Total
9854 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28188 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service. | |||||
| CVE-2022-28186 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering. | |||||
| CVE-2022-28129 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2022-28126 | 1 Intel | 2 Xmm 7560, Xmm 7560 Firmware | 2024-11-21 | N/A | 6.0 MEDIUM |
| Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-27897 | 1 Palantir | 1 Gotham | 2024-11-21 | N/A | 5.3 MEDIUM |
| Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server. | |||||
| CVE-2022-27892 | 1 Palantir | 1 Gotham | 2024-11-21 | N/A | 5.3 MEDIUM |
| Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | |||||
| CVE-2022-27830 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 8.5 HIGH |
| Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-27829 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 8.5 HIGH |
| Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-27828 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 8.5 HIGH |
| Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-27827 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 8.5 HIGH |
| Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-27826 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 8.5 HIGH |
| Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-27807 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. | |||||
| CVE-2022-27803 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. | |||||
| CVE-2022-27655 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-27654 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-27634 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 6.5 MEDIUM | 6.5 MEDIUM |
| On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-27421 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. | |||||
| CVE-2022-27255 | 1 Realtek | 4 Ecos Msdk, Ecos Msdk Firmware, Ecos Rsdk and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data. | |||||
| CVE-2022-27228 | 1 Bitrix24 | 1 Bitrix24 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. | |||||
| CVE-2022-26864 | 1 Dell | 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more | 2024-11-21 | 7.2 HIGH | 6.3 MEDIUM |
| Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. | |||||