CVSS: 6.0EPSS: 0%CPEs: 285EXPL: 0CVE-2019-18618
https://notcve.org/view.php?id=CVE-2019-18618
Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table. Un control de acceso incorrecto en el firmware de los sensores de huellas dactilares de la familia Synaptics VFS75xx que incluye flash externo (todas las versiones anteriores al 15/11/2019) permite a un administrador local o atacante físico comprometer la confidencialidad de los datos del sensor por medio de una inyección de una tabla de partición no verificada • https://support.hp.com/us-en/document/c06696474 https://support.lenovo.com/us/en/product_security/LEN-31372 https://www.synaptics.com/company/blog https://www.synaptics.com/sites/default/files/fingerprint-sensor-VFS7500-security-brief-2020-07-14.pdf •
CVSS: 5.5EPSS: 0%CPEs: 29EXPL: 2CVE-2017-8360
https://notcve.org/view.php?id=CVE-2017-8360
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process. La tarea mictray64 de Conexant Systems, tal como es usada en los sistemas HP Elite, EliteBook, ProBook y ZBook, filtra datos confidenciales (keystrokes) a cualquier proceso. En mictray64.exe (mic tray icon) versión 1.0.0.46, un hook de Windows en LowLevelKeyboardProc es usado para capturar las pulsaciones de teclas (keystrokes). • http://www.securitytracker.com/id/1038527 https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.9EPSS: 0%CPEs: 38EXPL: 0CVE-2016-2243
https://notcve.org/view.php?id=CVE-2016-2243
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. Sure Start en HP Commercial PCs 2015 permite a usuarios locales causar una denegación de servicio (fallo de recuperación de la BIOS) aprovechándose del acceso administrativo. • http://www.securitytracker.com/id/1035193 https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469 • CWE-284: Improper Access Control •