Vulnerabilities (CVE)

Filtered by CWE-20
Total 11620 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28383 1 Verbatim 8 Executive Fingerprint Secure Ssd, Executive Fingerprint Secure Ssd Firmware, Fingerprint Secure Portable Hard Drive and 5 more 2026-06-17 4.6 MEDIUM 6.8 MEDIUM
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.
CVE-2022-28329 1 Siemens 8 Scalance W1788-1 M12, Scalance W1788-1 M12 Firmware, Scalance W1788-2 Eec M12 and 5 more 2026-06-17 3.3 LOW 6.5 MEDIUM
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed TCP packets received over the RemoteCapture feature. This could allow an attacker to lead to a denial of service condition which only affects the port used by the RemoteCapture feature.
CVE-2022-28328 1 Siemens 8 Scalance W1788-1 M12, Scalance W1788-1 M12 Firmware, Scalance W1788-2 Eec M12 and 5 more 2026-06-17 7.8 HIGH 7.5 HIGH
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition.
CVE-2022-28224 1 Tigera 2 Calico, Calico Enterprise 2026-06-17 5.5 MEDIUM 5.5 MEDIUM
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.
CVE-2022-28199 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Data Plane Development Kit 2026-06-17 N/A 6.5 MEDIUM
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.
CVE-2022-28190 1 Nvidia 1 Gpu Display Driver 2026-06-17 2.1 LOW 5.5 MEDIUM
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.
CVE-2022-28188 2 Microsoft, Nvidia 3 Windows, Gpu Display Driver, Virtual Gpu 2026-06-17 4.9 MEDIUM 5.5 MEDIUM
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service.
CVE-2022-28186 2 Microsoft, Nvidia 3 Windows, Gpu Display Driver, Virtual Gpu 2026-06-17 3.6 LOW 6.1 MEDIUM
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering.
CVE-2022-28129 3 Apache, Debian, Fedoraproject 3 Traffic Server, Debian Linux, Fedora 2026-06-17 N/A 7.5 HIGH
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVE-2022-28126 1 Intel 2 Xmm 7560, Xmm 7560 Firmware 2026-06-17 N/A 6.0 MEDIUM
Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-27897 1 Palantir 1 Gotham 2026-06-17 N/A 5.3 MEDIUM
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.
CVE-2022-27892 1 Palantir 1 Gotham 2026-06-17 N/A 5.3 MEDIUM
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.
CVE-2022-27830 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27829 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27828 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27827 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27826 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27807 1 Cybozu 1 Garoon 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
CVE-2022-27803 1 Cybozu 1 Garoon 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
CVE-2022-27674 4 Amd, Freebsd, Linux and 1 more 4 Amd Uprof, Freebsd, Linux Kernel and 1 more 2026-06-17 N/A 7.5 HIGH
Insufficient validation in the IOCTL input/output buffer in AMD µProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.