v3xeon_e5-2670_v3_firmwarexeon_e5-2687w_v4_firmwarecore_i7-6900k_firmwarexeon_e5-4640_v3xeon_e5-2699_v3core_i7-3940xm_firmwarecore_i7-6950x_firmwarexeon_e5-2630l_v4xeon_e5-2699_v3_firmwarexeon_e5-2698_v3_firmwarexeon_e5-2650_v3xeon_e5-4610_v3_firmwarecore_i7-6850k_firmwarexeon_e5-2620_v4_firmwarexeon_e5-2687w_v3xeon_e5-2618l_v3core_i9-10980xe_firmwarexeon_e5-2699a_v4core_i7-9800xxeon_e5-2695_v3_firmwarexeon_e5-2658_v3_firmwarexeon_e5-4620_v4core_i9-7920x_firmwarexeon_e5-2618l_v3_firmwarexeon_e5-1650_v3xeon_e5-2699_v4_firmwarexeon_e5-2630l_v4_firmwarecore_i5-7640x_firmwarexeon_e5-2650l_v4core_i7-7800x_firmwarexeon_e5-1630_v3_firmwarexeon_e5-2683_v4xeon_e5-2683_v3_firmwarecore_i7-5930k_firmwarexeon_e5-4660_v4_firmwarexeon_e5-2650_v3_firmwarexeon_e5-2623_v4_firmwarexeon_e5-2695_v3xeon_e5-1428l_v3_firmwarecore_i9-9940xxeon_e5-2658a_v3_firmwarexeon_e5-2680_v3xeon_e5-4628l_v4_firmwarexeon_e5-2650_v4_firmwarexeon_e5-4655_v3_firmwarecore_i7-6800kxeon_e5-2428l_v3xeon_e5-1620_v4_firmwarexeon_e5-2630l_v3_firmwarexeon_e5-2438l_v3xeon_e5-2667_v3_firmwarexeon_e5-2680_v4xeon_e5-1620_v4core_i7-4930kxeon_e5-1660_v3_firmwarexeon_e5-2667_v4core_i7-3960xxeon_e5-2648l_v4xeon_e5-2698_v4_firmwarecore_i7-3960x_firmwarexeon_e5-2628l_v3core_i9-7980xe_firmwarexeon_e5-2609_v4xeon_e5-4655_v4_firmwarexeon_e5-1680_v3_firmwarecore_i7-4820k_firmwarexeon_e5-1660_v4_firmwarecore_i9-7980xexeon_e5-2637_v3core_i7-9800x_firmwarexeon_e5-1620_v3xeon_e5-2680_v3_firmwarecore_i9-10980xexeon_e5-1660_v3xeon_e5-4640_v4xeon_e5-2667_v3core_i9-7940x_firmwarecore_i9-9980xe_firmwarexeon_e5-2630_v3_firmwarexeon_e5-2650l_v3xeon_e5-2628l_v3_firmwarecore_i7-3940xmcore_i9-9980xexeon_e5-2608l_v4_firmwarexeon_e5-2697_v3xeon_e5-4640_v4_firmwarecore_i7-4940mx_firmwarexeon_e5-2643_v4_firmwarexeon_e5-2667_v4_firmwarexeon_e5-2697_v4_firmwarexeon_e5-2428l_v3_firmwarexeon_e5-2643_v3_firmwarexeon_e5-2697_v3_firmwarexeon_e5-2640_v3xeon_e5-2418l_v3_firmwarexeon_e5-2648l_v4_firmwarexeon_e5-2695_v4xeon_e5-2683_v3xeon_e5-2609_v3core_i7-5820k_firmwarexeon_e5-2690_v3_firmwarecore_i7-5930kxeon_e5-2603_v3_firmwarexeon_e5-2630_v4core_i9-10900xcore_i7-7740x_firmwarecore_i7-6900kcore_i7-7820x_firmwarexeon_e5-4667_v4_firmwarecore_i9-9960x_firmwarecore_i9-7900x_firmwarexeon_e5-2408l_v3xeon_e5-4660_v3xeon_e5-2699r_v4core_i7-5820kxeon_e5-2628l_v4core_i7-5960x_firmwarexeon_e5-4610_v4_firmwarecore_i7-3970xcore_i7-6950xxeon_e5-2630_v3xeon_e5-4650_v3xeon_e5-2620_v4xeon_e5-1630_v3xeon_e5-2690_v4xeon_e5-2608l_v4xeon_e5-2609_v4_firmwarecore_i9-10940xxeon_e5-2695_v4_firmwarexeon_e5-1680_v4xeon_e5-2658a_v3xeon_e5-2620_v3_firmwarexeon_e5-2630_v4_firmwarexeon_e5-4669_v3xeon_e5-2438l_v3_firmwarexeon_e5-4627_v4_firmwarexeon_e5-2643_v3core_i9-7900xxeon_e5-2658_v4xeon_e5-2628l_v4_firmwarexeon_e5-4655_v4xeon_e5-2660_v4xeon_e5-4648_v3_firmwarecore_i7-6850kcore_i7-4930mxcore_i7-4940mxxeon_e5-4627_v3_firmwarexeon_e5-4669_v3_firmwarecore_i9-7960x_firmwarecore_i9-7920xxeon_e5-2670_v3