VIR Vulnerability Intelligence Relay

CVEs from 2022

5,236 normalized CVEs published or assigned in this year.

Total
5,236
critical
critical 92
high
high 1,236
medium
medium 953
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-28072 unknown A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.
CVE-2022-4964 unknown Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.
CVE-2022-46875 unknown The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Oth…
CVE-2022-0523 unknown Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-1444 unknown heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.
CVE-2022-0695 unknown Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.
CVE-2022-1383 unknown Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to rea…
CVE-2022-50011 unknown In the Linux kernel, the following vulnerability has been resolved: venus: pm_helpers: Fix warning in OPP during probe Fix the following WARN triggered during Venus driver probe on 5.19.0-rc8-next-…
CVE-2022-3443 unknown Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severi…
CVE-2022-48839 unknown In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THR…
CVE-2022-48694 unknown In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error t…
CVE-2022-0971 unknown Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafte…
CVE-2022-48702 unknown In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from n…
CVE-2022-48708 unknown In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference Added checking of pointer "function" in pcs_set_mux(). pinmux_generic_get_functio…
CVE-2022-48725 unknown In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siw_create_qp() The atomic_inc() needs to be paired with an atomic_dec() on the error path.
CVE-2022-48726 unknown In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure tha…
CVE-2022-2165 unknown Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2022-2163 unknown Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI …
CVE-2022-48730 unknown In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and us…
CVE-2022-2296 unknown Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit h…
CVE-2022-48732 unknown In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject acces…
CVE-2022-48733 unknown In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structu…
CVE-2022-2481 unknown Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI i…
CVE-2022-2605 unknown Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-48739 unknown In the Linux kernel, the following vulnerability has been resolved: ASoC: hdmi-codec: Fix OOB memory accesses Correct size of iec_status array by changing it to the size of status array of the stru…
CVE-2022-2609 unknown Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap …
CVE-2022-2617 unknown Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific …
CVE-2022-3201 unknown Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass naviga…
CVE-2022-50409 unknown In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory Fixes the below NULL pointer dereference: [...] [ …
CVE-2022-4439 unknown Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruptio…
CVE-2022-4440 unknown Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4911 unknown Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2022-4913 unknown Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML pag…
CVE-2022-4916 unknown Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2022-4920 unknown Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr…
CVE-2022-22757 unknown Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected…
CVE-2022-49431 unknown In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Add missing of_node_put in iommu_init_early_dart The device_node pointer is returned by of_find_compatible_node wi…
CVE-2022-24106 unknown In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in S…
CVE-2022-49196 unknown In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in remove_phb_dynamic() In remove_phb_dynamic() we use &phb->io_resource, after we've called …
CVE-2022-48902 unknown In the Linux kernel, the following vulnerability has been resolved: btrfs: do not WARN_ON() if we have PageError set Whenever we do any extent buffer operations we call assert_eb_page_uptodate() to…
CVE-2022-34000 unknown libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc.
CVE-2022-48956 unknown In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems …
CVE-2022-49402 unknown In the Linux kernel, the following vulnerability has been resolved: ftrace: Clean up hash direct_functions on register failures We see the following GPF when register_ftrace_direct fails: [ ] gene…
CVE-2022-22758 unknown When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this …
CVE-2022-45059 unknown An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-…
CVE-2022-4908 unknown Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-29910 unknown When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are una…
CVE-2022-4919 unknown Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2022-0408 unknown Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-22736 unknown If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not…
CVE-2022-0417 unknown Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
CVE-2022-0443 unknown Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-0572 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0629 unknown Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0696 unknown NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
CVE-2022-0714 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
CVE-2022-0729 unknown Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
CVE-2022-1381 unknown global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible …
CVE-2022-1616 unknown Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote ex…
CVE-2022-1619 unknown Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote ex…
CVE-2022-1620 unknown NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allow…
CVE-2022-1720 unknown Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVE-2022-1674 unknown NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allow…
CVE-2022-1725 unknown NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
CVE-2022-1733 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
CVE-2022-1735 unknown Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
CVE-2022-1769 unknown Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
CVE-2022-1796 unknown Use After Free in GitHub repository vim/vim prior to 8.2.4979.
CVE-2022-1851 unknown Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-1898 unknown Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2208 unknown NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
CVE-2022-1942 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-1968 unknown Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2124 unknown Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2042 unknown Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2125 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2129 unknown Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2175 unknown Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2206 unknown Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2207 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2210 unknown Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2257 unknown Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2264 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2284 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2286 unknown Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2287 unknown Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2288 unknown Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
CVE-2022-2522 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
CVE-2022-2289 unknown Use After Free in GitHub repository vim/vim prior to 9.0.
CVE-2022-2344 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
CVE-2022-2304 unknown Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2343 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
CVE-2022-2345 unknown Use After Free in GitHub repository vim/vim prior to 9.0.0046.
CVE-2022-2571 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.
CVE-2022-2580 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.
CVE-2022-2581 unknown Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
CVE-2022-2598 unknown Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
CVE-2022-2817 unknown Use After Free in GitHub repository vim/vim prior to 9.0.0213.
CVE-2022-2819 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
CVE-2022-2849 unknown Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.