CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-22763 | high | — | 8.0 | 4y ago | RHSA-2022:0535: thunderbird security update (Important) | |||
| CVE-2022-22759 | high | — | 8.0 | 4y ago | If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler… | |||
| CVE-2022-22760 | high | — | 8.0 | 4y ago | When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused… | |||
| CVE-2022-22761 | high | — | 8.0 | 4y ago | Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This … | |||
| CVE-2022-22754 | high | — | 8.0 | 4y ago | If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. T… | |||
| CVE-2022-22756 | high | — | 8.0 | 4y ago | If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after th… | |||
| CVE-2022-22764 | high | — | 8.0 | 4y ago | Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we pres… | |||
| CVE-2022-219862 | high | — | 8.0 | 4y ago | RHSA-2022:0496: .NET 6.0 security and bugfix update (Important) | |||
| CVE-2022-23959 | high | — | 8.0 | 4y ago | In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can … | |||
| CVE-2022-23094 | high | — | 8.0 | 4y ago | RHSA-2022:0199: libreswan security update (Important) | |||
| CVE-2022-22815 | high | — | 8.0 | 5y ago | RHSA-2022:0643: python-pillow security update (Important) | |||
| CVE-2022-22816 | high | — | 8.0 | 5y ago | RHSA-2022:0643: python-pillow security update (Important) | |||
| CVE-2022-22817 | high | — | 8.0 | 5y ago | RHSA-2022:0643: python-pillow security update (Important) | |||
| CVE-2022-22738 | high | — | 8.0 | 5y ago | Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR <… | |||
| CVE-2022-22745 | high | — | 8.0 | 5y ago | Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||
| CVE-2022-22741 | high | — | 8.0 | 5y ago | When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 9… | |||
| CVE-2022-22740 | high | — | 8.0 | 5y ago | Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affe… | |||
| CVE-2022-22743 | high | — | 8.0 | 5y ago | When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ES… | |||
| CVE-2022-22739 | high | — | 8.0 | 5y ago | Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||
| CVE-2022-22742 | high | — | 8.0 | 5y ago | When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox … | |||
| CVE-2022-22748 | high | — | 8.0 | 5y ago | Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Fire… | |||
| CVE-2022-22751 | high | — | 8.0 | 5y ago | Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and … | |||
| CVE-2022-22737 | high | — | 8.0 | 5y ago | Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulne… | |||
| CVE-2022-22747 | high | — | 8.0 | 5y ago | After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability a… | |||
| CVE-2022-21589 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2022-26861 | high | 7.9 | 7.9 | 4y ago | Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitra… | |||
| CVE-2022-49042 | high | 7.8 | 7.8 | 3d ago | An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via u… | |||
| CVE-2022-49036 | high | 7.8 | 7.8 | 3d ago | An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users t… | |||
| CVE-2022-26522 | high | 7.8 | 7.8 | 29d ago | The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service… | |||
| CVE-2022-50552 | high | 7.8 | 7.8 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when r… | |||
| CVE-2022-34227 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-34224 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-44696 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-44695 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-44694 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-44702 | high | 7.8 | 7.8 | 4y ago | Windows Terminal Remote Code Execution Vulnerability | |||
| CVE-2022-41089 | high | 7.8 | 7.8 | 4y ago | .NET Remote Code Execution Vulnerability | |||
| CVE-2022-41107 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Graphics Remote Code Execution Vulnerability | |||
| CVE-2022-41063 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-41061 | high | 7.8 | 7.8 | 4y ago | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2022-31609 | high | 7.8 | 7.8 | 4y ago | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability ma… | |||
| CVE-2022-34219 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-34220 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-34221 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vu… | |||
| CVE-2022-34216 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-30790 | high | 7.8 | 7.8 | 4y ago | Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. | |||
| CVE-2022-23742 | high | 7.8 | 7.8 | 4y ago | Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious… | |||
| CVE-2022-28838 | high | 7.8 | 7.8 | 4y ago | Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code… | |||
| CVE-2022-28243 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28242 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exec… | |||
| CVE-2022-28240 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exec… | |||
