CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0995 | unknown | — | 1.0 | — | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user… | |||
| CVE-2022-29885 | unknown | — | 1.0 | 4y ago | The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to r… | |||
| CVE-2022-42930 | unknown | — | — | — | If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106. | |||
| CVE-2022-31081 | unknown | — | — | — | HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison inte… | |||
| CVE-2022-48803 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: phy: ti: Fix missing sentinel for clk_div_table _get_table_maxdiv() tries to access "clk_div_table" array out of bound defined in… | |||
| CVE-2022-3979 | unknown | — | — | — | A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manip… | |||
| CVE-2022-37428 | unknown | — | — | — | PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS q… | |||
| CVE-2022-1771 | unknown | — | — | — | Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. | |||
| CVE-2022-0523 | unknown | — | — | — | Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. | |||
| CVE-2022-1444 | unknown | — | — | — | heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service. | |||
| CVE-2022-0695 | unknown | — | — | — | Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | |||
| CVE-2022-1383 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to rea… | |||
| CVE-2022-1437 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to rea… | |||
| CVE-2022-1451 | unknown | — | — | — | Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typ… | |||
| CVE-2022-22753 | unknown | — | — | — | A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTE… | |||
| CVE-2022-50011 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: venus: pm_helpers: Fix warning in OPP during probe Fix the following WARN triggered during Venus driver probe on 5.19.0-rc8-next-… | |||
| CVE-2022-50118 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable commit 2c9ac51b850d ("power… | |||
| CVE-2022-3443 | unknown | — | — | — | Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severi… | |||
| CVE-2022-48655 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers r… | |||
| CVE-2022-48839 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THR… | |||
| CVE-2022-0465 | unknown | — | — | — | Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction. | |||
| CVE-2022-48660 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully When running gpio test on nxp-ls1028 platform with below … | |||
| CVE-2022-0605 | unknown | — | — | — | Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interac… | |||
| CVE-2022-0795 | unknown | — | — | — | Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0789 | unknown | — | — | — | Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0800 | unknown | — | — | — | Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via… | |||
| CVE-2022-48694 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error t… | |||
| CVE-2022-0971 | unknown | — | — | — | Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafte… | |||
| CVE-2022-0979 | unknown | — | — | — | Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap cor… | |||
| CVE-2022-48702 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from n… | |||
| CVE-2022-0977 | unknown | — | — | — | Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corr… | |||
| CVE-2022-48708 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference Added checking of pointer "function" in pcs_set_mux(). pinmux_generic_get_functio… | |||
| CVE-2022-48895 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown … | |||
| CVE-2022-48711 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domai… | |||
| CVE-2022-1135 | unknown | — | — | — | Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. | |||
| CVE-2022-48719 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NT… | |||
| CVE-2022-1310 | unknown | — | — | — | Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-48913 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debu… | |||
| CVE-2022-48718 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should not ever dereference the NULL pointer which drm_atomic_get_new_bridge_state… | |||
| CVE-2022-1485 | unknown | — | — | — | Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-48721 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be s… | |||
| CVE-2022-1487 | unknown | — | — | — | Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test. | |||
| CVE-2022-1490 | unknown | — | — | — | Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption… | |||
| CVE-2022-1491 | unknown | — | — | — | Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. | |||
| CVE-2022-1496 | unknown | — | — | — | Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. | |||
| CVE-2022-48725 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siw_create_qp() The atomic_inc() needs to be paired with an atomic_dec() on the error path. | |||
| CVE-2022-1499 | unknown | — | — | — | Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||
| CVE-2022-48726 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure tha… | |||
| CVE-2022-2165 | unknown | — | — | — | Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||
| CVE-2022-2163 | unknown | — | — | — | Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI … | |||
| CVE-2022-48730 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and us… | |||
| CVE-2022-2296 | unknown | — | — | — | Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit h… | |||
| CVE-2022-48732 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject acces… | |||
| CVE-2022-2604 | unknown | — | — | — | Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-48733 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structu… | |||
| CVE-2022-2481 | unknown | — | — | — | Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI i… | |||
| CVE-2022-2605 | unknown | — | — | — | Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-48739 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: hdmi-codec: Fix OOB memory accesses Correct size of iec_status array by changing it to the size of status array of the stru… | |||
| CVE-2022-2609 | unknown | — | — | — | Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap … | |||
| CVE-2022-2617 | unknown | — | — | — | Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific … | |||
| CVE-2022-2858 | unknown | — | — | — | Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. | |||
| CVE-2022-3052 | unknown | — | — | — | Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially… | |||
| CVE-2022-3055 | unknown | — | — | — | Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a c… | |||
| CVE-2022-3200 | unknown | — | — | — | Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-3201 | unknown | — | — | — | Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass naviga… | |||
| CVE-2022-3309 | unknown | — | — | — | Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escap… | |||
| CVE-2022-3317 | unknown | — | — | — | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium… | |||
| CVE-2022-3446 | unknown | — | — | — | Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-3450 | unknown | — | — | — | Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-3652 | unknown | — | — | — | Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-0213 | unknown | — | — | — | vim is vulnerable to Heap-based Buffer Overflow | |||
| CVE-2022-1381 | unknown | — | — | — | global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible … | |||
| CVE-2022-1616 | unknown | — | — | — | Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote ex… | |||
| CVE-2022-1619 | unknown | — | — | — | Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote ex… | |||
| CVE-2022-1620 | unknown | — | — | — | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allow… | |||
| CVE-2022-1720 | unknown | — | — | — | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | |||
| CVE-2022-1674 | unknown | — | — | — | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allow… | |||
| CVE-2022-1725 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. | |||
| CVE-2022-1733 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | |||
| CVE-2022-1735 | unknown | — | — | — | Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. | |||
| CVE-2022-1769 | unknown | — | — | — | Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. | |||
| CVE-2022-1796 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2.4979. | |||
| CVE-2022-1851 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-1886 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-1898 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2208 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. | |||
| CVE-2022-1942 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-1968 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2124 | unknown | — | — | — | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2042 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2125 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2129 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2183 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2175 | unknown | — | — | — | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2182 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2206 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2207 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2231 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2210 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2257 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |