CVEs from 2022
Total
5,301
critical
critical 90
high
high 1,233
medium
medium 957
low
low 24
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.3%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-31737 | high | — | 8.0 | 4y ago | A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101,… | |||
| CVE-2022-1552 | high | — | 8.0 | 4y ago | RHSA-2022:4855: postgresql:13 security update (Important) | |||
| CVE-2022-24903 | high | — | 8.0 | 4y ago | RHSA-2022:4799: rsyslog security update (Important) | |||
| CVE-2022-29599 | high | — | 8.0 | 4y ago | RHSA-2022:4798: maven:3.5 security update (Important) | |||
| CVE-2022-29911 | high | — | 8.0 | 4y ago | An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This… | |||
| CVE-2022-29914 | high | — | 8.0 | 4y ago | When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9,… | |||
| CVE-2022-24070 | high | — | 8.0 | 4y ago | RHSA-2022:4941: subversion:1.14 security update (Important) | |||
| CVE-2022-1520 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-29913 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-29912 | high | — | 8.0 | 4y ago | Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||
| CVE-2022-29916 | high | — | 8.0 | 4y ago | Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects… | |||
| CVE-2022-29917 | high | — | 8.0 | 4y ago | Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidenc… | |||
| CVE-2022-29909 | high | — | 8.0 | 4y ago | Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permis… | |||
| CVE-2022-1271 | high | — | 8.0 | 4y ago | RHSA-2022:4991: xz security update (Important) | |||
| CVE-2022-23990 | high | — | 8.0 | 4y ago | RHSA-2025:21776: expat security update (Important) | |||
| CVE-2022-25315 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-23852 | high | — | 8.0 | 4y ago | RHSA-2022:0951: expat security update (Important) | |||
| CVE-2022-25235 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-21426 | high | — | 8.0 | 4y ago | RHSA-2022:1491: java-1.8.0-openjdk security update (Important) | |||
| CVE-2022-21449 | high | — | 8.0 | 4y ago | RHSA-2022:1445: java-17-openjdk security and bug fix update (Important) | |||
| CVE-2022-0002 | high | — | 8.0 | 4y ago | Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |||
| CVE-2022-0001 | high | — | 8.0 | 4y ago | Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |||
| CVE-2022-1011 | high | — | 8.0 | 4y ago | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, r… | |||
| CVE-2022-0322 | high | — | 8.0 | 4y ago | A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to us… | |||
| CVE-2022-0286 | high | — | 8.0 | 4y ago | A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. | |||
| CVE-2022-3105 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). | |||
| CVE-2022-0850 | high | — | 8.0 | 4y ago | A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | |||
| CVE-2022-3106 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). | |||
| CVE-2022-48904 | high | — | 8.0 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the log… | |||
| CVE-2022-48771 | high | — | 8.0 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry i… | |||
| CVE-2022-29970 | high | — | 8.0 | 4y ago | RHSA-2022:4661: pcs security update (Important) | |||
| CVE-2022-1227 | high | — | 8.0 | 4y ago | RHSA-2022:2143: container-tools:3.0 security update (Important) | |||
| CVE-2022-22577 | high | — | 8.0 | 4y ago | An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | |||
| CVE-2022-25636 | high | — | 8.0 | 4y ago | net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | |||
| CVE-2022-27777 | high | — | 8.0 | 4y ago | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | |||
| CVE-2022-25648 | high | — | 8.0 | 4y ago | The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git … | |||
| CVE-2022-1197 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-24836 | high | — | 8.0 | 4y ago | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encod… | |||
| CVE-2022-28289 | high | — | 8.0 | 4y ago | Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs show… | |||
| CVE-2022-28281 | high | — | 8.0 | 4y ago | If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption … | |||
| CVE-2022-28286 | high | — | 8.0 | 4y ago | Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firef… | |||
| CVE-2022-28282 | high | — | 8.0 | 4y ago | By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed poi… | |||
| CVE-2022-1196 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-28285 | high | — | 8.0 | 4y ago | When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds… | |||
| CVE-2022-1097 | high | — | 8.0 | 4y ago | <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. Thi… | |||
| CVE-2022-27649 | high | — | 8.0 | 4y ago | RHSA-2022:1762: container-tools:rhel8 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-27651 | high | — | 8.0 | 4y ago | RHSA-2022:1762: container-tools:rhel8 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-28142 | high | — | 8.0 | 4y ago | SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin | |||
| CVE-2022-28133 | high | — | 8.0 | 4y ago | Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin | |||
| CVE-2022-28155 | high | — | 8.0 | 4y ago | XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin | |||
