Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-35415

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Sep, 2022 | 02:21
Updated At-03 Aug, 2024 | 09:36
Rejected At-
Credits

An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Sep, 2022 | 02:21
Updated At:03 Aug, 2024 | 09:36
Rejected At:
▼CVE Numbering Authority (CNA)

An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ni.com
x_refsource_MISC
https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-configuration-manager-.html
x_refsource_MISC
Hyperlink: https://ni.com
Resource:
x_refsource_MISC
Hyperlink: https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-configuration-manager-.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ni.com
x_refsource_MISC
x_transferred
https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-configuration-manager-.html
x_refsource_MISC
x_transferred
Hyperlink: https://ni.com
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-configuration-manager-.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Sep, 2022 | 03:15
Updated At:17 Sep, 2022 | 02:36

An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ni
ni
>>configuration_manager>>Versions before 22.5.0(exclusive)
cpe:2.3:a:ni:configuration_manager:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://ni.comcve@mitre.org
Vendor Advisory
https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-configuration-manager-.htmlcve@mitre.org
Vendor Advisory
Hyperlink: https://ni.com
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-configuration-manager-.html
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

434Records found
CVE-2022-36339
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.23%
||
7 Day CHG-0.01%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-cm11ebi58w_firmwarecm8i3cb4ncm11ebc4wcm11ebi38w_firmwarecm8pcb4r_firmwareelm12hbccm8pcb4relm12hbc_firmwareelm12hbi5_firmwareelm12hbi3_firmwarecm11ebi716welm12hbi5elm12hbi3cm8i3cb4n_firmwarecm11ebi716w_firmwarecm8i7cb8n_firmwarecm8i5cb8n_firmwarecm11ebi38wcm8ccb4r_firmwarecm8ccb4rcm8i7cb8nelm12hbi7_firmwareelm12hbi7cm11ebi58wcm11ebc4w_firmwarecm8i5cb8nIntel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33025
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.6||MEDIUM
EPSS-0.05% / 16.19%
||
7 Day CHG~0.00%
Published-16 May, 2022 | 17:53
Updated-16 Apr, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xArrow SCADA Path Traversal

xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.

Action-Not Available
Vendor-xarrowxArrow
Product-xarrowxArrow SCADA
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18509
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.11%
||
7 Day CHG~0.00%
Published-13 Aug, 2019 | 13:17
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-62571
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.21%
||
7 Day CHG+0.01%
Published-09 Dec, 2025 | 17:55
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_22h2windows_server_2012windows_11_24h2windows_server_2008windows_server_2019windows_11_23h2windows_server_2022windows_10_21h2windows_10_1809windows_server_2016windows_server_2025windows_server_2022_23h2windows_11_25h2Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 11 Version 24H2Windows Server 2008 Service Pack 2Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows 10 Version 22H2Windows Server 2022Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33703
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.09%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:36
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2025-62455
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.14%
||
7 Day CHG+0.01%
Published-09 Dec, 2025 | 17:55
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_22h2windows_server_2012windows_server_2008windows_server_2019windows_10_21h2windows_10_1809windows_server_2016Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows 10 Version 22H2Windows Server 2012Windows Server 2016Windows 10 Version 1607Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26331
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.70%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:09
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7451epyc_7252_firmwareepyc_7282_firmwareepyc_7543_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7551_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7351p_firmwareepyc_7453epyc_7642_firmwareepyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7401pepyc_7281_firmwareepyc_7413_firmwareepyc_7302epyc_7601epyc_7232pepyc_7002epyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7001epyc_7f72epyc_7f32_firmwareepyc_7662epyc_7502epyc_7001_firmwareepyc_75f3_firmwareepyc_7662_firmwareepyc_7f72_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7281epyc_7551epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7401p_firmwareepyc_7002_firmwareepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7763epyc_7302_firmwareepyc_7713_firmwareepyc_7401epyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7003epyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareepyc_7351epyc_7313_firmwareepyc_7543pepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_74f3epyc_7352_firmwareepyc_7301_firmwareepyc_73f32nd Gen AMD EPYC™3rd Gen AMD EPYC™1st Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2022-42534
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2017-17805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.56%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktoplinux_enterprise_server_for_raspberry_pileaplinux_enterprise_serverlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25510
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 3.40%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:19
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25684
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.80%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 02:20
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
apport can be stalled by reading a FIFO

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.

Action-Not Available
Vendor-Canonical Ltd.
Product-apportapport
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26736
Matching Score-4
Assigner-Zscaler, Inc.
ShareView Details
Matching Score-4
Assigner-Zscaler, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 10.06%
||
7 Day CHG~0.00%
Published-23 Oct, 2023 | 13:21
Updated-27 Feb, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZApp Installer Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.

Action-Not Available
Vendor-Zscaler, Inc.
Product-client_connectorClient Connector
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-26624
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.61% / 82.01%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
eScan Anti-Virus Local privilege escalation Vulnerability

An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.

Action-Not Available
Vendor-escanavMicroWorld Technologies Inc.
Product-escan_anti-viruseScan Anti-Virus for Linux
CWE ID-CWE-20
Improper Input Validation
CVE-2022-31762
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.20%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 14:56
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15832
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.19%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 08:55
Updated-09 Jan, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overwrite due to improper input validation in WLAN host

Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_845sd_850_firmwaremdm9607sd_850mdm9607_firmwaresd_835_firmwaremdm9206sd_835mdm9206_firmwaresd_845_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-15868
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.25%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.80%
||
7 Day CHG~0.00%
Published-28 Oct, 2017 | 02:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-32485
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.43%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-16 May, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareinspiron_3470latitude_e7270inspiron_7570vostro_3669inspiron_5590_firmwareinspiron_5477_firmwareg7_17_7790_firmwareoptiplex_3280_aio_firmwarelatitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwarelatitude_e5270precision_7540wyse_7040_thin_clientwyse_5070inspiron_5490_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080latitude_5511latitude_7390_2-in-1latitude_7214_rugged_extreme_firmwareprecision_5530_2-in-1inspiron_7580_firmwarealienware_x14_firmwarealienware_m15_r1_firmwareprecision_7720vostro_5581_firmwarealienware_m17_r3_firmwarelatitude_5300alienware_x14precision_5530_firmwareoptiplex_5050alienware_aurora_r11latitude_7300optiplex_3050_aioprecision_3620_toweroptiplex_5055_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_7000inspiron_3782latitude_3590_firmwarelatitude_7490_firmwarealienware_m15_r2latitude_5310_2-in-1_firmwareinspiron_7490_firmwarexps_8950precision_5720_aiolatitude_7400latitude_5591inspiron_3471latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_5070g5_5000optiplex_3280_aioxps_15_9575_2-in-1inspiron_5491_2-in-1_firmwareoptiplex_3090_firmwarexps_13_9370_firmwarevostro_3581_firmwarevostro_3581latitude_9410inspiron_7777optiplex_7070optiplex_7080_firmwarelatitude_5420_rugged_firmwareinspiron_5491_aio_firmwarelatitude_5310vostro_5391latitude_3301inspiron_5594latitude_5420_ruggedvostro_3268_firmwarealienware_aurora_r8inspiron_7000_firmwarelatitude_7220_rugged_extreme_tabletalienware_x15_r1latitude_7390_2-in-1_firmwarelatitude_5495inspiron_5400latitude_7480_firmwarelatitude_e5470_firmwarevostro_5591vostro_5090latitude_3190latitude_7220ex_rugged_extreme_tablet_firmwarealienware_aurora_r8_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488latitude_7380optiplex_5480_all-in-one_firmwareprecision_3540alienware_aurora_r11_firmwarealienware_x17_r2_firmwareinspiron_3580_firmwareinspiron_3781_firmwarewyse_5070_firmwarevostro_3670_firmwarelatitude_7214_rugged_extremeinspiron_3280_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1precision_7520wyse_5470_all-in-one_firmwareinspiron_5482precision_7820_toweroptiplex_3090latitude_7290latitude_7212_rugged_extreme_tablet_firmwarealienware_area_51m_r1precision_7540_firmwareinspiron_3582inspiron_7700_aiolatitude_7480vostro_3401_firmwareinspiron_7391_firmwarevostro_3881wyse_5470_firmwareedge_gateway_5000_firmwareinspiron_5593inspiron_7580vostro_5390_firmwareinspiron_5770alienware_m17_r2_firmwarelatitude_3580precision_5820_tower_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwareinspiron_5480_firmwareinspiron_3590latitude_7210_2-in-1optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510latitude_3301_firmwareinspiron_7370vostro_3481_firmwareinspiron_3502latitude_5491optiplex_7040inspiron_7386alienware_aurora_r12optiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarelatitude_5400alienware_aurora_r13_firmwarelatitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwareprecision_3551alienware_m17_r3precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwarelatitude_7275_2-in-1_firmwareg7_17_7790embedded_box_pc_3000inspiron_7570_firmwarelatitude_5400_firmwareinspiron_7391alienware_m17_r4vostro_3671_firmwareoptiplex_7460_all_in_one_firmwareprecision_3440precision_7510_firmwareg5_5000_firmwareoptiplex_7470_all-in-oneinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwareinspiron_3781optiplex_3050_firmwarealienware_aurora_r10_firmwareinspiron_7590_firmwareinspiron_7791_firmwareprecision_7740_firmwareinspiron_15_3567alienware_m15_r2_firmwarelatitude_7389vostro_3681inspiron_5570_firmwareprecision_7920_towerlatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareinspiron_3582_firmwarelatitude_5411_firmwareinspiron_3470_firmwareinspiron_3593optiplex_7070_ultraprecision_7740inspiron_3481_firmwareprecision_5530latitude_7275_2-in-1latitude_7310_firmwareinspiron_3790_firmwarexps_13_7390_firmwarelatitude_9510inspiron_5770_firmwareinspiron_7586_firmwarelatitude_3180_firmwarevostro_3681_firmwarealienware_m17_r1_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwarevostro_3668vostro_3670edge_gateway_3000latitude_5280inspiron_5490inspiron_3501_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareinspiron_3277precision_3930_rackprecision_7550vostro_3490inspiron_5391inspiron_5598inspiron_3482xps_7590_firmwareinspiron_15_2-in-1_5582_firmwareoptiplex_3080alienware_m17_r1latitude_3480inspiron_3782_firmwarexps_13_9300_firmwarealienware_m15_r4optiplex_7460_all_in_onevostro_3671inspiron_7591latitude_7310inspiron_7790inspiron_7790_firmwarelatitude_3379vostro_3584_firmwareoptiplex_7480_all-in-onechengming_3990_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareoptiplex_7070_ultra_firmwareinspiron_7700_aio_firmwareoptiplex_7060latitude_5290_firmwareinspiron_15_2-in-1_5582latitude_7424_rugged_extremeoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390g3_15_3590latitude_3390_firmwareprecision_3240_compactprecision_7750_firmwarealienware_aurora_r12_firmwarelatitude_5285_2-in-1_firmwareprecision_7510vostro_3401chengming_3991_firmwarevostro_3480_firmwarevostro_7590_firmwarealienware_aurora_r10precision_3510_firmwareinspiron_7370_firmwarelatitude_7389_firmwareoptiplex_7470_all-in-one_firmwarelatitude_e7470precision_3630_tower_firmwareinspiron_3581inspiron_5400_firmwarelatitude_5488_firmwareinspiron_5583precision_3541_firmwareinspiron_5591_2-in-1alienware_m15_r1alienware_x15_r2inspiron_5680vostro_3881_firmwareinspiron_7373latitude_7200_2-in-1latitude_5511_firmwarevostro_3490_firmwareoptiplex_7040_firmwareinspiron_5493precision_3550latitude_7370latitude_7370_firmwarexps_13_7390_2-in-1_firmwareoptiplex_5070_firmwarealienware_aurora_r13latitude_3310_2-in-1inspiron_5390_firmwarelatitude_5490alienware_m17_r2vostro_3070_firmwareinspiron_7390_firmwareprecision_5720_aio_firmwarexps_7590latitude_3190_2-in-1optiplex_7071edge_gateway_5000vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwarelatitude_3180latitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_3070_firmwarelatitude_7410_firmwarevostro_3667alienware_x15_r2_firmwarelatitude_e7470_firmwareoptiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1inspiron_5491_aioinspiron_3780inspiron_7380_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarexps_13_7390g3_15_5590_firmwareinspiron_3502_firmwareinspiron_5584precision_3520inspiron_7573_firmwarelatitude_5495_firmwarelatitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5055optiplex_5080_firmwarelatitude_e5270_firmwareinspiron_5493_firmwarevostro_3471inspiron_3480_firmwarealienware_m15_r3optiplex_5060_firmwarevostro_3590vostro_5390vostro_5590_firmwareprecision_7530_firmwarealienware_m17_r4_firmwarealienware_x17_r1inspiron_3790vostro_3583_firmwarelatitude_3190_firmwareinspiron_5494g7_17_7590g3_3779_firmwarexps_13_9300latitude_5500precision_7550_firmwareinspiron_5477chengming_3991inspiron_5480xps_8950_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwareinspiron_7791latitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590vostro_3501chengming_3990vostro_3583alienware_x17_r2latitude_5491_firmwarevostro_5880_firmwareinspiron_3493optiplex_3060optiplex_5060latitude_5285_2-in-1chengming_3988_firmwareinspiron_5482_firmwarewyse_5470_all-in-oneinspiron_5583_firmwarelatitude_5580_firmwareinspiron_3477_firmwarelatitude_3189xps_15_9575_2-in-1_firmwarevostro_3580precision_7750inspiron_14_3467_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwareinspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