CVEs from 2022
Total
5,315
critical
critical 94
high
high 1,236
medium
medium 950
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.3%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0847 | high | — | 10.0 | 4y ago | Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe." | |||
| CVE-2022-0492 | high | 7.8 | 10.0 | 4y ago | Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature. | |||
| CVE-2022-0185 | high | — | 9.5 | 2y ago | Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not… | |||
| CVE-2022-48503 | high | — | 9.5 | 3y ago | Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be… | |||
| CVE-2022-42856 | high | — | 9.5 | 4y ago | Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. | |||
| CVE-2022-1096 | high | — | 9.5 | 4y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |||
| CVE-2022-26486 | high | — | 9.5 | 4y ago | Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. | |||
| CVE-2022-26485 | high | — | 9.5 | 4y ago | Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. | |||
| CVE-2022-2586 | medium | — | 7.0 | 4y ago | Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges. | |||
| CVE-2022-32893 | medium | — | 7.0 | 4y ago | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content. | |||
| CVE-2022-22620 | medium | — | 7.0 | 4y ago | Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers t… |