Vulnerabilities > Acer > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2022-40080 | Out-of-bounds Write vulnerability in Acer Aspire E5-475G Firmware 1.21 Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges. | 7.8 |
| 2022-11-28 | CVE-2022-4020 | Incorrect Default Permissions vulnerability in Acer products Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. | 8.2 |
| 2022-09-23 | CVE-2022-30426 | Out-of-bounds Write vulnerability in Acer products There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. | 7.8 |
| 2022-03-10 | CVE-2022-24285 | Improper Authentication vulnerability in Acer Care Center 4.00.3000/4.00.3038 Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. | 7.8 |
| 2022-03-10 | CVE-2022-24286 | Improper Authentication vulnerability in Acer Quickaccess Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. | 7.8 |
| 2022-01-26 | CVE-2021-45975 | Untrusted Search Path vulnerability in Acer Care Center 4.00.3000 In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. | 7.8 |
| 2019-12-17 | CVE-2019-18670 | Uncontrolled Search Path Element vulnerability in Acer Quick Access In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. | 7.8 |