080alienware_aurora_r9alienware_area_51m_r2_firmwarealienware_m15_r4_firmwareg3_15_5590latitude_5480optiplex_3046latitude_5414_rugged_firmwarelatitude_7300_firmwarealienware_x15_r1_firmwarelatitude_5510wyse_5470vostro_3501_firmwareinspiron_3593_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarealienware_x17_r1_firmwarexps_8930inspiron_7786_firmwarelatitude_3310_2-in-1_firmwarelatitude_7410inspiron_3590_firmwarelatitude_5501_firmwarexps_13_7390_2-in-1latitude_5411optiplex_7450_firmwareoptiplex_7450xps_13_9365_2-in-1optiplex_3050_aio_firmwareinspiron_15_3567_firmwareg3_3579_firmwareg7_17_7590_firmwarelatitude_3480_firmwarelatitude_3189_firmwarevostro_3590_firmwareinspiron_5498inspiron_7591_firmwarelatitude_5290latitude_5289_firmwarechengming_3980_firmwareinspiron_5491_2-in-1latitude_3120_firmwarelatitude_5590_firmwareinspiron_5590vostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671inspiron_5498_firmwareprecision_5540inspiron_3480latitude_3490precision_3930_rack_firmwareinspiron_3670inspiron_3793_firmwareprecision_3430_tower_firmwareinspiron_7390latitude_3300_firmwarelatitude_7400_2-in-1precision_3640_towervostro_5581inspiron_3490latitude_7210_2-in-1_firmwarelatitude_5510_firmwareinspiron_3670_firmwarelatitude_7212_rugged_extreme_tabletlatitude_e5570_firmwarelatitude_7220_rugged_extreme_tablet_firmwareprecision_3540_firmwareinspiron_7777_firmwareoptiplex_3046_firmwareinspiron_3482_firmwarelatitude_5289precision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3080_firmwareprecision_5510_firmwareprecision_3420_towerinspiron_3881xps_13_9380latitude_7220ex_rugged_extreme_tabletlatitude_7414_rugged_extremeprecision_3420_tower_firmwarealienware_area_51m_r2latitude_5490_firmwarelatitude_5591_firmwareinspiron_3501latitude_5310_firmwarevostro_3070inspiron_3793precision_3430_towerinspiron_5481_firmwarechengming_3988xps_15_7590inspiron_3477latitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareedge_gateway_3000_firmwareinspiron_3277_firmwareinspiron_5401_firmwareinspiron_7573precision_5540_firmwarevostro_5590xps_8940_firmwarelatitude_3120vostro_3480optiplex_5260_all-in-one_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwarevostro_3582_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedalienware_aurora_r9_firmwareoptiplex_3070inspiron_3280optiplex_3040latitude_7290_firmwareprecision_7530xps_8930_firmwarexps_13_9365_2-in-1_firmwareinspiron_5391_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3490_firmwareprecision_3510xps_13_9380_firmwarelatitude_7490inspiron_5390optiplex_7060_firmwareprecision_3240_compact_firmwareg3_3779inspiron_5401vostro_3582vostro_3667_firmwareprecision_7920_tower_firmwarevostro_5591_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-59187
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:01
Updated-22 Feb, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 11 Version 25H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2022-32489
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.05% / 15.43%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-15 May, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareinspiron_3470latitude_e7270inspiron_7570vostro_3669inspiron_5590_firmwareinspiron_5477_firmwareg7_17_7790_firmwareoptiplex_3280_aio_firmwarelatitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwarelatitude_e5270precision_7540wyse_7040_thin_clientwyse_5070inspiron_5490_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080latitude_5511latitude_7390_2-in-1latitude_7214_rugged_extreme_firmwareprecision_5530_2-in-1inspiron_7580_firmwarealienware_x14_firmwarealienware_m15_r1_firmwareprecision_7720vostro_5581_firmwarealienware_m17_r3_firmwarelatitude_5300alienware_x14precision_5530_firmwareoptiplex_5050alienware_aurora_r11latitude_7300optiplex_3050_aioprecision_3620_toweroptiplex_5055_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_7000inspiron_3782latitude_3590_firmwarelatitude_7490_firmwarealienware_m15_r2latitude_5310_2-in-1_firmwareinspiron_7490_firmwarexps_8950precision_5720_aiolatitude_7400latitude_5591inspiron_3471latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_5070g5_5000optiplex_3280_aioxps_15_9575_2-in-1inspiron_5491_2-in-1_firmwareoptiplex_3090_firmwarexps_13_9370_firmwarevostro_3581_firmwarevostro_3581latitude_9410inspiron_7777optiplex_7070optiplex_7080_firmwarelatitude_5420_rugged_firmwareinspiron_5491_aio_firmwarelatitude_5310vostro_5391latitude_3301inspiron_5594latitude_5420_ruggedvostro_3268_firmwarealienware_aurora_r8inspiron_7000_firmwarelatitude_7220_rugged_extreme_tabletalienware_x15_r1latitude_7390_2-in-1_firmwarelatitude_5495inspiron_5400latitude_7480_firmwarelatitude_e5470_firmwarevostro_5591vostro_5090latitude_3190latitude_7220ex_rugged_extreme_tablet_firmwarealienware_aurora_r8_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488latitude_7380optiplex_5480_all-in-one_firmwareprecision_3540alienware_aurora_r11_firmwarealienware_x17_r2_firmwareinspiron_3580_firmwareinspiron_3781_firmwarewyse_5070_firmwarevostro_3670_firmwarelatitude_7214_rugged_extremeinspiron_3280_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1precision_7520wyse_5470_all-in-one_firmwareinspiron_5482precision_7820_toweroptiplex_3090latitude_7290latitude_7212_rugged_extreme_tablet_firmwarealienware_area_51m_r1precision_7540_firmwareinspiron_3582inspiron_7700_aiolatitude_7480vostro_3401_firmwareinspiron_7391_firmwarevostro_3881wyse_5470_firmwareedge_gateway_5000_firmwareinspiron_5593inspiron_7580vostro_5390_firmwareinspiron_5770alienware_m17_r2_firmwarelatitude_3580precision_5820_tower_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwareinspiron_5480_firmwareinspiron_3590latitude_7210_2-in-1optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510latitude_3301_firmwareinspiron_7370vostro_3481_firmwareinspiron_3502latitude_5491optiplex_7040inspiron_7386alienware_aurora_r12optiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarelatitude_5400alienware_aurora_r13_firmwarelatitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwareprecision_3551alienware_m17_r3precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwarelatitude_7275_2-in-1_firmwareg7_17_7790embedded_box_pc_3000inspiron_7570_firmwarelatitude_5400_firmwareinspiron_7391alienware_m17_r4vostro_3671_firmwareoptiplex_7460_all_in_one_firmwareprecision_3440precision_7510_firmwareg5_5000_firmwareoptiplex_7470_all-in-oneinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwareinspiron_3781optiplex_3050_firmwarealienware_aurora_r10_firmwareinspiron_7590_firmwareinspiron_7791_firmwareprecision_7740_firmwareinspiron_15_3567alienware_m15_r2_firmwarelatitude_7389vostro_3681inspiron_5570_firmwareprecision_7920_towerlatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareinspiron_3582_firmwarelatitude_5411_firmwareinspiron_3470_firmwareinspiron_3593optiplex_7070_ultraprecision_7740inspiron_3481_firmwareprecision_5530latitude_7275_2-in-1latitude_7310_firmwareinspiron_3790_firmwarexps_13_7390_firmwarelatitude_9510inspiron_5770_firmwareinspiron_7586_firmwarelatitude_3180_firmwarevostro_3681_firmwarealienware_m17_r1_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwarevostro_3668vostro_3670edge_gateway_3000latitude_5280inspiron_5490inspiron_3501_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareinspiron_3277precision_3930_rackprecision_7550vostro_3490inspiron_5391inspiron_5598inspiron_3482xps_7590_firmwareinspiron_15_2-in-1_5582_firmwareoptiplex_3080alienware_m17_r1latitude_3480inspiron_3782_firmwarexps_13_9300_firmwarealienware_m15_r4optiplex_7460_all_in_onevostro_3671inspiron_7591latitude_7310inspiron_7790inspiron_7790_firmwarelatitude_3379vostro_3584_firmwareoptiplex_7480_all-in-onechengming_3990_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareoptiplex_7070_ultra_firmwareinspiron_7700_aio_firmwareoptiplex_7060latitude_5290_firmwareinspiron_15_2-in-1_5582latitude_7424_rugged_extremeoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390g3_15_3590latitude_3390_firmwareprecision_3240