CVEs from 2022

5,249 normalized CVEs published or assigned in this year.

Total

5,249

critical

critical 92

high

high 1,233

medium

medium 961

low

low 24

% Critical

1.8%

% with KEV

2.5%

% with exploit

3.4%

Top vendors

Top packages

critical high medium low unknown

KEV Has exploit

Reset

CVE	Severity	CVSS	Risk	Published	Description
CVE-2022-1142	unknown	—	—	—	Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via …
CVE-2022-1232	unknown	—	—	—	Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-1145	unknown	—	—	—	Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user…
CVE-2022-1305	unknown	—	—	—	Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0511	unknown	—	—	—	Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96.…
CVE-2022-1307	unknown	—	—	—	Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-1483	unknown	—	—	—	Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pag…
CVE-2022-1488	unknown	—	—	—	Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafte…
CVE-2022-49529	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: fix the null pointer while the smu is disabled It needs to check if the pp_funcs is initialized while release the …
CVE-2022-1501	unknown	—	—	—	Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-2161	unknown	—	—	—	Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corrupti…
CVE-2022-2606	unknown	—	—	—	Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corrupt…
CVE-2022-2860	unknown	—	—	—	Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
CVE-2022-2861	unknown	—	—	—	Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebU…
CVE-2022-2998	unknown	—	—	—	Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corru…
CVE-2022-3040	unknown	—	—	—	Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-26846	unknown	—	—	—	SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
CVE-2022-26847	unknown	—	—	—	SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
CVE-2022-28959	unknown	—	—	—	Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-28960	unknown	—	—	—	A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
CVE-2022-28961	unknown	—	—	—	Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
CVE-2022-37155	unknown	—	—	—	RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
CVE-2022-3304	unknown	—	—	—	Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3305	unknown	—	—	—	Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hig…
CVE-2022-49082	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() The function mpt3sas_transport_port_remove() called in _scsih_…
CVE-2022-3310	unknown	—	—	—	Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via…
CVE-2022-3314	unknown	—	—	—	Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chrom…
CVE-2022-3318	unknown	—	—	—	Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption …
CVE-2022-3658	unknown	—	—	—	Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit h…
CVE-2022-4926	unknown	—	—	—	Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security sever…
CVE-2022-1887	unknown	—	—	—	The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.
CVE-2022-4191	unknown	—	—	—	Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profil…
CVE-2022-4189	unknown	—	—	—	Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c…
CVE-2022-4922	unknown	—	—	—	Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-45059	unknown	—	—	—	An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-…
CVE-2022-4908	unknown	—	—	—	Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4914	unknown	—	—	—	Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a cra…
CVE-2022-29910	unknown	—	—	—	When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are una…
CVE-2022-4923	unknown	—	—	—	Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic…
CVE-2022-4919	unknown	—	—	—	Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2022-0213	unknown	—	—	—	vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-0156	unknown	—	—	—	vim is vulnerable to Use After Free
CVE-2022-0128	unknown	—	—	—	vim is vulnerable to Out-of-bounds Read
CVE-2022-0319	unknown	—	—	—	Out-of-bounds Read in vim/vim prior to 8.2.
CVE-2022-0158	unknown	—	—	—	vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-2205	unknown	—	—	—
CVE-2022-0351	unknown	—	—	—	Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
CVE-2022-0368	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0393	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0407	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0408	unknown	—	—	—	Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-22736	unknown	—	—	—	If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not…
CVE-2022-0417	unknown	—	—	—	Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
CVE-2022-0443	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-0572	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0629	unknown	—	—	—	Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0696	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
CVE-2022-0714	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
CVE-2022-0729	unknown	—	—	—	Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
CVE-2022-1381	unknown	—	—	—	global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible …
CVE-2022-1616	unknown	—	—	—	Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote ex…
CVE-2022-1619	unknown	—	—	—	Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote ex…
CVE-2022-1620	unknown	—	—	—	NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allow…
CVE-2022-1720	unknown	—	—	—	Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVE-2022-1674	unknown	—	—	—	NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allow…
CVE-2022-1725	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
CVE-2022-1733	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
CVE-2022-1735	unknown	—	—	—	Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
CVE-2022-1769	unknown	—	—	—	Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
CVE-2022-1796	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.4979.
CVE-2022-1851	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-1886	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-1898	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2208	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
CVE-2022-1942	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-1968	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2124	unknown	—	—	—	Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2042	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2125	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-3307	unknown	—	—	—	Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-2183	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2175	unknown	—	—	—	Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2182	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2206	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2207	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2231	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
CVE-2022-2210	unknown	—	—	—	Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2257	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2285	unknown	—	—	—	Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
CVE-2022-2264	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2284	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2286	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2287	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2288	unknown	—	—	—	Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
CVE-2022-2522	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
CVE-2022-2816	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
CVE-2022-2344	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
CVE-2022-2289	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.
CVE-2022-2304	unknown	—	—	—	Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2343	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.

CVEs from 2022

Top vendors

Top products

Top packages