CVEs from 2022
Total
5,244
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-31740 | high | — | 8.0 | 4y ago | On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10,… | |||
| CVE-2022-31747 | high | — | 8.0 | 4y ago | Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of me… | |||
| CVE-2022-24903 | high | — | 8.0 | 4y ago | RHSA-2022:4799: rsyslog security update (Important) | |||
| CVE-2022-1552 | high | — | 8.0 | 4y ago | RHSA-2022:4855: postgresql:13 security update (Important) | |||
| CVE-2022-29599 | high | — | 8.0 | 4y ago | RHSA-2022:4798: maven:3.5 security update (Important) | |||
| CVE-2022-29916 | high | — | 8.0 | 4y ago | Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects… | |||
| CVE-2022-29912 | high | — | 8.0 | 4y ago | Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||
| CVE-2022-29917 | high | — | 8.0 | 4y ago | Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidenc… | |||
| CVE-2022-24070 | high | — | 8.0 | 4y ago | RHSA-2022:4941: subversion:1.14 security update (Important) | |||
| CVE-2022-1520 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-29909 | high | — | 8.0 | 4y ago | Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permis… | |||
| CVE-2022-29913 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-29911 | high | — | 8.0 | 4y ago | An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This… | |||
| CVE-2022-29914 | high | — | 8.0 | 4y ago | When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9,… | |||
| CVE-2022-25235 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-23990 | high | — | 8.0 | 4y ago | RHSA-2025:21776: expat security update (Important) | |||
| CVE-2022-1271 | high | — | 8.0 | 4y ago | RHSA-2022:4991: xz security update (Important) | |||
| CVE-2022-21449 | high | — | 8.0 | 4y ago | RHSA-2022:1445: java-17-openjdk security and bug fix update (Important) | |||
| CVE-2022-21426 | high | — | 8.0 | 4y ago | RHSA-2022:1491: java-1.8.0-openjdk security update (Important) | |||
| CVE-2022-23852 | high | — | 8.0 | 4y ago | RHSA-2022:0951: expat security update (Important) | |||
| CVE-2022-25315 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-0286 | high | — | 8.0 | 4y ago | A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. | |||
| CVE-2022-0001 | high | — | 8.0 | 4y ago | Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |||
| CVE-2022-1011 | high | — | 8.0 | 4y ago | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, r… | |||
| CVE-2022-0002 | high | — | 8.0 | 4y ago | Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |||
| CVE-2022-0322 | high | — | 8.0 | 4y ago | A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to us… | |||
| CVE-2022-48771 | high | — | 8.0 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry i… | |||
| CVE-2022-48904 | high | — | 8.0 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the log… | |||
| CVE-2022-3105 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). | |||
| CVE-2022-0850 | high | — | 8.0 | 4y ago | A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | |||
| CVE-2022-3106 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). | |||
| CVE-2022-29970 | high | — | 8.0 | 4y ago | RHSA-2022:4661: pcs security update (Important) | |||
| CVE-2022-1227 | high | — | 8.0 | 4y ago | RHSA-2022:2143: container-tools:3.0 security update (Important) | |||
| CVE-2022-22577 | high | — | 8.0 | 4y ago | An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | |||
| CVE-2022-25636 | high | — | 8.0 | 4y ago | net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | |||
| CVE-2022-27777 | high | — | 8.0 | 4y ago | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | |||
| CVE-2022-25648 | high | — | 8.0 | 4y ago | The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git … | |||
| CVE-2022-1197 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-24836 | high | — | 8.0 | 4y ago | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encod… | |||
| CVE-2022-1196 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-28282 | high | — | 8.0 | 4y ago | By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed poi… | |||
| CVE-2022-28285 | high | — | 8.0 | 4y ago | When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds… | |||
| CVE-2022-28286 | high | — | 8.0 | 4y ago | Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firef… | |||
| CVE-2022-1097 | high | — | 8.0 | 4y ago | <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. Thi… | |||
| CVE-2022-28289 | high | — | 8.0 | 4y ago | Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs show… | |||
| CVE-2022-28281 | high | — | 8.0 | 4y ago | If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption … | |||
| CVE-2022-27649 | high | — | 8.0 | 4y ago | RHSA-2022:1762: container-tools:rhel8 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-27651 | high | — | 8.0 | 4y ago | RHSA-2022:1762: container-tools:rhel8 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-28142 | high | — | 8.0 | 4y ago | SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin | |||
| CVE-2022-28146 | high | — | 8.0 | 4y ago | Arbitrary file read vulnerability in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28133 | high | — | 8.0 | 4y ago | Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin | |||
| CVE-2022-28155 | high | — | 8.0 | 4y ago | XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin | |||
| CVE-2022-28138 | high | — | 8.0 | 4y ago | CSRF vulnerability in Jenkins RocketChat Notifier Plugin | |||
| CVE-2022-28136 | high | — | 8.0 | 4y ago | CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin | |||
| CVE-2022-28134 | high | — | 8.0 | 4y ago | Missing permission checks in Jekins Bitbucket Server Integration Plugin | |||
| CVE-2022-28139 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins RocketChat Notifier Plugin | |||
| CVE-2022-28137 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins JiraTestResultReporter Plugin | |||
| CVE-2022-28135 | high | — | 8.0 | 4y ago | Plaintext storage in Jenkins instant-messaging Plugin | |||
| CVE-2022-28141 | high | — | 8.0 | 4y ago | Password stored in plain text by Jenkins Proxmox Plugin | |||
| CVE-2022-28140 | high | — | 8.0 | 4y ago | XXE vulnerability in Jenkins Flaky Test Handler Plugin | |||
| CVE-2022-28143 | high | — | 8.0 | 4y ago | CSRF vulnerability in Proxmox Plugin | |||
| CVE-2022-28144 | high | — | 8.0 | 4y ago | Missing permission checks in Jenkins Proxmox Plugin | |||
| CVE-2022-28156 | high | — | 8.0 | 4y ago | Path traversal in Jenkins Phoenix AutoTest Plugin | |||
| CVE-2022-28145 | high | — | 8.0 | 4y ago | Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28147 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28151 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28149 | high | — | 8.0 | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28148 | high | — | 8.0 | 4y ago | Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28154 | high | — | 8.0 | 4y ago | enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability | |||
| CVE-2022-28150 | high | — | 8.0 | 4y ago | Cross site request forgery in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28152 | high | — | 8.0 | 4y ago | CSRF vulnerability in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28153 | high | — | 8.0 | 4y ago | Cross-site Scripting in Jenkins SiteMonitor Plugin | |||
| CVE-2022-28157 | high | — | 8.0 | 4y ago | Path traversal in Jenkins Pipeline Phoenix AutoTest Plugin | |||
| CVE-2022-28158 | high | — | 8.0 | 4y ago | Missing permission Jenkins Pipeline Phoenix AutoTest Plugin | |||
| CVE-2022-28160 | high | — | 8.0 | 4y ago | Arbitrary file read vulnerability in Jenkins Tests Selector Plugin | |||
| CVE-2022-28159 | high | — | 8.0 | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin | |||
| CVE-2022-24790 | high | — | 8.0 | 4y ago | Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the … | |||
| CVE-2022-0759 | high | — | 8.0 | 4y ago | A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not conf… | |||
| CVE-2022-22720 | high | — | 8.0 | 4y ago | Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling | |||
| CVE-2022-24761 | high | — | 8.0 | 4y ago | Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the… | |||
| CVE-2022-0566 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-0516 | high | — | 8.0 | 4y ago | A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obt… | |||
| CVE-2022-0330 | high | — | 8.0 | 4y ago | A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system… | |||
| CVE-2022-0435 | high | — | 8.0 | 4y ago | A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64… | |||
| CVE-2022-26381 | high | — | 8.0 | 4y ago | An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and T… | |||
| CVE-2022-25236 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-26384 | high | — | 8.0 | 4y ago | If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to Ja… | |||
| CVE-2022-26387 | high | — | 8.0 | 4y ago | When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox woul… | |||
| CVE-2022-26386 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-26383 | high | — | 8.0 | 4y ago | When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. | |||
| CVE-2022-24713 | high | — | 8.0 | 4y ago | regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted i… | |||
| CVE-2022-24407 | high | — | 8.0 | 4y ago | RHSA-2022:0658: cyrus-sasl security update (Important) | |||
| CVE-2022-22759 | high | — | 8.0 | 4y ago | If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler… | |||
| CVE-2022-22763 | high | — | 8.0 | 4y ago | RHSA-2022:0535: thunderbird security update (Important) | |||
| CVE-2022-22764 | high | — | 8.0 | 4y ago | Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we pres… | |||
| CVE-2022-22756 | high | — | 8.0 | 4y ago | If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after th… | |||
| CVE-2022-22760 | high | — | 8.0 | 4y ago | When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused… | |||
| CVE-2022-22761 | high | — | 8.0 | 4y ago | Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This … | |||
| CVE-2022-22754 | high | — | 8.0 | 4y ago | If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. T… | |||
| CVE-2022-219862 | high | — | 8.0 | 4y ago | RHSA-2022:0496: .NET 6.0 security and bugfix update (Important) |