_compactprecision_7750_firmwarealienware_aurora_r12_firmwarelatitude_5285_2-in-1_firmwareprecision_7510vostro_3401chengming_3991_firmwarevostro_3480_firmwarevostro_7590_firmwarealienware_aurora_r10precision_3510_firmwareinspiron_7370_firmwarelatitude_7389_firmwareoptiplex_7470_all-in-one_firmwarelatitude_e7470precision_3630_tower_firmwareinspiron_3581inspiron_5400_firmwarelatitude_5488_firmwareinspiron_5583precision_3541_firmwareinspiron_5591_2-in-1alienware_m15_r1alienware_x15_r2inspiron_5680vostro_3881_firmwareinspiron_7373latitude_7200_2-in-1latitude_5511_firmwarevostro_3490_firmwareoptiplex_7040_firmwareinspiron_5493precision_3550latitude_7370latitude_7370_firmwarexps_13_7390_2-in-1_firmwareoptiplex_5070_firmwarealienware_aurora_r13latitude_3310_2-in-1inspiron_5390_firmwarelatitude_5490alienware_m17_r2vostro_3070_firmwareinspiron_7390_firmwareprecision_5720_aio_firmwarexps_7590latitude_3190_2-in-1optiplex_7071edge_gateway_5000vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwarelatitude_3180latitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_3070_firmwarelatitude_7410_firmwarevostro_3667alienware_x15_r2_firmwarelatitude_e7470_firmwareoptiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1inspiron_5491_aioinspiron_3780inspiron_7380_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarexps_13_7390g3_15_5590_firmwareinspiron_3502_firmwareinspiron_5584precision_3520inspiron_7573_firmwarelatitude_5495_firmwarelatitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5055optiplex_5080_firmwarelatitude_e5270_firmwareinspiron_5493_firmwarevostro_3471inspiron_3480_firmwarealienware_m15_r3optiplex_5060_firmwarevostro_3590vostro_5390vostro_5590_firmwareprecision_7530_firmwarealienware_m17_r4_firmwarealienware_x17_r1inspiron_3790vostro_3583_firmwarelatitude_3190_firmwareinspiron_5494g7_17_7590g3_3779_firmwarexps_13_9300latitude_5500precision_7550_firmwareinspiron_5477chengming_3991inspiron_5480xps_8950_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwareinspiron_7791latitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590vostro_3501chengming_3990vostro_3583alienware_x17_r2latitude_5491_firmwarevostro_5880_firmwareinspiron_3493optiplex_3060optiplex_5060latitude_5285_2-in-1chengming_3988_firmwareinspiron_5482_firmwarewyse_5470_all-in-oneinspiron_5583_firmwarelatitude_5580_firmwareinspiron_3477_firmwarelatitude_3189xps_15_9575_2-in-1_firmwarevostro_3580precision_7750inspiron_14_3467_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwareinspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080alienware_aurora_r9alienware_area_51m_r2_firmwarealienware_m15_r4_firmwareg3_15_5590latitude_5480optiplex_3046latitude_5414_rugged_firmwarelatitude_7300_firmwarealienware_x15_r1_firmwarelatitude_5510wyse_5470vostro_3501_firmwareinspiron_3593_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarealienware_x17_r1_firmwarexps_8930inspiron_7786_firmwarelatitude_3310_2-in-1_firmwarelatitude_7410inspiron_3590_firmwarelatitude_5501_firmwarexps_13_7390_2-in-1latitude_5411optiplex_7450_firmwareoptiplex_7450xps_13_9365_2-in-1optiplex_3050_aio_firmwareinspiron_15_3567_firmwareg3_3579_firmwareg7_17_7590_firmwarelatitude_3480_firmwarelatitude_3189_firmwarevostro_3590_firmwareinspiron_5498inspiron_7591_firmwarelatitude_5290latitude_5289_firmwarechengming_3980_firmwareinspiron_5491_2-in-1latitude_3120_firmwarelatitude_5590_firmwareinspiron_5590vostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671inspiron_5498_firmwareprecision_5540inspiron_3480latitude_3490precision_3930_rack_firmwareinspiron_3670inspiron_3793_firmwareprecision_3430_tower_firmwareinspiron_7390latitude_3300_firmwarelatitude_7400_2-in-1precision_3640_towervostro_5581inspiron_3490latitude_7210_2-in-1_firmwarelatitude_5510_firmwareinspiron_3670_firmwarelatitude_7212_rugged_extreme_tabletlatitude_e5570_firmwarelatitude_7220_rugged_extreme_tablet_firmwareprecision_3540_firmwareinspiron_7777_firmwareoptiplex_3046_firmwareinspiron_3482_firmwarelatitude_5289precision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3080_firmwareprecision_5510_firmwareprecision_3420_towerinspiron_3881xps_13_9380latitude_7220ex_rugged_extreme_tabletlatitude_7414_rugged_extremeprecision_3420_tower_firmwarealienware_area_51m_r2latitude_5490_firmwarelatitude_5591_firmwareinspiron_3501latitude_5310_firmwarevostro_3070inspiron_3793precision_3430_towerinspiron_5481_firmwarechengming_3988xps_15_7590inspiron_3477latitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareedge_gateway_3000_firmwareinspiron_3277_firmwareinspiron_5401_firmwareinspiron_7573precision_5540_firmwarevostro_5590xps_8940_firmwarelatitude_3120vostro_3480optiplex_5260_all-in-one_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwarevostro_3582_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedalienware_aurora_r9_firmwareoptiplex_3070inspiron_3280optiplex_3040latitude_7290_firmwareprecision_7530xps_8930_firmwarexps_13_9365_2-in-1_firmwareinspiron_5391_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3490_firmwareprecision_3510xps_13_9380_firmwarelatitude_7490inspiron_5390optiplex_7060_firmwareprecision_3240_compact_firmwareg3_3779inspiron_5401vostro_3582vostro_3667_firmwareprecision_7920_tower_firmwarevostro_5591_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-32488
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.05% / 15.43%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-15 May, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareinspiron_3470latitude_e7270inspiron_7570vostro_3669inspiron_5590_firmwareinspiron_5477_firmwareg7_17_7790_firmwareoptiplex_3280_aio_firmwarelatitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwarelatitude_e5270precision_7540wyse_7040_thin_clientwyse_5070inspiron_5490_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080latitude_5511latitude_7390_2-in-1latitude_7214_rugged_extreme_firmwareprecision_5530_2-in-1inspiron_7580_firmwarealienware_x14_firmwarealienware_m15_r1_firmwareprecision_7720vostro_5581_firmwarealienware_m17_r3_firmwarelatitude_5300alienware_x14precision_5530_firmwareoptiplex_5050alienware_aurora_r11latitude_7300optiplex_3050_aioprecision_3620_toweroptiplex_5055_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_7000inspiron_3782latitude_3590_firmwarelatitude_7490_firmwarealienware_m15_r2latitude_5310_2-in-1_firmwareinspiron_7490_firmwarexps_8950precision_5720_aiolatitude_7400latitude_5591inspiron_3471latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_5070g5_5000optiplex_3280_aioxps_15_9575_2-in-1inspiron_5491_2-in-1_firmwareoptiplex_3090_firmwarexps_13_9370_firmwarevostro_3581_firmwarevostro_3581latitude_9410inspiron_7777optiplex_7070optiplex_7080_firmwarelatitude_5420_rugged_firmwareinspiron_5491_aio_firmwarelatitude_5310vostro_5391latitude_3301inspiron_5594latitude_5420_ruggedvostro_3268_firmwarealienware_aurora_r8inspiron_7000_firmwarelatitude_7220_rugged_extreme_tabletalienware_x15_r1latitude_7390_2-in-1_firmwarelatitude_5495inspiron_5400latitude_7480_firmwarelatitude_e5470_firmwarevostro_5591vostro_5090latitude_3190latitude_7220ex_rugged_extreme_tablet_firmwarealienware_aurora_r8_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488latitude_7380optiplex_5480_all-in-one_firmwareprecision_3540alienware_aurora_r11_firmwarealienware_x17_r2_firmwareinspiron_3580_firmwareinspiron_3781_firmwarewyse_5070_firmwarevostro_3670_firmwarelatitude_7214_rugged_extremeinspiron_3280_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1precision_7520wyse_5470_all-in-one_firmwareinspiron_5482precision_7820_toweroptiplex_3090latitude_7290latitude_7212_rugged_extreme_tablet_firmwarealienware_area_51m_r1precision_7540_firmwareinspiron_3582inspiron_7700_aiolatitude_7480vostro_3401_firmwareinspiron_7391_firmwarevostro_3881wyse_5470_firmwareedge_gateway_5000_firmwareinspiron_5593inspiron_7580vostro_5390_firmwareinspiron_5770alienware_m17_r2_firmwarelatitude_3580precision_5820_tower_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwareinspiron_5480_firmwareinspiron_3590latitude_7210_2-in-1optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510latitude_3301_firmwareinspiron_7370vostro_3481_firmwareinspiron_3502latitude_5491optiplex_7040inspiron_7386alienware_aurora_r12optiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarelatitude_5400alienware_aurora_r13_firmwarelatitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwareprecision_3551alienware_m17_r3precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwarelatitude_7275_2-in-1_firmwareg7_17_7790embedded_box_pc_3000inspiron_7570_firmwarelatitude_5400_firmwareinspiron_7391alienware_m17_r4vostro_3671_firmwareoptiplex_7460_all_in_one_firmwareprecision_3440precision_7510_firmwareg5_5000_firmwareoptiplex_7470_all-in-oneinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwareinspiron_3781optiplex_3050_firmwarealienware_aurora_r10_firmwareinspiron_7590_firmwareinspiron_7791_firmwareprecision_7740_firmwareinspiron_15_3567alienware_m15_r2_firmwarelatitude_7389vostro_3681inspiron_5570_firmwareprecision_7920_towerlatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareinspiron_3582_firmwarelatitude_5411_firmwareinspiron_3470_firmwareinspiron_3593optiplex_7070_ultraprecision_7740inspiron_3481_firmwareprecision_5530latitude_7275_2-in-1latitude_7310_firmwareinspiron_3790_firmwarexps_13_7390_firmwarelatitude_9510inspiron_5770_firmwareinspiron_7586_firmwarelatitude_3180_firmwarevostro_3681_firmwarealienware_m17_r1_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwarevostro_3668vostro_3670edge_gateway_3000latitude_5280inspiron_5490inspiron_3501_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareinspiron_3277precision_3930_rackprecision_7550vostro_3490inspiron_5391inspiron_5598inspiron_3482xps_7590_firmwareinspiron_15_2-in-1_5582_firmwareoptiplex_3080alienware_m17_r1latitude_3480inspiron_3782_firmwarexps_13_9300_firmwarealienware_m15_r4optiplex_7460_all_in_onevostro_3671inspiron_7591latitude_7310inspiron_7790inspiron_7790_firmwarelatitude_3379vostro_3584_firmwareoptiplex_7480_all-in-onechengming_3990_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareoptiplex_7070_ultra_firmwareinspiron_7700_aio_firmwareoptiplex_7060latitude_5290_firmwareinspiron_15_2-in-1_5582latitude_7424_rugged_extremeoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390g3_15_3590latitude_3390_firmwareprecision_3240_compactprecision_7750_firmwarealienware_aurora_r12_firmwarelatitude_5285_2-in-1_firmwareprecision_7510vostro_3401chengming_3991_firmwarevostro_3480_firmwarevostro_7590_firmwarealienware_aurora_r10precision_3510_firmwareinspiron_7370_firmwarelatitude_7389_firmwareoptiplex_7470_all-in-one_firmwarelatitude_e7470precision_3630_tower_firmwareinspiron_3581inspiron_5400_firmwarelatitude_5488_firmwareinspiron_5583precision_3541_firmwareinspiron_5591_2-in-1alienware_m15_r1alienware_x15_r2inspiron_5680vostro_3881_firmwareinspiron_7373latitude_7200_2-in-1latitude_5511_firmwarevostro_3490_firmwareoptiplex_7040_firmwareinspiron_5493precision_3550latitude_7370latitude_7370_firmwarexps_13_7390_2-in-1_firmwareoptiplex_5070_firmwarealienware_aurora_r13latitude_3310_2-in-1inspiron_5390_firmwarelatitude_5490alienware_m17_r2vostro_3070_firmwareinspiron_7390_firmwareprecision_5720_aio_firmwarexps_7590latitude_3190_2-in-1optiplex_7071edge_gateway_5000vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwarelatitude_3180latitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_3070_firmwarelatitude_7410_firmwarevostro_3667alienware_x15_r2_firmwarelatitude_e7470_firmwareoptiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1inspiron_5491_aioinspiron_3780inspiron_7380_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarexps_13_7390g3_15_5590_firmwareinspiron_3502_firmwareinspiron_5584precision_3520inspiron_7573_firmwarelatitude_5495_firmwarelatitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5055optiplex_5080_firmwarelatitude_e5270_firmwareinspiron_5493_firmwarevostro_3471inspiron_3480_firmwarealienware_m15_r3optiplex_5060_firmwarevostro_3590vostro_5390vostro_5590_firmwareprecision_7530_firmwarealienware_m17_r4_firmwarealienware_x17_r1inspiron_3790vostro_3583_firmwarelatitude_3190_firmwareinspiron_5494g7_17_7590g3_3779_firmwarexps_13_9300latitude_5500precision_7550_firmwareinspiron_5477chengming_3991inspiron_5480xps_8950_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwareinspiron_7791latitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590vostro_3501chengming_3990vostro_3583alienware_x17_r2latitude_5491_firmwarevostro_5880_firmwareinspiron_3493optiplex_3060optiplex_5060latitude_5285_2-in-1chengming_3988_firmwareinspiron_5482_firmwarewyse_5470_all-in-oneinspiron_5583_firmwarelatitude_5580_firmwareinspiron_3477_firmwarelatitude_3189xps_15_9575_2-in-1_firmwarevostro_3580precision_7750inspiron_14_3467_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwareinspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080alienware_aurora_r9alienware_area_51m_r2_firmwarealienware_m15_r4_firmwareg3_15_5590latitude_5480optiplex_3046latitude_5414_rugged_firmwarelatitude_7300_firmwarealienware_x15_r1_firmwarelatitude_5510wyse_5470vostro_3501_firmwareinspiron_3593_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarealienware_x17_r1_firmwarexps_8930inspiron_7786_firmwarelatitude_3310_2-in-1_firmwarelatitude_7410inspiron_3590_firmwarelatitude_5501_firmwarexps_13_7390_2-in-1latitude_5411optiplex_7450_firmwareoptiplex_7450xps_13_9365_2-in-1optiplex_3050_aio_firmwareinspiron_15_3567_firmwareg3_3579_firmwareg7_17_7590_firmwarelatitude_3480_firmwarelatitude_3189_firmwarevostro_3590_firmwareinspiron_5498inspiron_7591_firmwarelatitude_5290latitude_5289_firmwarechengming_3980_firmwareinspiron_5491_2-in-1latitude_3120_firmwarelatitude_5590_firmwareinspiron_5590vostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671inspiron_5498_firmwareprecision_5540inspiron_3480latitude_3490precision_3930_rack_firmwareinspiron_3670inspiron_3793_firmwareprecision_3430_tower_firmwareinspiron_7390latitude_3300_firmwarelatitude_7400_2-in-1precision_3640_towervostro_5581inspiron_3490latitude_7210_2-in-1_firmwarelatitude_5510_firmwareinspiron_3670_firmwarelatitude_7212_rugged_extreme_tabletlatitude_e5570_firmwarelatitude_7220_rugged_extreme_tablet_firmwareprecision_3540_firmwareinspiron_7777_firmwareoptiplex_3046_firmwareinspiron_3482_firmwarelatitude_5289precision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3080_firmwareprecision_5510_firmwareprecision_3420_towerinspiron_3881xps_13_9380latitude_7220ex_rugged_extreme_tabletlatitude_7414_rugged_extremeprecision_3420_tower_firmwarealienware_area_51m_r2latitude_5490_firmwarelatitude_5591_firmwareinspiron_3501latitude_5310_firmwarevostro_3070inspiron_3793precision_3430_towerinspiron_5481_firmwarechengming_3988xps_15_7590inspiron_3477latitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareedge_gateway_3000_firmwareinspiron_3277_firmwareinspiron_5401_firmwareinspiron_7573precision_5540_firmwarevostro_5590xps_8940_firmwarelatitude_3120vostro_3480optiplex_5260_all-in-one_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwarevostro_3582_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedalienware_aurora_r9_firmwareoptiplex_3070inspiron_3280optiplex_3040latitude_7290_firmwareprecision_7530xps_8930_firmwarexps_13_9365_2-in-1_firmwareinspiron_5391_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3490_firmwareprecision_3510xps_13_9380_firmwarelatitude_7490inspiron_5390optiplex_7060_firmwareprecision_3240_compact_firmwareg3_3779inspiron_5401vostro_3582vostro_3667_firmwareprecision_7920_tower_firmwarevostro_5591_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-32766
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.12% / 30.25%
||
7 Day CHG-0.01%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_stick_stk2mv64cccompute_stick_stk2mv64cc_firmwareIntel(R) BIOS firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0921
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.99%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195962697

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1080
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.90%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0928
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.45%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30754
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 11.76%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:32
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1514
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 21.73%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:50
Updated-08 Nov, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_2000vedge_100_firmwarevedge_100mvedge_5000_firmwarevedge_1000_firmwarevedge_5000vsmart_controllervedge_100b_firmwarevedge_100wm_firmwarevedge_2000_firmwarevedge_1000vedge_100bcatalyst_sd-wan_managervedge_cloudvedge-100b_firmwarevsmart_controller_firmwaresd-wan_vbond_orchestratorvedge-100bvedge_100m_firmwarevedge_100sd-wan_vmanagevedge_cloud_firmwarevedge_100wmCisco SD-WAN Solution
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1261
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-1.28% / 79.85%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 19:57
Updated-12 Nov, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Command Injection Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_100b_routervedge_cloud_routersd-wan_vbond_orchestratorvedge_5000_routervedge_100_routersd-wan_firmwarevedge_2000_routersd-wan_vsmart_controller_firmwarevedge_100wm_routercatalyst_sd-wan_managervedge_1000_routervedge_100m_routerCisco SD-WAN Solution
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-0511
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 10.43%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 16:01
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30756
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 11.76%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:32
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1448
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 17:30
Updated-08 Nov, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300firepower_4112firepower_4150firepower_4140firepower_4145firepower_4110firepower_4120firepower_4115firepower_4125firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-30784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.63%
||
7 Day CHG-0.00%
Published-26 May, 2022 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-debian_linuxntfs-3gfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-0316
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 14.01%
||
7 Day CHG~0.00%
Published-16 Oct, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-geforce_experiencewindowsGeForce Experience
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0159
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.73%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:36
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_gold_5215xeon_platinum_8260yxeon_platinum_8352vxeon_platinum_8352y_firmwarexeon_platinum_8260y_firmwarexeon_gold_5218txeon_platinum_8358xeon_platinum_8353hxeon_platinum_8360yxeon_platinum_8280_firmwarexeon_gold_5218nxeon_gold_5317_firmwarexeon_silver_4209t_firmwarexeon_gold_6336yxeon_gold_6250lxeon_gold_6209uxeon_silver_4314_firmwarexeon_platinum_8253xeon_gold_6252nxeon_silver_4214yxeon_platinum_8270_firmwarexeon_gold_6230txeon_platinum_8376h_firmwarexeon_silver_4210rxeon_platinum_8280xeon_gold_6238l_firmwarexeon_gold_5220t_firmwarexeon_gold_6252xeon_gold_5220rxeon_silver_4309y_firmwarexeon_gold_6246xeon_gold_6226r_firmwarexeon_silver_4214rxeon_silver_4210r_firmwarexeon_gold_6328hl_firmwarexeon_gold_6256_firmwarexeon_platinum_9221xeon_gold_6230rxeon_gold_6346_firmwarexeon_platinum_8360hlxeon_platinum_9222_firmwarexeon_gold_5315y_firmwarexeon_silver_4310txeon_silver_4208xeon_gold_5318hxeon_gold_6210u_firmwarexeon_platinum_8380_firmwarexeon_gold_5320_firmwarexeon_silver_4314xeon_silver_4210t_firmwarexeon_gold_5218t_firmwarexeon_gold_5215lxeon_silver_4316_firmwarexeon_platinum_8352sxeon_gold_5217_firmwarexeon_gold_6330n_firmwarexeon_platinum_8253_firmwarexeon_gold_6238xeon_platinum_8368_firmwarexeon_platinum_8376hxeon_gold_6240lxeon_gold_6248xeon_gold_6258rxeon_gold_6312u_firmwarexeon_gold_6240l_firmwarexeon_platinum_8256xeon_platinum_9282xeon_silver_4215_firmwarexeon_gold_6254_firmwarexeon_gold_5220_firmwarexeon_gold_6334_firmwarexeon_gold_6338nxeon_gold_6328hlxeon_gold_6252_firmwarexeon_gold_6230n_firmwarexeon_gold_6330xeon_bronze_3206rxeon_gold_6346xeon_silver_4208_firmwarexeon_gold_6240xeon_gold_5220xeon_platinum_8256_firmwarexeon_gold_5218r_firmwarexeon_gold_6348h_firmwarexeon_platinum_8268xeon_silver_4214y_firmwarexeon_gold_6240rxeon_gold_6238_firmwarexeon_gold_6330hxeon_silver_4209txeon_gold_6338xeon_gold_5315yxeon_platinum_8368q_firmwarexeon_silver_4215rxeon_gold_6212uxeon_platinum_8380xeon_silver_4215xeon_platinum_8368xeon_gold_6230nxeon_platinum_8280l_firmwarexeon_gold_6338txeon_platinum_8352mxeon_gold_6208uxeon_gold_6242_firmwarexeon_gold_6326_firmwarexeon_gold_6230r_firmwarexeon_gold_6242xeon_platinum_8360y_firmwarexeon_gold_6246_firmwarexeon_platinum_8260_firmwarexeon_platinum_8376hl_firmwarexeon_platinum_8360hxeon_gold_6230t_firmwarexeon_gold_6250_firmwarexeon_gold_5218_firmwarexeon_silver_4210txeon_gold_5320txeon_gold_6244_firmwarexeon_gold_6342xeon_gold_6330h_firmwarexeon_platinum_8276_firmwarexeon_platinum_8276xeon_silver_4316xeon_gold_6240_firmwarexeon_gold_5220txeon_gold_6336y_firmwarexeon_gold_6244xeon_gold_6242rxeon_gold_6330nxeon_platinum_9242_firmwarexeon_gold_6226rxeon_gold_6258r_firmwarexeon_bronze_3204xeon_gold_6230_firmwarexeon_gold_5218b_firmwarexeon_gold_5218bxeon_gold_6348hxeon_platinum_8354hxeon_gold_6248_firmwarexeon_gold_6328hxeon_platinum_8360hl_firmwarexeon_silver_4214r_firmwarexeon_gold_5318s_firmwarexeon_gold_6254xeon_gold_5218rxeon_gold_6334xeon_gold_6342_firmwarexeon_gold_6326xeon_gold_5320xeon_gold_6240yxeon_gold_6238lxeon_gold_5320h_firmwarexeon_gold_5218n_firmwarexeon_gold_6328h_firmwarexeon_platinum_8362_firmwarexeon_gold_5318h_firmwarexeon_gold_6348xeon_gold_6246r_firmwarexeon_gold_6354xeon_gold_6246rxeon_gold_6234_firmwarexeon_gold_5320hxeon_gold_6312uxeon_gold_5220r_firmwarexeon_gold_5222xeon_platinum_8380hlxeon_gold_6256xeon_platinum_8260l_firmwarexeon_gold_6338n_firmwarexeon_gold_6248rxeon_silver_4214xeon_gold_5318nxeon_platinum_9222xeon_platinum_8358_firmwarexeon_gold_5220sxeon_platinum_8260xeon_platinum_8280lxeon_silver_4309yxeon_platinum_8356hxeon_gold_6338t_firmwarexeon_gold_6314uxeon_gold_5320t_firmwarexeon_gold_5318y_firmwarexeon_gold_5222_firmwarexeon_platinum_9242xeon_silver_4216xeon_platinum_8358p_firmwarexeon_platinum_8362xeon_platinum_8276lxeon_platinum_8352v_firmwarexeon_platinum_8351n_firmwarexeon_gold_5318n_firmwarexeon_gold_6238txeon_gold_6314u_firmwarexeon_platinum_9221_firmwarexeon_silver_4310t_firmwarexeon_platinum_8368qxeon_gold_6240r_firmwarexeon_gold_5318yxeon_gold_6212u_firmwarexeon_gold_6208u_firmwarexeon_silver_4310xeon_gold_6209u_firmwarexeon_platinum_8352m_firmwarexeon_platinum_8356h_firmwarexeon_platinum_9282_firmwarexeon_platinum_8276l_firmwarexeon_gold_6250xeon_platinum_8260lxeon_platinum_8270xeon_gold_6248r_firmwarexeon_platinum_8380hxeon_gold_6262v_firmwarexeon_gold_6226xeon_gold_5318sxeon_silver_4214_firmwarexeon_platinum_8268_firmwarexeon_gold_6348_firmwarexeon_gold_6226_firmwarexeon_silver_4210xeon_gold_6250l_firmwarexeon_gold_6234xeon_silver_4310_firmwarexeon_platinum_8360h_firmwarexeon_gold_6252n_firmwarexeon_gold_6262vxeon_gold_6240y_firmwarexeon_platinum_8354h_firmwarexeon_gold_5215_firmwarexeon_gold_5220s_firmwarexeon_platinum_8358pxeon_gold_6330_firmwarexeon_silver_4210_firmwarexeon_platinum_8380hl_firmwarexeon_gold_5218xeon_gold_6338_firmwarexeon_gold_6238rxeon_bronze_3204_firmwarexeon_gold_6222v_firmwarexeon_gold_6238r_firmwarexeon_bronze_3206r_firmwarexeon_platinum_8352yxeon_silver_4215r_firmwarexeon_gold_5317xeon_gold_6242r_firmwarexeon_gold_5217xeon_platinum_8376hlxeon_gold_6210uxeon_gold_6222vxeon_silver_4216_firmwarexeon_platinum_8352s_firmwarexeon_platinum_8380h_firmwarexeon_gold_5215l_firmwarexeon_gold_6238t_firmwarexeon_platinum_8353h_firmwarexeon_platinum_8351nxeon_gold_6354_firmwarexeon_gold_6230Intel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9795
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.27%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

Action-Not Available
Vendor-n/aCA Technologies (Broadcom Inc.)IBM CorporationOracle CorporationLinux Kernel Organization, IncBroadcom Inc.HP Inc.
Product-universal_job_management_agenthp-uxclient_automationca_workload_automation_aesystemedgevirtual_assurance_for_infrastructure_managerssystems_performance_for_infrastructure_managersaixsolarislinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-56190
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.25%
||
7 Day CHG+0.11%
Published-04 Sep, 2025 | 05:10
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38076
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-3.8||LOW
EPSS-0.08% / 23.65%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:36
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/LinuxFedora Project
Product-wireless-ac_9461wireless-ac_9560debian_linuxfedorakillerdual_band_wireless-ac_3165dual_band_wireless-ac_8260wireless-ac_9260dual_band_wireless-ac_3168wireless_7265_\(rev_d\)wireless-ac_9462killer_wireless-ac_1550dual_band_wireless-ac_8265uefi_firmwareproset\/wireless_wifiIntel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software
CWE ID-CWE-20
Improper Input Validation
CVE-2024-26173
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 51.03%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-53030
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.70%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption while processing input message passed from FE driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa9000pqca6595au_firmwaresa8650p_firmwareqca6678aqsa8255psa8155p_firmwareqamsrv1m_firmwareqcs9100msm8996aumsm8996au_firmwaresa8620p_firmwaresa8155pqam8650p_firmwareqca6574a_firmwareqca6595_firmwaresnapdragon_820_automotive_firmwareqca6584au_firmwaresa6155_firmwareqam8620psrv1hqca6564auqca6564a_firmwaresa7255psa8620pqam8620p_firmwaresa7255p_firmwareqam8775p_firmwareqam8295p_firmwareqca6797aqqam8255pqca6688aqsa7775p_firmwaresa8255p_firmwaresa8155_firmwaresa8770p_firmwaresa8295p_firmwaresa6150pqca6696_firmwareqam8295psa8150pqca6595ausa6150p_firmwareqcs9100_firmwaresa8295psa8145psa8150p_firmwaresrv1lsa6145psa6155p_firmwareqca6698aq_firmwareqam8650pqam8775pqca6595qca6688aq_firmwaresa8770psrv1h_firmwaresa8775psrv1msnapdragon_820_automotivesa8775p_firmwaresa9000p_firmwareqamsrv1mqca6564au_firmwareqca6574auqca6797aq_firmwaresrv1m_firmwaresa7775psa8650psa8540p_firmwaresa8145p_firmwaresa6155sa8195p_firmwareqca6698aqsa8195pqca6584ausa6155pqamsrv1hqca6564aqca6574au_firmwareqamsrv1h_firmwareqca6678aq_firmwareqca6574aqam8255p_firmwaresa6145p_firmwaresa8155srv1l_firmwareqca6696sa8540pSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-53029
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.70%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption while reading a value from a buffer controlled by the Guest Virtual Machine.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2024-53031
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.70%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa9000pqca6595au_firmwaresa8650p_firmwareqam8775psa8255pqamsrv1m_firmwareqca6595qca6688aq_firmwaresa8770psa8775psrv1h_firmwaresa8620p_firmwareqam8650p_firmwareqca6595_firmwaresrv1mqam8620psa8775p_firmwareqamsrv1msa9000p_firmwaresrv1hqca6574ausa7255psrv1m_firmwaresa8620psa7775psa8650pqam8620p_firmwaresa8540p_firmwaresa7255p_firmwareqam8775p_firmwareqam8295p_firmwareqam8255pqca6688aqqca6698aqsa7775p_firmwaresa8255p_firmwaresa8770p_firmwaresa8295p_firmwareqca6696_firmwareqam8295pqamsrv1hsrv1l_firmwareqca6574au_firmwareqamsrv1h_firmwareqca6595auqam8255p_firmwaresa8295psrv1lqca6698aq_firmwareqam8650pqca6696sa8540pSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-5828
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.11%
||
7 Day CHG~0.00%
Published-27 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncNovellDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_kernelsuse_linux_enterprise_real_time_extensionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37665
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 22:40
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete validation in MKL requantization in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the `input` tensor. A similar issue occurs in `MklRequantizePerChannelOp`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. We have patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2024-12353
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 19.83%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 01:00
Updated-12 Dec, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validation

A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-razormistSourceCodester
Product-phone_contact_manager_systemPhone Contact Manager Systemphone_contact_manager_system
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 10.06%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.

Action-Not Available
Vendor-n/aGoogle LLCLinux Kernel Organization, Inc
Product-androidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-0127
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.16%
||
7 Day CHG~0.00%
Published-26 Oct, 2024 | 08:10
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-vGPU and Cloud Gamingcloud_gaming_virtual_gpuvirtual_gpu_manager
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27826
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.70%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27828
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.70%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12366
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.98%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 13:51
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_driversIntel(R) Graphics Drivers
CWE ID-CWE-20
Improper Input Validation
CVE-2022-26863
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 11.08%
||
7 Day CHG~0.00%
Published-23 Jun, 2022 | 17:55
Updated-16 Sep, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwareinspiron_3180inspiron_3185_firmwareinspiron_3585inspiron_5415_all-in-one_firmwarevostro_3525_firmwareg5_se_5505inspiron_27_7775_firmwareinspiron_5575_firmwareinspiron_3275vostro_5415inspiron_7415_firmwareinspiron_5415inspiron_3785_firmwareinspiron_3525_firmwareinspiron_3195inspiron_14_5425inspiron_3515_firmwareinspiron_3180_firmwareinspiron_3475inspiron_5505alienware_m15_r5_firmwareinspiron_3505inspiron_3595vostro_5515g15_5515inspiron_3275_firmwareinspiron_7425_firmwarevostro_3405inspiron_5485vostro_5515_firmwareg15_5515_firmwarevostro_5625vostro_3515_firmwareinspiron_3185inspiron_7405_firmwareinspiron_5515inspiron_5415_firmwareinspiron_5405_firmwareinspiron_3505_firmwareinspiron_5585inspiron_7375_firmwareinspiron_3785inspiron_3515inspiron_7415inspiron_3525vostro_3405_firmwarevostro_3515inspiron_5575vostro_5625_firmwareinspiron_3195_firmwareinspiron_5415_all-in-oneinspiron_27_7775inspiron_5505_firmwareinspiron_7425alienware_m15_r5inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareg5_se_5505_firmwareinspiron_5585_firmwareinspiron_7405vostro_5415_firmwareinspiron_14_5425_firmwareinspiron_5405inspiron_3475_firmwarevostro_3525CPG BIOS
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • Next
Details not found