CVEs from 2022
Total
5,244
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-26501 | unknown | — | 1.5 | 4y ago | The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may le… | |||
| CVE-2022-44698 | unknown | — | 1.5 | 4y ago | Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. | |||
| CVE-2022-4262 | unknown | — | 1.5 | 4y ago | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-4135 | unknown | — | 1.5 | 4y ago | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page… | |||
| CVE-2022-41049 | unknown | — | 1.5 | 4y ago | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. | |||
| CVE-2022-41128 | unknown | — | 1.5 | 4y ago | Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution. | |||
| CVE-2022-41073 | unknown | — | 1.5 | 4y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges. | |||
| CVE-2022-41125 | unknown | — | 1.5 | 4y ago | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges. | |||
| CVE-2022-41091 | unknown | — | 1.5 | 4y ago | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. | |||
| CVE-2022-3723 | unknown | — | 1.5 | 4y ago | Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-42827 | unknown | — | 1.5 | 4y ago | Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges. | |||
| CVE-2022-41033 | unknown | — | 1.5 | 4y ago | Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-3236 | unknown | — | 1.5 | 4y ago | A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution. | |||
| CVE-2022-40139 | unknown | — | 1.5 | 4y ago | Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution. | |||
| CVE-2022-37969 | unknown | — | 1.5 | 4y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-32917 | unknown | — | 1.5 | 4y ago | Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges. | |||
| CVE-2022-26258 | unknown | — | 1.5 | 4y ago | D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution. | |||
| CVE-2022-27593 | unknown | — | 1.5 | 4y ago | Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerabi… | |||
| CVE-2022-3075 | unknown | — | 1.5 | 4y ago | Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2022-36537 | unknown | — | 1.5 | 4y ago | ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Jav… | |||
| CVE-2022-2294 | unknown | — | 1.5 | 4y ago | Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0028 | unknown | — | 1.5 | 4y ago | A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. | |||
| CVE-2022-21971 | unknown | — | 1.5 | 4y ago | Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution. | |||
| CVE-2022-32894 | unknown | — | 1.5 | 4y ago | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2022-2856 | unknown | — | 1.5 | 4y ago | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML pag… | |||
| CVE-2022-34713 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application. | |||
| CVE-2022-27924 | unknown | — | 1.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries. | |||
| CVE-2022-26138 | unknown | — | 1.5 | 4y ago | Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence … | |||
| CVE-2022-22047 | unknown | — | 1.5 | 4y ago | Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges. | |||
| CVE-2022-26925 | unknown | — | 1.5 | 4y ago | Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM. | |||
| CVE-2022-29499 | unknown | — | 1.5 | 4y ago | The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation. | |||
| CVE-2022-20821 | unknown | — | 1.5 | 4y ago | Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running … | |||
| CVE-2022-21919 | unknown | — | 1.5 | 4y ago | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-22718 | unknown | — | 1.5 | 4y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation. | |||
| CVE-2022-1364 | unknown | — | 1.5 | 4y ago | Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-24521 | unknown | — | 1.5 | 4y ago | Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-23176 | unknown | — | 1.5 | 4y ago | WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. | |||
| CVE-2022-22674 | unknown | — | 1.5 | 4y ago | macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. | |||
| CVE-2022-22675 | unknown | — | 1.5 | 4y ago | macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. | |||
| CVE-2022-26871 | unknown | — | 1.5 | 4y ago | An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution. | |||
| CVE-2022-26143 | unknown | — | 1.5 | 4y ago | A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degr… | |||
| CVE-2022-20701 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20703 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20708 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20700 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-24682 | unknown | — | 1.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code. | |||
| CVE-2022-0609 | unknown | — | 1.5 | 4y ago | Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-23134 | unknown | — | 1.5 | 4y ago | Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend. | |||
| CVE-2022-23131 | unknown | — | 1.5 | 4y ago | Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML. | |||
| CVE-2022-24086 | unknown | — | 1.5 | 4y ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution. | |||
| CVE-2022-22587 | unknown | — | 1.5 | 4y ago | Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. | |||
| CVE-2022-1043 | unknown | — | 1.0 | — | A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. | |||
| CVE-2022-0995 | unknown | — | 1.0 | — | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user… | |||
| CVE-2022-46945 | unknown | — | 1.0 | — | Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. | |||
| CVE-2022-44268 | unknown | — | 1.0 | — | ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick b… | |||
| CVE-2022-44267 | unknown | — | 1.0 | — | ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. | |||
| CVE-2022-29885 | unknown | — | 1.0 | 4y ago | The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to r… | |||
| CVE-2022-20153 | unknown | — | — | — | In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges n… | |||
| CVE-2022-48914 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queu… | |||
| CVE-2022-49341 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog->jited_len along prog->jited syzbot reported an illegal copy_to_user() attempt from bpf_prog_get_info_by_f… | |||
| CVE-2022-49335 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, causes an oops later, found trying t… | |||
| CVE-2022-50647 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as `insb', `outsb', etc. which use the ph… | |||
| CVE-2022-48875 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthe… | |||
| CVE-2022-0469 | unknown | — | — | — | Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HT… | |||
| CVE-2022-0470 | unknown | — | — | — | Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0603 | unknown | — | — | — | Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-49255 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fs_handle_failed_inode This patch fixes xfstests/generic/475 failure. [ 293.680694] F2FS-fs (dm… | |||
| CVE-2022-0309 | unknown | — | — | — | Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2022-0791 | unknown | — | — | — | Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user… | |||
| CVE-2022-0796 | unknown | — | — | — | Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0797 | unknown | — | — | — | Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||
| CVE-2022-38150 | unknown | — | — | — | In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reaso… | |||
| CVE-2022-49851 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: riscv: fix reserved memory setup Currently, RISC-V sets up reserved memory using the "early" copy of the device tree. As a result… | |||
| CVE-2022-49910 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Fix the race condition between the following two flows that r… | |||
| CVE-2022-1139 | unknown | — | — | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2022-1141 | unknown | — | — | — | Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via… | |||
| CVE-2022-1311 | unknown | — | — | — | Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-1312 | unknown | — | — | — | Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrom… | |||
| CVE-2022-1313 | unknown | — | — | — | Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-1314 | unknown | — | — | — | Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-2295 | unknown | — | — | — | Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-2624 | unknown | — | — | — | Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a… | |||
| CVE-2022-2742 | unknown | — | — | — | Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit… | |||
| CVE-2022-2852 | unknown | — | — | — | Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-2855 | unknown | — | — | — | Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-2857 | unknown | — | — | — | Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-3311 | unknown | — | — | — | Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromi… | |||
| CVE-2022-3313 | unknown | — | — | — | Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2022-3656 | unknown | — | — | — | Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2022-3885 | unknown | — | — | — | Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-3660 | unknown | — | — | — | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (C… | |||
| CVE-2022-3863 | unknown | — | — | — | Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) | |||
| CVE-2022-3842 | unknown | — | — | — | Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.… | |||
| CVE-2022-4182 | unknown | — | — | — | Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severit… | |||
| CVE-2022-4183 | unknown | — | — | — | Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severi… | |||
| CVE-2022-50442 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indx_read is called when we have some NTFS directory operations that need mo… | |||
| CVE-2022-2120 | unknown | — | — | — | OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled na… | |||
| CVE-2022-2119 | unknown | — | — | — | OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. … | |||
| CVE-2022-34667 | unknown | — | — | — | NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local use… | |||
| CVE-2022-0462 | unknown | — | — | — | Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |