How severe is CVE-2021-3675?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2021-3675?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2021-3675

HIGH Year: 2021

CVSS v3 Score

7.1

High

CVSS v2 Score

3.6

Low

Weakness Type

CWE-20

View all →

Vulnerability Description

Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.

CVE-2009-2516

HIGH

CVSS:7.1(High)

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gai...

CWE-202009

CVE-2015-3150

HIGH

CVSS:7.1(High)

abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElemen...

CWE-202015

CVE-2015-9544

HIGH

CVSS:7.1(High)

An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attack...

CWE-202015

CVE-2015-9545

HIGH

CVSS:7.1(High)

An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can en...

CWE-202015

CVE-2016-3185

HIGH

CVSS:7.1(High)

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information ...

CWE-202016

CVE-2016-4449

HIGH

CVSS:7.1(High)

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrar...

CWE-202016

CVE-2021-3675

Vulnerability Description

Related Vulnerabilities

CVE-2009-2516

CVE-2015-3150

CVE-2015-9544

CVE-2015-9545

CVE-2016-3185

CVE-2016-4449