| CVE-2022-28239 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28234 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a heap-based buffer overflow vulnerability due to insecure handling of … | |||
| CVE-2022-28232 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the collab object … | |||
| CVE-2022-28231 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by an out-of-bounds read vulnerability when processing a doc object, which… | |||
| CVE-2022-27801 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that c… | |||
| CVE-2022-27800 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that c… | |||
| CVE-2022-27799 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event… | |||
| CVE-2022-27794 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by the use of a variable that has not been initialized when processing of … | |||
| CVE-2022-27792 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary co… | |||
| CVE-2022-27791 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a stack-based buffer overflow vulnerability due to insecure processing … | |||
| CVE-2022-27789 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event… | |||
| CVE-2022-24104 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exe… | |||
| CVE-2022-24102 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exe… | |||
| CVE-2022-29109 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-26926 | high | 7.8 | 7.8 | 4y ago | Windows Address Book Remote Code Execution Vulnerability | |||
| CVE-2022-26901 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-26795 | high | 7.8 | 7.8 | 4y ago | Windows Print Spooler Elevation of Privilege Vulnerability | |||
| CVE-2022-24473 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-24510 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-24509 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-24461 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-24501 | high | 7.8 | 7.8 | 4y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-24457 | high | 7.8 | 7.8 | 4y ago | HEIF Image Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-24451 | high | 7.8 | 7.8 | 4y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-23282 | high | 7.8 | 7.8 | 4y ago | Paint 3D Remote Code Execution Vulnerability | |||
| CVE-2022-22709 | high | 7.8 | 7.8 | 4y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-21841 | high | 7.8 | 7.8 | 5y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-20920 | high | 7.7 | 7.7 | 4y ago | A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is du… | |||
| CVE-2022-34363 | high | 7.5 | 7.5 | 15d ago | Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp | |||
| CVE-2022-31231 | high | 7.5 | 7.5 | 15d ago | Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, le… | |||
| CVE-2022-50992 | high | 7.5 | 7.5 | 1mo ago | Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers t… | |||
| CVE-2022-4986 | high | 7.5 | 7.5 | 2mo ago | Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers c… | |||
| CVE-2022-40696 | high | 7.5 | 7.5 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2. | |||
| CVE-2022-45354 | high | 7.5 | 7.5 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | |||
| CVE-2022-44589 | high | 7.5 | 7.5 | 3y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | … | |||
| CVE-2022-36399 | high | 7.5 | 7.5 | 3y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordP… | |||
| CVE-2022-47597 | high | 7.5 | 7.5 | 3y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker – Popup for opt-ins, lead gen, & more.This issue affects Popup Maker – Popup for opt-ins, lead gen,… | |||
| CVE-2022-45835 | high | 7.5 | 7.5 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. | |||
| CVE-2022-31474 | high | 7.5 | 7.5 | 3y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | |||
| CVE-2022-48363 | high | 7.5 | 7.5 | 3y ago | In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an… | |||
| CVE-2022-45788 | high | 7.5 | 7.5 | 3y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malici… | |||
| CVE-2022-43945 | high | 7.5 | 7.5 | 3y ago | The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send … | |||
| CVE-2022-3693 | high | 7.5 | 7.5 | 3y ago | Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal. This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | |||
| CVE-2022-40227 | high | 7.5 | 7.5 | 4y ago | A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP12… | |||
| CVE-2022-2265 | high | 7.5 | 7.5 | 4y ago | The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.… | |||
| CVE-2022-38013 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:6539: .NET 6.0 security and bugfix update (Moderate) | |||
| CVE-2022-26860 | high | 7.5 | 7.5 | 4y ago | Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arb… | |||
| CVE-2022-34169 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important) | |||
| CVE-2022-33971 | high | 7.5 | 7.5 | 4y ago | Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and ea… |