| CVE-2022-28146 | high | — | 8.0 | 4y ago | Arbitrary file read vulnerability in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28140 | high | — | 8.0 | 4y ago | XXE vulnerability in Jenkins Flaky Test Handler Plugin | |||
| CVE-2022-28136 | high | — | 8.0 | 4y ago | CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin | |||
| CVE-2022-28135 | high | — | 8.0 | 4y ago | Plaintext storage in Jenkins instant-messaging Plugin | |||
| CVE-2022-28141 | high | — | 8.0 | 4y ago | Password stored in plain text by Jenkins Proxmox Plugin | |||
| CVE-2022-28139 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins RocketChat Notifier Plugin | |||
| CVE-2022-28137 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins JiraTestResultReporter Plugin | |||
| CVE-2022-28134 | high | — | 8.0 | 4y ago | Missing permission checks in Jekins Bitbucket Server Integration Plugin | |||
| CVE-2022-28138 | high | — | 8.0 | 4y ago | CSRF vulnerability in Jenkins RocketChat Notifier Plugin | |||
| CVE-2022-28144 | high | — | 8.0 | 4y ago | Missing permission checks in Jenkins Proxmox Plugin | |||
| CVE-2022-28143 | high | — | 8.0 | 4y ago | CSRF vulnerability in Proxmox Plugin | |||
| CVE-2022-28145 | high | — | 8.0 | 4y ago | Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28156 | high | — | 8.0 | 4y ago | Path traversal in Jenkins Phoenix AutoTest Plugin | |||
| CVE-2022-28153 | high | — | 8.0 | 4y ago | Cross-site Scripting in Jenkins SiteMonitor Plugin | |||
| CVE-2022-28152 | high | — | 8.0 | 4y ago | CSRF vulnerability in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28147 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28154 | high | — | 8.0 | 4y ago | enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability | |||
| CVE-2022-28148 | high | — | 8.0 | 4y ago | Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28150 | high | — | 8.0 | 4y ago | Cross site request forgery in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28151 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28149 | high | — | 8.0 | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28157 | high | — | 8.0 | 4y ago | Path traversal in Jenkins Pipeline Phoenix AutoTest Plugin | |||
| CVE-2022-28158 | high | — | 8.0 | 4y ago | Missing permission Jenkins Pipeline Phoenix AutoTest Plugin | |||
| CVE-2022-28159 | high | — | 8.0 | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin | |||
| CVE-2022-28160 | high | — | 8.0 | 4y ago | Arbitrary file read vulnerability in Jenkins Tests Selector Plugin | |||
| CVE-2022-24790 | high | — | 8.0 | 4y ago | Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the … | |||
| CVE-2022-0759 | high | — | 8.0 | 4y ago | A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not conf… | |||
| CVE-2022-22720 | high | — | 8.0 | 4y ago | Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling | |||
| CVE-2022-24761 | high | — | 8.0 | 4y ago | Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the… | |||
| CVE-2022-0566 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-0435 | high | — | 8.0 | 4y ago | A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64… | |||
| CVE-2022-0330 | high | — | 8.0 | 4y ago | A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system… | |||
| CVE-2022-0516 | high | — | 8.0 | 4y ago | A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obt… | |||
| CVE-2022-26387 | high | — | 8.0 | 4y ago | When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox woul… | |||
| CVE-2022-26384 | high | — | 8.0 | 4y ago | If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to Ja… | |||
| CVE-2022-25236 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-26381 | high | — | 8.0 | 4y ago | An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and T… | |||
| CVE-2022-26386 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-26383 | high | — | 8.0 | 4y ago | When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. | |||
| CVE-2022-24713 | high | — | 8.0 | 4y ago | regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted i… | |||
| CVE-2022-24407 | high | — | 8.0 | 4y ago | RHSA-2022:0658: cyrus-sasl security update (Important) | |||
| CVE-2022-22764 | high | — | 8.0 | 4y ago | Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we pres… | |||
| CVE-2022-22759 | high | — | 8.0 | 4y ago | If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler… | |||
| CVE-2022-22763 | high | — | 8.0 | 4y ago | RHSA-2022:0535: thunderbird security update (Important) | |||
| CVE-2022-22761 | high | — | 8.0 | 4y ago | Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This … | |||
| CVE-2022-22760 | high | — | 8.0 | 4y ago | When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused… | |||
| CVE-2022-22754 | high | — | 8.0 | 4y ago | If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. T… | |||
| CVE-2022-22756 | high | — | 8.0 | 4y ago | If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after th… | |||
| CVE-2022-219862 | high | — | 8.0 | 4y ago | RHSA-2022:0496: .NET 6.0 security and bugfix update (Important) | |||
| CVE-2022-23959 | high | — | 8.0 | 4y ago | In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can … |