CVEs from 2022
Total
5,243
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41125 | unknown | — | 1.5 | 4y ago | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges. | |||
| CVE-2022-3723 | unknown | — | 1.5 | 4y ago | Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-42827 | unknown | — | 1.5 | 4y ago | Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges. | |||
| CVE-2022-41033 | unknown | — | 1.5 | 4y ago | Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-3236 | unknown | — | 1.5 | 4y ago | A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution. | |||
| CVE-2022-40139 | unknown | — | 1.5 | 4y ago | Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution. | |||
| CVE-2022-37969 | unknown | — | 1.5 | 4y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-32917 | unknown | — | 1.5 | 4y ago | Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges. | |||
| CVE-2022-27593 | unknown | — | 1.5 | 4y ago | Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerabi… | |||
| CVE-2022-26258 | unknown | — | 1.5 | 4y ago | D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution. | |||
| CVE-2022-3075 | unknown | — | 1.5 | 4y ago | Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2022-36537 | unknown | — | 1.5 | 4y ago | ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Jav… | |||
| CVE-2022-2294 | unknown | — | 1.5 | 4y ago | Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0028 | unknown | — | 1.5 | 4y ago | A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. | |||
| CVE-2022-32894 | unknown | — | 1.5 | 4y ago | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2022-21971 | unknown | — | 1.5 | 4y ago | Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution. | |||
| CVE-2022-2856 | unknown | — | 1.5 | 4y ago | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML pag… | |||
| CVE-2022-34713 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application. | |||
| CVE-2022-27924 | unknown | — | 1.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries. | |||
| CVE-2022-26138 | unknown | — | 1.5 | 4y ago | Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence … | |||
| CVE-2022-22047 | unknown | — | 1.5 | 4y ago | Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges. | |||
| CVE-2022-26925 | unknown | — | 1.5 | 4y ago | Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM. | |||
| CVE-2022-29499 | unknown | — | 1.5 | 4y ago | The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation. | |||
| CVE-2022-20821 | unknown | — | 1.5 | 4y ago | Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running … | |||
| CVE-2022-21919 | unknown | — | 1.5 | 4y ago | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-22718 | unknown | — | 1.5 | 4y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation. | |||
| CVE-2022-1364 | unknown | — | 1.5 | 4y ago | Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-24521 | unknown | — | 1.5 | 4y ago | Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-23176 | unknown | — | 1.5 | 4y ago | WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. | |||
| CVE-2022-22675 | unknown | — | 1.5 | 4y ago | macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. | |||
| CVE-2022-22674 | unknown | — | 1.5 | 4y ago | macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. | |||
| CVE-2022-26871 | unknown | — | 1.5 | 4y ago | An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution. | |||
| CVE-2022-26143 | unknown | — | 1.5 | 4y ago | A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degr… | |||
| CVE-2022-20703 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20701 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20700 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20708 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-24682 | unknown | — | 1.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code. | |||
| CVE-2022-0609 | unknown | — | 1.5 | 4y ago | Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-23131 | unknown | — | 1.5 | 4y ago | Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML. | |||
| CVE-2022-23134 | unknown | — | 1.5 | 4y ago | Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend. | |||
| CVE-2022-24086 | unknown | — | 1.5 | 4y ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution. | |||
| CVE-2022-22587 | unknown | — | 1.5 | 4y ago | Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. | |||
| CVE-2022-0995 | unknown | — | 1.0 | — | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user… | |||
| CVE-2022-1043 | unknown | — | 1.0 | — | A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. | |||
| CVE-2022-44268 | unknown | — | 1.0 | — | ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick b… | |||
| CVE-2022-44267 | unknown | — | 1.0 | — | ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. | |||
| CVE-2022-46945 | unknown | — | 1.0 | — | Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. | |||
| CVE-2022-29885 | unknown | — | 1.0 | 4y ago | The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to r… | |||
| CVE-2022-48655 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers r… | |||
| CVE-2022-48839 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THR… | |||
| CVE-2022-0465 | unknown | — | — | — | Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction. | |||
| CVE-2022-48660 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully When running gpio test on nxp-ls1028 platform with below … | |||
| CVE-2022-0789 | unknown | — | — | — | Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0800 | unknown | — | — | — | Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via… | |||
| CVE-2022-48694 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error t… | |||
| CVE-2022-0971 | unknown | — | — | — | Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafte… | |||
| CVE-2022-0979 | unknown | — | — | — | Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap cor… | |||
| CVE-2022-48702 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from n… | |||
| CVE-2022-48708 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference Added checking of pointer "function" in pcs_set_mux(). pinmux_generic_get_functio… | |||
| CVE-2022-48895 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown … | |||
| CVE-2022-48711 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domai… | |||
| CVE-2022-1135 | unknown | — | — | — | Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. | |||
| CVE-2022-48719 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NT… | |||
| CVE-2022-1310 | unknown | — | — | — | Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-48913 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debu… | |||
| CVE-2022-48718 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should not ever dereference the NULL pointer which drm_atomic_get_new_bridge_state… | |||
| CVE-2022-48721 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be s… | |||
| CVE-2022-48725 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siw_create_qp() The atomic_inc() needs to be paired with an atomic_dec() on the error path. | |||
| CVE-2022-48726 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure tha… | |||
| CVE-2022-2165 | unknown | — | — | — | Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||
| CVE-2022-2163 | unknown | — | — | — | Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI … | |||
| CVE-2022-48730 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and us… | |||
| CVE-2022-2296 | unknown | — | — | — | Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit h… | |||
| CVE-2022-48732 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject acces… | |||
| CVE-2022-48733 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structu… | |||
| CVE-2022-2481 | unknown | — | — | — | Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI i… | |||
| CVE-2022-2605 | unknown | — | — | — | Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-48739 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: hdmi-codec: Fix OOB memory accesses Correct size of iec_status array by changing it to the size of status array of the stru… | |||
| CVE-2022-2609 | unknown | — | — | — | Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap … | |||
| CVE-2022-2617 | unknown | — | — | — | Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific … | |||
| CVE-2022-2858 | unknown | — | — | — | Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. | |||
| CVE-2022-3052 | unknown | — | — | — | Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially… | |||
| CVE-2022-3200 | unknown | — | — | — | Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-3201 | unknown | — | — | — | Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass naviga… | |||
| CVE-2022-50409 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory Fixes the below NULL pointer dereference: [...] [ … | |||
| CVE-2022-4176 | unknown | — | — | — | Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentia… | |||
| CVE-2022-4185 | unknown | — | — | — | Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium secu… | |||
| CVE-2022-4439 | unknown | — | — | — | Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruptio… | |||
| CVE-2022-4440 | unknown | — | — | — | Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2022-4910 | unknown | — | — | — | Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2022-4911 | unknown | — | — | — | Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2022-4913 | unknown | — | — | — | Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML pag… | |||
| CVE-2022-4916 | unknown | — | — | — | Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-4920 | unknown | — | — | — | Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr… | |||
| CVE-2022-22757 | unknown | — | — | — | Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected… | |||
| CVE-2022-4924 | unknown | — | — | — | Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |||
| CVE-2022-49067 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Beca… | |||
| CVE-2022-49431 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Add missing of_node_put in iommu_init_early_dart The device_node pointer is returned by of_find_compatible_node wi… | |||
| CVE-2022-48845 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIG_SCHED_CORE (landed during 5.14 cycle), 2-core 2-thread-per… |