xeon_e5-2697a_v4xeon_e5-2658_v4_firmwarexeon_e5-2623_v3core_i9-9960xxeon_e5-4610_v4xeon_e5-2697a_v4_firmwarexeon_e5-2623_v3_firmwarecore_i9-10920xcore_i9-9920xxeon_e5-2648l_v3xeon_e5-2637_v3_firmwarexeon_e5-2637_v4_firmwarexeon_e5-2690_v4_firmwarecore_i5-7640xcore_i7-3930k_firmwarexeon_e5-4640_v3_firmwarexeon_e5-4660_v3_firmwarexeon_e5-2687w_v3_firmwarecore_i9-7940xxeon_e5-2660_v4_firmwarexeon_e5-2618l_v4_firmwarecore_i7-3970x_firmwarecore_i7-4930k_firmwarecore_i9-7960xcore_i9-9820xxeon_e5-2699a_v4_firmwarecore_i7-3820_firmwarexeon_e5-2608l_v3_firmwarexeon_e5-1650_v3_firmwarexeon_e5-2640_v4_firmwarecore_i7-4960x_firmwarexeon_e5-1650_v4xeon_e5-2609_v3_firmwarexeon_e5-2648l_v3_firmwarecore_i7-7820xcore_i7-3930kcore_i9-9900xxeon_e5-2603_v4_firmwarexeon_e5-4627_v4xeon_e5-1680_v3core_i9-10900x_firmwarecore_i7-4930mx_firmwarexeon_e5-4648_v3xeon_e5-2418l_v3core_i7-3820xeon_e5-4669_v4_firmwarecore_i7-3920xm_firmwarexeon_e5-2683_v4_firmwarexeon_e5-1680_v4_firmwarexeon_e5-1620_v3_firmwarexeon_e5-2698_v3xeon_e5-2630l_v3xeon_e5-4620_v3_firmwarexeon_e5-4655_v3core_i9-9920x_firmwarexeon_e5-2608l_v3xeon_e5-4669_v4xeon_e5-1630_v4_firmwarecore_i7-5960xxeon_e5-2699_v4core_i7-7800xxeon_e5-4627_v3xeon_e5-4610_v3xeon_e5-2650_v4xeon_e5-2660_v3xeon_e5-2698_v4core_i9-9820x_firmwarexeon_e5-4628l_v4core_i7-4960xxeon_e5-4667_v3xeon_e5-4620_v3xeon_e5-2408l_v3_firmwarecore_i9-9900x_firmwarexeon_e5-1428l_v3xeon_e5-2658_v3xeon_e5-2687w_v4xeon_e5-2643_v4xeon_e5-4650_v4core_i9-9940x_firmwarecore_i9-10920x_firmwarexeon_e5-2637_v4core_i7-6800k_firmwarecore_i7-4820kcore_i9-10940x_firmwarexeon_e5-2620_v3xeon_e5-2697_v4xeon_e5-2618l_v4xeon_e5-2660_v3_firmwarexeon_e5-4650_v4_firmwarexeon_e5-2680_v4_firmwarexeon_e5-1660_v4xeon_e5-2650l_v4_firmwarexeon_e5-2603_v4xeon_e5-1650_v4_firmwarexeon_e5-2650l_v3_firmwarecore_i7-7740xxeon_e5-4650_v3_firmwarexeon_e5-4667_v4Intel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24382
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.78%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:35
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_11_pro_kit_nuc11tnhi30l_firmwarenuc11dbbi7_firmwarenuc_9_pro_compute_element_nuc9vxqnb_firmwarenuc_11_pro_kit_nuc11tnki7nuc11pa_firmwarenuc8i3cysnnuc_9_pro_kit_nuc9vxqnx_firmwarenuc_11_compute_element_cm11ebi58w_firmwarenuc_11_pro_board_nuc11tnbi50znuc_11_pro_kit_nuc11tnki30z_firmwarenuc_8_compute_element_cm8pcbnuc_8_compute_element_cm8pcb_firmwarelapkc71fnuc_11_pro_board_nuc11tnbi70z_firmwarenuc_11_pro_board_nuc11tnbi7nuc_11_compute_element_cm11ebc4w_firmwarenuc_11_pro_kit_nuc11tnki50znuc_11_pro_kit_nuc11tnki5nuc_kit_nuc8i5benuc8i3cysmlapbc710nuc_11_pro_kit_nuc11tnhi50znuc_8_compute_element_cm8i3cbnuc8i3cysn_firmwarenuc_kit_nuc8i5be_firmwarenuc11pahnuc_11_pro_board_nuc11tnbi30z_firmwarenuc_9_pro_kit_nuc9v7qnx_firmwarenuc_8_compute_element_cm8ccbnuc11dbbi9_firmwarenuc_11_pro_board_nuc11tnbi5nuc_9_pro_compute_element_nuc9v7qnblapbc710_firmwarelapkc51enuc_11_pro_kit_nuc11tnki3nuc_11_pro_kit_nuc11tnki70znuc_8_compute_element_cm8i7cblapkc71f_firmwarenuc_11_enthusiast_kit_nuc11phki7cnuc11panuc_11_pro_kit_nuc11tnhi70lnuc_11_pro_kit_nuc11tnhi50lnuc_8_compute_element_cm8i7cb_firmwarenuc9i9qnnuc_11_pro_board_nuc11tnbi70znuc_11_pro_kit_nuc11tnhi30znuc_11_pro_kit_nuc11tnhi50w_firmwarelapbc510_firmwarenuc_11_compute_element_cm11ebi716wnuc_11_pro_kit_nuc11tnki30znuc_kit_nuc8i3b_firmwarenuc11btmi9nuc11btmi7nuc9i7qnnuc9i7qn_firmwarenuc_8_compute_element_cm8i5cb_firmwarenuc_11_compute_element_cm11ebi38w_firmwarenuc_11_pro_kit_nuc11tnhi70l_firmwarenuc_11_pro_kit_nuc11tnhi70qnuc_11_pro_kit_nuc11tnhi70znuc9i5qn_firmwarenuc_kit_nuc8i7be_firmwarenuc_11_pro_kit_nuc11tnhi30lnuc8i3cysm_firmwarelapkc71e_firmwarenuc_11_pro_kit_nuc11tnhi30z_firmwarenuc_11_pro_board_nuc11tnbi5_firmwarenuc_11_pro_kit_nuc11tnki50z_firmwarenuc11paq_firmwarenuc_11_pro_board_nuc11tnbi3_firmwarenuc_11_pro_kit_nuc11tnhi5_firmwarenuc_11_pro_kit_nuc11tnhi7_firmwarenuc_kit_nuc8i3bnuc_11_pro_kit_nuc11tnhi50l_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caanuc11btmi9_firmwarenuc_9_pro_kit_nuc9vxqnxnuc_11_pro_board_nuc11tnbi30znuc_11_pro_kit_nuc11tnhi3nuc_11_enthusiast_kit_nuc11phki7c_firmwarenuc_11_pro_board_nuc11tnbi3nuc_11_pro_kit_nuc11tnhi7nuc_11_pro_board_nuc11tnbi7_firmwarenuc_11_pro_kit_nuc11tnki5_firmwarelapbc510nuc_11_pro_kit_nuc11tnki3_firmwarenuc_8_compute_element_cm8i5cbnuc_11_pro_kit_nuc11tnhi70q_firmwarenuc11pah_firmwarenuc_8_compute_element_cm8i3cb_firmwarelapkc51e_firmwarenuc_11_compute_element_cm11ebi716w_firmwarenuc11paqnuc_9_pro_compute_element_nuc9v7qnb_firmwarenuc_11_pro_kit_nuc11tnki70z_firmwarenuc_9_pro_kit_nuc9v7qnxnuc_11_compute_element_cm11ebi58wnuc_11_pro_kit_nuc11tnhi5nuc_11_pro_kit_nuc11tnhi3_firmwarenuc_11_pro_board_nuc11tnbi50z_firmwarenuc_11_compute_element_cm11ebc4wnuc11dbbi9nuc11btmi7_firmwarenuc_11_pro_kit_nuc11tnhi50wnuc_kit_nuc8i7benuc_11_pro_kit_nuc11tnki7_firmwarenuc_11_pro_kit_nuc11tnhi30p_firmwarenuc_11_pro_kit_nuc11tnhi30pnuc_11_pro_kit_nuc11tnhi70z_firmwarenuc_8_compute_element_cm8ccb_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caa_firmwarenuc9i5qnnuc11dbbi7nuc9i9qn_firmwarenuc_11_pro_kit_nuc11tnhi50z_firmwarenuc_9_pro_compute_element_nuc9vxqnblapkc71enuc_11_compute_element_cm11ebi38wIntel(R) NUCs
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24847
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-0.19% / 41.24%
||
7 Day CHG~0.00%
Published-13 Apr, 2022 | 21:20
Updated-23 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible.

Action-Not Available
Vendor-osgeogeoserver
Product-geoservergeoserver
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2024-25641
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-86.11% / 99.35%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 13:28
Updated-13 Feb, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cacti RCE vulnerability when importing packages

