CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23134 | unknown | — | 1.5 | 4y ago | Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend. | |||
| CVE-2022-23131 | unknown | — | 1.5 | 4y ago | Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML. | |||
| CVE-2022-24086 | unknown | — | 1.5 | 4y ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution. | |||
| CVE-2022-22587 | unknown | — | 1.5 | 4y ago | Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. | |||
| CVE-2022-44268 | unknown | — | 1.0 | — | ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick b… | |||
| CVE-2022-46945 | unknown | — | 1.0 | — | Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. | |||
| CVE-2022-44267 | unknown | — | 1.0 | — | ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. | |||
| CVE-2022-0995 | unknown | — | 1.0 | — | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user… | |||
| CVE-2022-1043 | unknown | — | 1.0 | — | A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. | |||
| CVE-2022-29885 | unknown | — | 1.0 | 4y ago | The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to r… | |||
| CVE-2022-2581 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. | |||
| CVE-2022-2817 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0213. | |||
| CVE-2022-2819 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. | |||
| CVE-2022-2849 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. | |||
| CVE-2022-2862 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0221. | |||
| CVE-2022-2874 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. | |||
| CVE-2022-2889 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0225. | |||
| CVE-2022-2982 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0260. | |||
| CVE-2022-2923 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. | |||
| CVE-2022-3134 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0389. | |||
| CVE-2022-2946 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0246. | |||
| CVE-2022-2980 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. | |||
| CVE-2022-3153 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. | |||
| CVE-2022-3016 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0286. | |||
| CVE-2022-3037 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0322. | |||
| CVE-2022-3099 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0360. | |||
| CVE-2022-3234 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | |||
| CVE-2022-3235 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0490. | |||
| CVE-2022-3352 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0614. | |||
| CVE-2022-3491 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | |||
| CVE-2022-3256 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0530. | |||
| CVE-2022-3278 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. | |||
| CVE-2022-3296 | unknown | — | — | — | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. | |||
| CVE-2022-4141 | unknown | — | — | — | Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. | |||
| CVE-2022-3297 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0579. | |||
| CVE-2022-3520 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. | |||
| CVE-2022-3591 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0789. | |||
| CVE-2022-3705 | unknown | — | — | — | A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads… | |||
| CVE-2022-4292 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0882. | |||
| CVE-2022-4293 | unknown | — | — | — | Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. | |||
| CVE-2022-2845 | unknown | — | — | — | Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. | |||
| CVE-2022-49729 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred Similar to the handling of play_deferred in commit 19cfe912c37b ("Bluetoot… | |||
| CVE-2022-49733 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL… | |||
| CVE-2022-50818 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix running_req for internal abort commands Disabling the remote phy for a SATA disk causes a hang: root@(none)$ m… | |||
| CVE-2022-2571 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. | |||
| CVE-2022-2345 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0046. | |||
| CVE-2022-2343 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. | |||
| CVE-2022-48842 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: Fix race condition during interface enslave Commit 5dbbbd01cbba83 ("ice: Avoid RTNL lock when re-creating auxiliary device")… | |||
| CVE-2022-2304 | unknown | — | — | — | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-34474 | unknown | — | — | — | Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt… | |||
| CVE-2022-34480 | unknown | — | — | — | Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects… | |||
| CVE-2022-2289 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-49763 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfs_attr_find() Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs r… | |||
| CVE-2022-34482 | unknown | — | — | — | An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tr… | |||
| CVE-2022-34483 | unknown | — | — | — | An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tr… | |||
| CVE-2022-36317 | unknown | — | — | — | When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox fo… | |||
| CVE-2022-49789 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()'… | |||
| CVE-2022-2344 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. | |||
| CVE-2022-2816 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. | |||
| CVE-2022-49888 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortex_a76_erratum_1463225_debug_handler() function is called when handling debug except… | |||
| CVE-2022-2522 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. | |||
| CVE-2022-2288 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2287 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-40983 | unknown | — | — | — | An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which ca… | |||
| CVE-2022-43591 | unknown | — | — | — | A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitr… | |||
| CVE-2022-50432 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kernfs: fix use-after-free in __kernfs_remove Syzkaller managed to trigger concurrent calls to kernfs_remove_by_name_ns() for the… | |||
| CVE-2022-2286 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2284 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-22746 | unknown | — | — | — | A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other oper… | |||
| CVE-2022-50739 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check for inode operations This adds a sanity check for the i_op pointer of the inode which is returne… | |||
| CVE-2022-2085 | unknown | — | — | — | A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_… | |||
| CVE-2022-2264 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-50828 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy` "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is u… | |||
| CVE-2022-22750 | unknown | — | — | — | By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged proc… | |||
| CVE-2022-49244 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe The device_node pointer is returned by of_parse_phan… | |||
| CVE-2022-49246 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: atmel: Fix error handling in snd_proto_probe The device_node pointer is returned by of_parse_phandle() with refcount incre… | |||
| CVE-2022-49248 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7… | |||
| CVE-2022-49250 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing compander for aux AUX interpolator does not have compander, so check before accessing compa… | |||
| CVE-2022-49254 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() In cal_ctx_v4l2_init_formats(), devm_kzalloc() … | |||
| CVE-2022-49258 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But ctx_p-… | |||
| CVE-2022-22995 | unknown | — | — | — | The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbit… | |||
| CVE-2022-31739 | unknown | — | — | — | When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or … | |||
| CVE-2022-49276 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_scan_medium If an error is returned in jffs2_scan_eraseblock() and some memory has been added to … | |||
| CVE-2022-49277 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_mount_fs If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error, we can observe t… | |||
| CVE-2022-23125 | unknown | — | — | — | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists with… | |||
| CVE-2022-49278 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: remoteproc: Fix count check in rproc_coredump_write() Check count for 0, to avoid a potential underflow. Make the check the same … | |||
| CVE-2022-49295 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nbd: call genl_unregister_family() first in nbd_cleanup() Otherwise there may be race between module removal and the handling of … | |||
| CVE-2022-49303 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle There is a deadlock in rtw_joinbss_event_prehandle(), wh… | |||
| CVE-2022-49280 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvc_decode_writeargs() Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs() warn: no… | |||
| CVE-2022-43272 | unknown | — | — | — | DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. | |||
| CVE-2022-49284 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fix memleak on registration failure in cscfg_create_device device_register() calls device_initialize(), accord… | |||
| CVE-2022-49286 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tpm: use try_get_ops() in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/… | |||
| CVE-2022-2126 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-49300 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbd_alloc_config() and module removal When nbd module is being removing, nbd_alloc_config() may be called c… | |||
| CVE-2022-49301 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usb_read8() and friends When r8712_usbctrl_vendorreq() returns negative, 'data' in usb_read… | |||
| CVE-2022-49302 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: USB: host: isp116x: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resourc… | |||
| CVE-2022-49305 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() There is a deadlock in ieee80211_beacons_stop(), which is sh… | |||
| CVE-2022-2121 | unknown | — | — | — | OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. | |||
| CVE-2022-49307 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() When the driver fails at alloc_hdlcdev(), and then we remove the d… | |||
| CVE-2022-3199 | unknown | — | — | — | Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |