CVEs from 2022
Total
5,252
critical
critical 90
high
high 1,233
medium
medium 957
low
low 24
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-29918 | high | — | 8.0 | — | Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presum… | |||
| CVE-2022-26385 | high | — | 8.0 | — | In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability af… | |||
| CVE-2022-1640 | high | — | 8.0 | — | Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a cra… | |||
| CVE-2022-3534 | high | — | 8.0 | — | A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads… | |||
| CVE-2022-1431 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-1428 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-31748 | high | — | 8.0 | — | Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of… | |||
| CVE-2022-40768 | high | — | 8.0 | — | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | |||
| CVE-2022-28389 | high | — | 8.0 | — | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | |||
| CVE-2022-3910 | high | — | 8.0 | — | Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring wa… | |||
| CVE-2022-31745 | high | — | 8.0 | — | If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. | |||
| CVE-2022-1637 | high | — | 8.0 | — | Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2022-28287 | high | — | 8.0 | — | In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. | |||
| CVE-2022-1204 | high | — | 8.0 | — | A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | |||
| CVE-2022-47946 | high | — | 8.0 | — | An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. fini… | |||
| CVE-2022-3544 | high | — | 8.0 | — | A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulat… | |||
| CVE-2022-3874 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |||
| CVE-2022-1974 | high | — | 8.0 | — | A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN… | |||
| CVE-2022-3636 | high | — | 8.0 | — | A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethern… | |||
| CVE-2022-1160 | high | — | 8.0 | — | heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. | |||
| CVE-2022-3621 | high | — | 8.0 | — | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipu… | |||
| CVE-2022-47941 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak. | |||
| CVE-2022-20792 | high | — | 8.0 | — | A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an au… | |||
| CVE-2022-47943 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case. | |||
| CVE-2022-4382 | high | — | 8.0 | — | A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. | |||
| CVE-2022-1636 | high | — | 8.0 | — | Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-47939 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT. | |||
| CVE-2022-28283 | high | — | 8.0 | — | The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerabil… | |||
| CVE-2022-26382 | high | — | 8.0 | — | While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could ha… | |||
| CVE-2022-47940 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write. | |||
| CVE-2022-1199 | high | — | 8.0 | — | A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-aft… | |||
| CVE-2022-29582 | high | — | 8.0 | — | In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; howe… | |||
| CVE-2022-1195 | high | — | 8.0 | — | A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixp… | |||
| CVE-2022-0907 | high | — | 8.0 | — | Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the… | |||
| CVE-2022-1638 | high | — | 8.0 | — | Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-28356 | high | — | 8.0 | — | In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. | |||
| CVE-2022-3586 | high | — | 8.0 | — | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (… | |||
| CVE-2022-0843 | high | — | 8.0 | — | Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that w… | |||
| CVE-2022-28288 | high | — | 8.0 | — | Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98. Some of these bugs showed evidence of memory … | |||
| CVE-2022-47938 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT. | |||
| CVE-2022-1413 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-1015 | high | — | 8.0 | — | A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. | |||
| CVE-2022-26490 | high | — | 8.0 | — | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | |||
| CVE-2022-31783 | high | — | 8.0 | — | Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. | |||
| CVE-2022-2318 | high | — | 8.0 | — | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | |||
| CVE-2022-28284 | high | — | 8.0 | — | SVG's <code><use></code> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other bro… | |||
| CVE-2022-32745 | high | — | 8.0 | — | A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. | |||
| CVE-2022-2031 | high | — | 8.0 | — | A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has bee… | |||
| CVE-2022-20770 | high | — | 8.0 | — | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus … | |||
| CVE-2022-1198 | high | — | 8.0 | — | A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. | |||
| CVE-2022-32744 | high | — | 8.0 | — | A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabl… | |||
| CVE-2022-2978 | high | — | 8.0 | — | A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user co… | |||
| CVE-2022-1634 | high | — | 8.0 | — | Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via… | |||
| CVE-2022-3649 | high | — | 8.0 | — | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads t… | |||
| CVE-2022-32278 | high | — | 8.0 | — | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | |||
| CVE-2022-1183 | high | — | 8.0 | — | On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-… | |||
| CVE-2022-1734 | high | — | 8.0 | — | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware dow… | |||
| CVE-2022-20796 | high | — | 8.0 | — | On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.10… | |||
| CVE-2022-3543 | high | — | 8.0 | — | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the comp… | |||
| CVE-2022-1919 | high | — | 8.0 | — | Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-1975 | high | — | 8.0 | — | There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. | |||
| CVE-2022-41850 | high | — | 8.0 | — | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a … | |||
| CVE-2022-0635 | high | — | 8.0 | — | Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | |||
| CVE-2022-1460 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-31743 | high | — | 8.0 | — | Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controll… | |||
| CVE-2022-1205 | high | — | 8.0 | — | A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the sys… | |||
| CVE-2022-1972 | high | — | 8.0 | — | multiple issues in linux-lts | |||
| CVE-2022-1635 | high | — | 8.0 | — | Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruptio… | |||
| CVE-2022-20771 | high | — | 8.0 | — | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiV… | |||
| CVE-2022-20803 | high | — | 8.0 | — | A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affect… | |||
| CVE-2022-29536 | high | — | 8.0 | — | In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because th… | |||
| CVE-2022-1423 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-3646 | high | — | 8.0 | — | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The… | |||
| CVE-2022-3635 | high | — | 8.0 | — | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The mani… | |||
| CVE-2022-1516 | high | — | 8.0 | — | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and… | |||
| CVE-2022-1416 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-1426 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-47942 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed S… | |||
| CVE-2022-41849 | high | — | 8.0 | — | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a… | |||
| CVE-2022-1124 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-40307 | high | — | 8.0 | — | An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | |||
| CVE-2022-3061 | high | — | 8.0 | — | Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a di… | |||
| CVE-2022-49788 | high | — | 8.0 | 10mo ago | Important: kernel security update | |||
| CVE-2022-49846 | high | — | 8.0 | 11mo ago | Important: kernel security update | |||
| CVE-2022-24834 | high | — | 8.0 | 1y ago | Important: redis security update | |||
| CVE-2022-36021 | high | — | 8.0 | 1y ago | RHSA-2025:0595: redis:6 security update (Important) | |||
| CVE-2022-35977 | high | — | 8.0 | 1y ago | RHSA-2025:0595: redis:6 security update (Important) | |||
| CVE-2022-49226 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the … | |||
| CVE-2022-49675 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport __init-annotated tick_nohz_full_setup() EXPORT_SYMBOL and __init is a bad combination because the .init.text … | |||
| CVE-2022-48804 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the t… | |||
| CVE-2022-48754 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: phylib: fix potential use-after-free Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset… | |||
| CVE-2022-48760 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang wait… | |||
| CVE-2022-48836 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. … | |||
| CVE-2022-48619 | high | — | 8.0 | 2y ago | An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which a… | |||
| CVE-2022-50495 | high | — | 8.0 | 2y ago | RHSA-2024:5101: kernel security update (Important) | |||
| CVE-2022-48747 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: block: Fix wrong offset in bio_truncate() bio_truncate() clears the buffer outside of last block of bdev, however current bio_tru… | |||
| CVE-2022-48757 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a devi… | |||
| CVE-2022-36765 | high | — | 8.0 | 2y ago | RHSA-2024:3017: edk2 security update (Important) | |||
| CVE-2022-48627 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2022-50346 | high | — | 8.0 | 2y ago | RHSA-2024:2394: kernel security, bug fix, and enhancement update (Important) |