Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Acer Subscribe
Total 20 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40080 1 Acer 2 Aspire E5-475g, Aspire E5-475g Firmware 2023-02-24 N/A 7.8 HIGH
Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.
CVE-2022-4020 1 Acer 10 Aspire A115-21, Aspire A115-21 Firmware, Aspire A315-22 and 7 more 2022-12-01 N/A 8.2 HIGH
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
CVE-2022-41415 1 Acer 2 Altos W2000h-w570h F4, Altos W2000h-w570h F4 Firmware 2022-10-20 N/A 9.8 CRITICAL
Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable.
CVE-2022-30426 1 Acer 68 Altos T110 F3, Altos T110 F3 Firmware, Ap130 F2 and 65 more 2022-09-26 N/A 7.8 HIGH
There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.
CVE-2022-24286 1 Acer 1 Quickaccess 2022-03-16 7.2 HIGH 7.8 HIGH
Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.
CVE-2022-24285 1 Acer 1 Care Center 2022-03-16 7.2 HIGH 7.8 HIGH
Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.
CVE-2021-45975 1 Acer 1 Care Center 2022-02-02 6.9 MEDIUM 7.8 HIGH
In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with local administrator privileges.
CVE-2019-18670 1 Acer 1 Quick Access 2021-07-21 6.9 MEDIUM 7.8 HIGH
In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll.
CVE-2017-15361 35 Acer, Aopen, Asi and 32 more 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more 2019-10-02 4.3 MEDIUM 5.9 MEDIUM
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
CVE-2006-6121 1 Acer 1 Lunchapp.aplunch 2018-10-17 9.3 HIGH N/A
Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method.
CVE-2016-5648 1 Acer 1 Acer Portal 2018-10-09 4.3 MEDIUM 5.3 MEDIUM
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
CVE-2011-4548 3 Acer, Google, Samsung 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more 2017-09-18 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVE-2012-0695 3 Acer, Google, Samsung 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more 2017-09-18 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVE-2011-3420 3 Acer, Google, Samsung 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more 2017-09-18 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVE-2011-3421 3 Acer, Google, Samsung 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more 2017-09-18 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVE-2009-2627 1 Acer 1 Lunchapp.aplunch 2017-08-16 9.3 HIGH N/A
Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121.
CVE-2012-2864 3 Acer, Google, Samsung 5 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 2 more 2014-02-11 10.0 HIGH N/A
Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."
CVE-2012-3290 3 Acer, Google, Samsung 6 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 3 more 2012-06-11 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVE-2011-4719 3 Acer, Google, Samsung 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more 2012-04-19 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVE-2012-1418 3 Acer, Google, Samsung 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more 2012-04-19 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.