CVEs from 2022
Total
5,301
critical
critical 90
high
high 1,233
medium
medium 957
low
low 24
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.3%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23094 | high | — | 8.0 | 4y ago | RHSA-2022:0199: libreswan security update (Important) | |||
| CVE-2022-22815 | high | — | 8.0 | 4y ago | RHSA-2022:0643: python-pillow security update (Important) | |||
| CVE-2022-22816 | high | — | 8.0 | 4y ago | RHSA-2022:0643: python-pillow security update (Important) | |||
| CVE-2022-22817 | high | — | 8.0 | 4y ago | RHSA-2022:0643: python-pillow security update (Important) | |||
| CVE-2022-22745 | high | — | 8.0 | 5y ago | Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||
| CVE-2022-22741 | high | — | 8.0 | 5y ago | When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 9… | |||
| CVE-2022-22738 | high | — | 8.0 | 5y ago | Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR <… | |||
| CVE-2022-22748 | high | — | 8.0 | 5y ago | Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Fire… | |||
| CVE-2022-22742 | high | — | 8.0 | 5y ago | When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox … | |||
| CVE-2022-22739 | high | — | 8.0 | 5y ago | Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||
| CVE-2022-22737 | high | — | 8.0 | 5y ago | Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulne… | |||
| CVE-2022-22747 | high | — | 8.0 | 5y ago | After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability a… | |||
| CVE-2022-22751 | high | — | 8.0 | 5y ago | Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and … | |||
| CVE-2022-22740 | high | — | 8.0 | 5y ago | Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affe… | |||
| CVE-2022-22743 | high | — | 8.0 | 5y ago | When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ES… | |||
| CVE-2022-21589 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2022-26861 | high | 7.9 | 7.9 | 4y ago | Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitra… | |||
| CVE-2022-49042 | high | 7.8 | 7.8 | 2d ago | An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via u… | |||
| CVE-2022-49036 | high | 7.8 | 7.8 | 2d ago | An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users t… | |||
| CVE-2022-26522 | high | 7.8 | 7.8 | 28d ago | The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service… | |||
| CVE-2022-50552 | high | 7.8 | 7.8 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when r… | |||
| CVE-2022-34227 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-34224 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-44696 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-44695 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-44694 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-44702 | high | 7.8 | 7.8 | 4y ago | Windows Terminal Remote Code Execution Vulnerability | |||
| CVE-2022-41089 | high | 7.8 | 7.8 | 4y ago | .NET Remote Code Execution Vulnerability | |||
| CVE-2022-41107 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Graphics Remote Code Execution Vulnerability | |||
| CVE-2022-41063 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-41061 | high | 7.8 | 7.8 | 4y ago | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2022-31609 | high | 7.8 | 7.8 | 4y ago | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability ma… | |||
| CVE-2022-34219 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-34220 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-34221 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vu… | |||
| CVE-2022-34216 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-30790 | high | 7.8 | 7.8 | 4y ago | Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. | |||
| CVE-2022-23742 | high | 7.8 | 7.8 | 4y ago | Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious… | |||
| CVE-2022-28838 | high | 7.8 | 7.8 | 4y ago | Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code… | |||
| CVE-2022-28243 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28242 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exec… | |||
| CVE-2022-28240 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exec… | |||
| CVE-2022-28239 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28234 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a heap-based buffer overflow vulnerability due to insecure handling of … | |||
| CVE-2022-28232 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the collab object … | |||
| CVE-2022-28231 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by an out-of-bounds read vulnerability when processing a doc object, which… | |||
| CVE-2022-27801 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that c… | |||
| CVE-2022-27800 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that c… | |||
| CVE-2022-27799 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event… | |||
| CVE-2022-27794 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by the use of a variable that has not been initialized when processing of … | |||
| CVE-2022-27792 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary co… | |||
| CVE-2022-27791 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a stack-based buffer overflow vulnerability due to insecure processing … | |||
| CVE-2022-27789 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event… | |||
| CVE-2022-24104 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exe… | |||
| CVE-2022-24102 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exe… | |||
| CVE-2022-29109 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-26926 | high | 7.8 | 7.8 | 4y ago | Windows Address Book Remote Code Execution Vulnerability | |||
| CVE-2022-26901 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-26795 | high | 7.8 | 7.8 | 4y ago | Windows Print Spooler Elevation of Privilege Vulnerability | |||
| CVE-2022-24473 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-24510 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-24509 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-24461 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-24501 | high | 7.8 | 7.8 | 4y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-24457 | high | 7.8 | 7.8 | 4y ago | HEIF Image Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-24451 | high | 7.8 | 7.8 | 4y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-23282 | high | 7.8 | 7.8 | 4y ago | Paint 3D Remote Code Execution Vulnerability | |||
| CVE-2022-22709 | high | 7.8 | 7.8 | 4y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-21841 | high | 7.8 | 7.8 | 5y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-20920 | high | 7.7 | 7.7 | 4y ago | A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is du… | |||
| CVE-2022-34363 | high | 7.5 | 7.5 | 13d ago | Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp | |||
| CVE-2022-31231 | high | 7.5 | 7.5 | 13d ago | Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, le… | |||
| CVE-2022-50992 | high | 7.5 | 7.5 | 1mo ago | Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers t… | |||
| CVE-2022-4986 | high | 7.5 | 7.5 | 2mo ago | Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers c… | |||
| CVE-2022-40696 | high | 7.5 | 7.5 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2. | |||
| CVE-2022-45354 | high | 7.5 | 7.5 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | |||
| CVE-2022-44589 | high | 7.5 | 7.5 | 3y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | … | |||
| CVE-2022-36399 | high | 7.5 | 7.5 | 3y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordP… | |||
| CVE-2022-47597 | high | 7.5 | 7.5 | 3y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker – Popup for opt-ins, lead gen, & more.This issue affects Popup Maker – Popup for opt-ins, lead gen,… | |||
| CVE-2022-45835 | high | 7.5 | 7.5 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. | |||
| CVE-2022-31474 | high | 7.5 | 7.5 | 3y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | |||
| CVE-2022-48363 | high | 7.5 | 7.5 | 3y ago | In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an… | |||
| CVE-2022-45788 | high | 7.5 | 7.5 | 3y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malici… | |||
| CVE-2022-43945 | high | 7.5 | 7.5 | 3y ago | The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send … | |||
| CVE-2022-3693 | high | 7.5 | 7.5 | 3y ago | Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal. This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | |||
| CVE-2022-40227 | high | 7.5 | 7.5 | 4y ago | A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP12… | |||
| CVE-2022-2265 | high | 7.5 | 7.5 | 4y ago | The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.… | |||
| CVE-2022-38013 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:6539: .NET 6.0 security and bugfix update (Moderate) | |||
| CVE-2022-26860 | high | 7.5 | 7.5 | 4y ago | Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arb… | |||
| CVE-2022-34169 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important) | |||
| CVE-2022-33971 | high | 7.5 | 7.5 | 4y ago | Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and ea… | |||
| CVE-2022-24946 | high | 7.5 | 7.5 | 4y ago | Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of seria… | |||
| CVE-2022-27781 | high | 7.5 | 7.5 | 4y ago | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make li… | |||
| CVE-2022-27775 | high | 7.5 | 7.5 | 4y ago | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a conn… | |||
| CVE-2022-27782 | high | 7.5 | 7.5 | 4y ago | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection p… | |||
| CVE-2022-22786 | high | 7.5 | 7.5 | 4y ago | The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update… | |||
| CVE-2022-29145 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:2202: .NET Core 3.1 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-29117 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:2202: .NET Core 3.1 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-23267 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:2202: .NET Core 3.1 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-25647 | high | 7.5 | 7.5 | 4y ago | Deserialization of Untrusted Data in Gson |