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.

Action-Not Available
Vendor-Fedora ProjectThe Cacti Group, Inc.
Product-cactifedoracacticacti
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24379
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.55%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-30 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_system_m70klp4s2uhhserver_board_m70klp2sb_firmwareserver_system_m70klp4s2uhh_firmwareserver_board_m70klp2sbIntel(R) Server System M70KLP Family BIOS firmwareintel_server_system_m70klp_family_bios_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24093
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.1||CRITICAL
EPSS-1.02% / 76.37%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 07:36
Updated-27 Feb, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce post-auth improper input validation leads to remote code execution

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.
Product-magento_open_sourcecommerceAdobe Commerce
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24417
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.35%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwarevostro_5515_firmwareinspiron_3180vostro_3515_firmwareinspiron_3185_firmwareinspiron_22-3275_firmwaredell_g5_5505_firmwareinspiron_3185inspiron_3585inspiron_7405_firmwareinspiron_5515inspiron_5675_firmwareinspiron_5415_firmwareinspiron_5405_firmwareinspiron_27_7775_firmwareinspiron_3505_firmwareinspiron_5585inspiron_5775_firmwareinspiron_7375_firmwareinspiron_5575_firmwareinspiron_3785vostro_5415inspiron_7415_firmwareinspiron_3515inspiron_5415inspiron_3785_firmwareinspiron_7415vostro_3405_firmwareinspiron_3195inspiron_24-3475vostro_3515inspiron_3515_firmwareinspiron_3180_firmwareinspiron_5575inspiron_24-3475_firmwareinspiron_3195_firmwareinspiron_5505inspiron_3505inspiron_3595inspiron_27_7775inspiron_5505_firmwarevostro_5515dell_g5_5505inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareinspiron_5585_firmwareinspiron_7405inspiron_22-3275inspiron_5675vostro_5415_firmwareinspiron_5405inspiron_5775vostro_3405inspiron_5485CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24818
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-7.85% / 91.66%
||
7 Day CHG~0.00%
Published-13 Apr, 2022 | 20:55
Updated-23 Apr, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unchecked JNDI lookups in GeoTools

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case, the vulnerability can be triggered if the JNDI names are user-provided, but requires admin-level login to be triggered. The lookups are now restricted in GeoTools 26.4, GeoTools 25.6, and GeoTools 24.6. Users unable to upgrade should ensure that any downstream application should not allow usage of remotely provided JNDI strings.

Action-Not Available
Vendor-geotoolsgeotools
Product-geotoolsgeotools
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found