Vulnerabilities (CVE)

Filtered by CWE-20
Total 11613 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-42534 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A
CVE-2022-42500 1 Google 1 Android 2026-06-17 N/A 6.7 MEDIUM
In OEM_OnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701389References: N/A
CVE-2022-42477 1 Fortinet 1 Fortianalyzer 2026-06-17 N/A 7.1 HIGH
An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.
CVE-2022-42468 1 Apache 1 Flume 2026-06-17 N/A 9.8 CRITICAL
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.
CVE-2022-42340 1 Adobe 1 Coldfusion 2026-06-17 N/A 7.5 HIGH
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.
CVE-2022-42269 1 Nvidia 14 Jetson Agx Xavier, Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb and 11 more 2026-06-17 N/A 7.9 HIGH
NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components.
CVE-2022-42012 2 Fedoraproject, Freedesktop 2 Fedora, Dbus 2026-06-17 N/A 6.5 MEDIUM
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
CVE-2022-41942 1 Sourcegraph 1 Sourcegraph 2026-06-17 N/A 7.9 HIGH
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0.
CVE-2022-41908 1 Google 1 Tensorflow 2026-06-17 N/A 4.8 MEDIUM
TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
CVE-2022-41888 1 Google 1 Tensorflow 2026-06-17 N/A 4.8 MEDIUM
TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
CVE-2022-41861 1 Freeradius 1 Freeradius 2026-06-17 N/A 6.5 MEDIUM
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
CVE-2022-41813 1 F5 2 Big-ip Advanced Firewall Manager, Big-ip Policy Enforcement Manager 2026-06-17 N/A 6.5 MEDIUM
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.
CVE-2022-41733 3 Ibm, Linux, Microsoft 3 Infosphere Information Server, Linux Kernel, Windows 2026-06-17 N/A 5.3 MEDIUM
IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID: 237583.
CVE-2022-41694 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2026-06-17 N/A 4.9 MEDIUM
In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate.
CVE-2022-41606 1 Hashicorp 1 Nomad 2026-06-17 N/A 6.5 MEDIUM
HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.
CVE-2022-41214 1 Sap 1 Netweaver Application Server Abap 2026-06-17 N/A 8.7 HIGH
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application.
CVE-2022-40923 1 Lief-project 1 Lief 2026-06-17 N/A 6.5 MEDIUM
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.
CVE-2022-40898 1 Wheel Project 1 Wheel 2026-06-17 N/A 7.5 HIGH
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
CVE-2022-40773 1 Zohocorp 2 Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus 2026-06-17 N/A 8.8 HIGH
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
CVE-2022-40502 1 Qualcomm 192 Csr8811, Csr8811 Firmware, Ipq5010 and 189 more 2026-06-17 N/A 7.5 HIGH
Transient DOS due to improper input validation in WLAN Host.