dominionvoting CVE Vulnerabilities & Metrics

Focus on dominionvoting vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About dominionvoting Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with dominionvoting. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total dominionvoting CVEs: 10
Earliest CVE date: 24 Jun 2022, 15:15 UTC
Latest CVE date: 19 Jun 2023, 16:15 UTC

Latest CVE reference: CVE-2022-48506

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical dominionvoting CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.46

Max CVSS: 7.2

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	0
7.0-8.9	7
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS dominionvoting CVEs

These are the five CVEs with the highest CVSS scores for dominionvoting, sorted by severity first and recency.

CVE-2022-1746 dominionvoting Published on 24 Jun 2022, 15:15 UTC (CVSS: 7.2)
The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.
CVE-2022-1745 dominionvoting Published on 24 Jun 2022, 15:15 UTC (CVSS: 7.2)
The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions.
CVE-2022-1744 dominionvoting Published on 24 Jun 2022, 15:15 UTC (CVSS: 7.2)
Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.
CVE-2022-1743 dominionvoting Published on 24 Jun 2022, 15:15 UTC (CVSS: 7.2)
The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS.
CVE-2022-1742 dominionvoting Published on 24 Jun 2022, 15:15 UTC (CVSS: 7.2)
The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.

All CVEs for dominionvoting

CVE-2022-48506 dominionvoting vulnerability CVSS: 0 19 Jun 2023, 16:15 UTC

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.

CVE-2022-1747 dominionvoting vulnerability CVSS: 2.1 24 Jun 2022, 15:15 UTC

The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization.

CVE-2022-1746 dominionvoting vulnerability CVSS: 7.2 24 Jun 2022, 15:15 UTC

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.

CVE-2022-1745 dominionvoting vulnerability CVSS: 7.2 24 Jun 2022, 15:15 UTC

The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions.

CVE-2022-1744 dominionvoting vulnerability CVSS: 7.2 24 Jun 2022, 15:15 UTC

Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.

CVE-2022-1743 dominionvoting vulnerability CVSS: 7.2 24 Jun 2022, 15:15 UTC

The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS.

CVE-2022-1742 dominionvoting vulnerability CVSS: 7.2 24 Jun 2022, 15:15 UTC

The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.

CVE-2022-1741 dominionvoting vulnerability CVSS: 7.2 24 Jun 2022, 15:15 UTC

The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.

CVE-2022-1740 dominionvoting vulnerability CVSS: 2.1 24 Jun 2022, 15:15 UTC

The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to disguise malicious applications on a device.

CVE-2022-1739 dominionvoting vulnerability CVSS: 7.2 24 Jun 2022, 15:15 UTC

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.