CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-26691 | high | — | 8.0 | 4y ago | RHSA-2022:5056: cups security and bug fix update (Important) | |||
| CVE-2022-32209 | high | — | 8.0 | 4y ago | # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifi… | |||
| CVE-2022-1834 | high | — | 8.0 | 4y ago | RHSA-2022:4887: thunderbird security update (Important) | |||
| CVE-2022-31741 | high | — | 8.0 | 4y ago | A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 10… | |||
| CVE-2022-31740 | high | — | 8.0 | 4y ago | On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10,… | |||
| CVE-2022-31737 | high | — | 8.0 | 4y ago | A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101,… | |||
| CVE-2022-31742 | high | — | 8.0 | 4y ago | An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could… | |||
| CVE-2022-31738 | high | — | 8.0 | 4y ago | When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Th… | |||
| CVE-2022-31736 | high | — | 8.0 | 4y ago | A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | |||
| CVE-2022-31747 | high | — | 8.0 | 4y ago | Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of me… | |||
| CVE-2022-1552 | high | — | 8.0 | 4y ago | RHSA-2022:4855: postgresql:13 security update (Important) | |||
| CVE-2022-24903 | high | — | 8.0 | 4y ago | RHSA-2022:4799: rsyslog security update (Important) | |||
| CVE-2022-29599 | high | — | 8.0 | 4y ago | RHSA-2022:4798: maven:3.5 security update (Important) | |||
| CVE-2022-1520 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-29909 | high | — | 8.0 | 4y ago | Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permis… | |||
| CVE-2022-29914 | high | — | 8.0 | 4y ago | When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9,… | |||
| CVE-2022-29911 | high | — | 8.0 | 4y ago | An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This… | |||
| CVE-2022-29913 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-29917 | high | — | 8.0 | 4y ago | Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidenc… | |||
| CVE-2022-29916 | high | — | 8.0 | 4y ago | Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects… | |||
| CVE-2022-29912 | high | — | 8.0 | 4y ago | Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||
| CVE-2022-24070 | high | — | 8.0 | 4y ago | RHSA-2022:4941: subversion:1.14 security update (Important) | |||
| CVE-2022-1271 | high | — | 8.0 | 4y ago | RHSA-2022:4991: xz security update (Important) | |||
| CVE-2022-25315 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-23852 | high | — | 8.0 | 4y ago | RHSA-2022:0951: expat security update (Important) | |||
| CVE-2022-25235 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-21426 | high | — | 8.0 | 4y ago | RHSA-2022:1491: java-1.8.0-openjdk security update (Important) | |||
| CVE-2022-23990 | high | — | 8.0 | 4y ago | RHSA-2025:21776: expat security update (Important) | |||
| CVE-2022-21449 | high | — | 8.0 | 4y ago | RHSA-2022:1445: java-17-openjdk security and bug fix update (Important) | |||
| CVE-2022-0002 | high | — | 8.0 | 4y ago | Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |||
| CVE-2022-0001 | high | — | 8.0 | 4y ago | Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |||
| CVE-2022-1011 | high | — | 8.0 | 4y ago | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, r… | |||
| CVE-2022-0286 | high | — | 8.0 | 4y ago | A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. | |||
| CVE-2022-0322 | high | — | 8.0 | 4y ago | A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to us… | |||
| CVE-2022-48771 | high | — | 8.0 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry i… | |||
| CVE-2022-3106 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). | |||
| CVE-2022-3105 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). | |||
| CVE-2022-48904 | high | — | 8.0 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the log… | |||
| CVE-2022-0850 | high | — | 8.0 | 4y ago | A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | |||
| CVE-2022-29970 | high | — | 8.0 | 4y ago | RHSA-2022:4661: pcs security update (Important) | |||
| CVE-2022-1227 | high | — | 8.0 | 4y ago | RHSA-2022:2143: container-tools:3.0 security update (Important) | |||
| CVE-2022-22577 | high | — | 8.0 | 4y ago | An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | |||
| CVE-2022-25636 | high | — | 8.0 | 4y ago | net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | |||
| CVE-2022-27777 | high | — | 8.0 | 4y ago | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | |||
| CVE-2022-25648 | high | — | 8.0 | 4y ago | The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git … | |||
| CVE-2022-1197 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-24836 | high | — | 8.0 | 4y ago | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encod… | |||
| CVE-2022-28289 | high | — | 8.0 | 4y ago | Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs show… | |||
| CVE-2022-28281 | high | — | 8.0 | 4y ago | If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption … | |||
| CVE-2022-28282 | high | — | 8.0 | 4y ago | By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed poi… | |||
| CVE-2022-1097 | high | — | 8.0 | 4y ago | <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. Thi… | |||
| CVE-2022-28285 | high | — | 8.0 | 4y ago | When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds… | |||
| CVE-2022-1196 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-28286 | high | — | 8.0 | 4y ago | Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firef… | |||
| CVE-2022-27649 | high | — | 8.0 | 4y ago | RHSA-2022:1762: container-tools:rhel8 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-27651 | high | — | 8.0 | 4y ago | RHSA-2022:1762: container-tools:rhel8 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-28142 | high | — | 8.0 | 4y ago | SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin | |||
| CVE-2022-28133 | high | — | 8.0 | 4y ago | Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin | |||
| CVE-2022-28146 | high | — | 8.0 | 4y ago | Arbitrary file read vulnerability in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28155 | high | — | 8.0 | 4y ago | XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin | |||
| CVE-2022-28135 | high | — | 8.0 | 4y ago | Plaintext storage in Jenkins instant-messaging Plugin | |||
| CVE-2022-28137 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins JiraTestResultReporter Plugin | |||
| CVE-2022-28136 | high | — | 8.0 | 4y ago | CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin | |||
| CVE-2022-28141 | high | — | 8.0 | 4y ago | Password stored in plain text by Jenkins Proxmox Plugin | |||
| CVE-2022-28138 | high | — | 8.0 | 4y ago | CSRF vulnerability in Jenkins RocketChat Notifier Plugin | |||
| CVE-2022-28139 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins RocketChat Notifier Plugin | |||
| CVE-2022-28140 | high | — | 8.0 | 4y ago | XXE vulnerability in Jenkins Flaky Test Handler Plugin | |||
| CVE-2022-28134 | high | — | 8.0 | 4y ago | Missing permission checks in Jekins Bitbucket Server Integration Plugin | |||
| CVE-2022-28156 | high | — | 8.0 | 4y ago | Path traversal in Jenkins Phoenix AutoTest Plugin | |||
| CVE-2022-28144 | high | — | 8.0 | 4y ago | Missing permission checks in Jenkins Proxmox Plugin | |||
| CVE-2022-28145 | high | — | 8.0 | 4y ago | Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28143 | high | — | 8.0 | 4y ago | CSRF vulnerability in Proxmox Plugin | |||
| CVE-2022-28150 | high | — | 8.0 | 4y ago | Cross site request forgery in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28147 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28148 | high | — | 8.0 | 4y ago | Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28151 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28153 | high | — | 8.0 | 4y ago | Cross-site Scripting in Jenkins SiteMonitor Plugin | |||
| CVE-2022-28154 | high | — | 8.0 | 4y ago | enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability | |||
| CVE-2022-28149 | high | — | 8.0 | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28152 | high | — | 8.0 | 4y ago | CSRF vulnerability in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28157 | high | — | 8.0 | 4y ago | Path traversal in Jenkins Pipeline Phoenix AutoTest Plugin | |||
| CVE-2022-28160 | high | — | 8.0 | 4y ago | Arbitrary file read vulnerability in Jenkins Tests Selector Plugin | |||
| CVE-2022-28159 | high | — | 8.0 | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin | |||
| CVE-2022-28158 | high | — | 8.0 | 4y ago | Missing permission Jenkins Pipeline Phoenix AutoTest Plugin | |||
| CVE-2022-24790 | high | — | 8.0 | 4y ago | Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the … | |||
| CVE-2022-0759 | high | — | 8.0 | 4y ago | A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not conf… | |||
| CVE-2022-22720 | high | — | 8.0 | 4y ago | Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling | |||
| CVE-2022-24761 | high | — | 8.0 | 4y ago | Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the… | |||
| CVE-2022-0566 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-0516 | high | — | 8.0 | 4y ago | A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obt… | |||
| CVE-2022-0330 | high | — | 8.0 | 4y ago | A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system… | |||
| CVE-2022-0435 | high | — | 8.0 | 4y ago | A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64… | |||
| CVE-2022-26386 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-26383 | high | — | 8.0 | 4y ago | When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. | |||
| CVE-2022-26384 | high | — | 8.0 | 4y ago | If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to Ja… | |||
| CVE-2022-26387 | high | — | 8.0 | 4y ago | When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox woul… | |||
| CVE-2022-26381 | high | — | 8.0 | 4y ago | An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and T… | |||
| CVE-2022-25236 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-24713 | high | — | 8.0 | 4y ago | regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted i… | |||
| CVE-2022-24407 | high | — | 8.0 | 4y ago | RHSA-2022:0658: cyrus-sasl security update (Important) |