MidnightBSD

Advisories for acer

CVE-2011-3420 HIGH

Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
acer ac700_chromebook *
samsung series_5_chromebook *
google chrome_os *
google cr-48_chromebook *
CVE-2011-3421 HIGH

Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
acer ac700_chromebook *
samsung series_5_chromebook *
google chrome_os *
google cr-48_chromebook *
CVE-2011-4548 HIGH

Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
acer ac700_chromebook *
samsung series_5_chromebook *
google chrome_os *
google cr-48_chromebook *
CVE-2011-4719 HIGH

Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
acer ac700_chromebook *
samsung series_5_chromebook *
google chrome_os *
google cr-48_chromebook *
CVE-2012-0695 HIGH

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
acer ac700_chromebook *
samsung series_5_chromebook *
google chrome_os *
google cr-48_chromebook *
CVE-2012-1418 HIGH

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
acer ac700_chromebook *
samsung series_5_chromebook *
google chrome_os *
google cr-48_chromebook *
CVE-2012-3290 HIGH

Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
google chrome_os 20.0.1132.3
acer ac700_chromebook -
google chrome_os 20.0.1132.14
google chrome_os *
samsung chromebox_3 -
google chrome_os 20.0.1132.10
google chrome_os 20.0.1132.9
google chrome_os 20.0.1132.7
google chrome_os 20.0.1132.8
google chrome_os 20.0.1132.17
google chrome_os 20.0.1132.4
google chrome_os 20.0.1132.1
google cr-48_chromebook -
samsung series_5_chromebook -
google chrome_os 20.0.1132.13
google chrome_os 20.0.1132.20
google chrome_os 20.0.1132.2
google chrome_os 20.0.1132.5
google chrome_os 20.0.1132.6
google chrome_os 20.0.1132.0
google chrome_os 20.0.1132.12
google chrome_os 20.0.1132.18
google chrome_os 20.0.1132.19
google chrome_os 20.0.1132.11
google chrome_os 20.0.1132.15
samsung series_5_550_chromebook -
google chrome_os 20.0.1132.16
CVE-2016-5648 MEDIUM

Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
acer acer_portal *
CVE-2019-18670 MEDIUM

In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
acer quick_access *
CVE-2021-45975 MEDIUM

In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with local administrator privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
acer care_center *
CVE-2022-24285 HIGH

Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
acer care_center *
CVE-2022-24286 HIGH

Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
acer quickaccess *
CVE-2022-30426

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
acer aspire_xc100_firmware *
acer veriton_n4620g_firmware *
acer aspire_tc-105_firmware *
acer aspire_xc600_firmware *
acer veriton_n4630g_firmware *
acer veriton_x2611g_firmware *
acer veriton_n2620g_firmware *
acer aspire_x1935_firmware *
acer aspire_1600x_firmware *
acer aspire_mc605_firmware *
acer veriton_x2611_firmware *
acer veriton_x6620g_firmware *
acer aspire_7600u_firmware *
acer veriton_x4620g_firmware *
acer altos_t110_f3_firmware *
acer veriton_e430_firmware *
acer veriton_m4620g_firmware *
acer ap130_f2_firmware *
acer aspire_1602m_firmware *
acer veriton_s6620g_firmware *
acer veriton_z2650g_firmware *
acer aspire_tc-120_firmware *
acer veriton_m4620_firmware *
acer veriton_m2611_firmware *
acer veriton_m6620g_firmware *
acer aspire_z3-615_firmware *
acer veriton_e430g_firmware *
acer aspire_u5-620_firmware *
acer veriton_b630_49_firmware *
acer veriton_m2611g_firmware *
acer veriton_m2120g_firmware *
acer veriton_m2110g_firmware *
acer aspire_x3475_firmware *
acer aspire_x3995_firmware *
CVE-2022-40080

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
acer aspire_e5-475g_firmware 1.21
CVE-2022-4020

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

Products Affected

Vendor Product Version
acer aspire_a115-21_firmware -
acer aspire_a315-22_firmware -
acer aspire_a315-22g_firmware -
acer extensa_ex215-21_firmware -
acer extensa_ex215-21g_firmware -
CVE-2022-41415

Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
acer altos_w2000h-w570h_f4_firmware r01.03.0018
CVE-2023-48034

An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

Products Affected

Vendor Product Version
acer sk-9662_firmware -