CVEs from 2022
Total
5,244
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-27779 | medium | — | 5.5 | — | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt … | |||
| CVE-2022-33070 | medium | — | 5.5 | — | Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Se… | |||
| CVE-2022-2303 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-2417 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-2095 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-2539 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-2326 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-2497 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-2512 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-0419 | medium | — | 5.5 | — | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. | |||
| CVE-2022-2500 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-2456 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-50504 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtas_os_term() It's unsafe to use rtas_busy_delay() to handle a busy status from the ibm,os-ter… | |||
| CVE-2022-49845 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49623 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-48830 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49353 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49627 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49432 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49357 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49643 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49437 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49269 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49024 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49443 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-50143 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: intel_th: Fix a resource leak in an error handling path If an error occurs after calling 'pci_alloc_irq_vectors()', 'pci_free_irq… | |||
| CVE-2022-49648 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49657 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49670 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-49672 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-50367 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2022-50386 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2cap_chan_hold_unless_zero() after calling __l2cap_get_chan_blah() to prevent th… | |||
| CVE-2022-4981 | medium | 5.5 | 5.5 | 8mo ago | A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation resul… | |||
| CVE-2022-24130 | medium | — | 5.5 | 10mo ago | Moderate: xterm security update | |||
| CVE-2022-48919 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call dea… | |||
| CVE-2022-49395 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes… | |||
| CVE-2022-3424 | medium | — | 5.5 | 1y ago | Moderate: kernel security update | |||
| CVE-2022-4055 | medium | — | 5.5 | 1y ago | Moderate: xdg-utils security update | |||
| CVE-2022-50743 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: erofs: Fix pcluster memleak when its block address is zero syzkaller reported a memleak: https://syzkaller.appspot.com/bug?id=62f… | |||
| CVE-2022-49029 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 i… | |||
| CVE-2022-50421 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Avoid double destroy of default endpoint The rpmsg_dev_remove() in rpmsg_core is the place for releasing this defaul… | |||
| CVE-2022-48989 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: fscache: Fix oops due to race with cookie_lru and use_cookie If a cookie expires from the LRU and the LRU_DISCARD flag is set, bu… | |||
| CVE-2022-50159 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: of: check previous kernel's ima-kexec-buffer against memory bounds Presently ima_get_kexec_buffer() doesn't check if the previous… | |||
| CVE-2022-49815 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: erofs: fix missing xas_retry() in fscache mode The xarray iteration only holds the RCU read lock and thus may encounter XA_RETRY_… | |||
| CVE-2022-49804 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: s390: avoid using global register for current_stack_pointer Commit 30de14b1884b ("s390: current_stack_pointer shouldn't be a func… | |||
| CVE-2022-50511 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for get_default_font Shifting signed 32-bit value by 31 bits is undefined, so chan… | |||
| CVE-2022-50614 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic The dma_map_single() doesn't permit zero length mapping.… | |||
| CVE-2022-50112 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge of_parse_phandle() returns a node pointer with refcount incremented, we… | |||
| CVE-2022-41741 | medium | — | 5.5 | 1y ago | Moderate: nginx security update | |||
| CVE-2022-50214 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: coresight: Clear the connection field properly coresight devices track their connections (output connections) and hold a referenc… | |||
| CVE-2022-41742 | medium | — | 5.5 | 1y ago | Moderate: nginx security update | |||
| CVE-2022-50319 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove cpuhp instance node before remove cpuhp state cpuhp_state_add_instance() and cpuhp_state_remove_instance(… | |||
| CVE-2022-50811 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: erofs: fix missing unmap if z_erofs_get_extent_compressedlen() fails Otherwise, meta buffers could be leaked. | |||
| CVE-2022-49778 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud The page table check trigger BUG_ON() unexpectedly when collapse huge… | |||
| CVE-2022-48969 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Fix NULL sring after live migration A NAPI is setup for each network sring to poll data to kernel The sring with so… | |||
| CVE-2022-1941 | medium | — | 5.5 | 1y ago | Moderate: protobuf security update | |||
| CVE-2022-49006 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" fie… | |||
| CVE-2022-50121 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init Every iteration of for_each_available_child_of_node() decrements th… | |||
| CVE-2022-49014 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tun_detach() syzbot reported use-after-free in tun_detach() [1]. This causes call trace like bel… | |||
| CVE-2022-49747 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: erofs/zmap.c: Fix incorrect offset calculation Effective offset to add to length was being incorrectly calculated, which resulted… | |||
| CVE-2022-50491 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: coresight: cti: Fix hang in cti_disable_hw() cti_enable_hw() and cti_disable_hw() are called from an atomic context so shouldn't … | |||
| CVE-2022-49822 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt… | |||
| CVE-2022-49803 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: netdevsim: Fix memory leak of nsim_dev->fa_cookie kmemleak reports this issue: unreferenced object 0xffff8881bac872d0 (size 8): … | |||
| CVE-2022-49183 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix ref leak when switching zones When switching zones or network namespaces without doing a ct clear in betwe… | |||
| CVE-2022-49135 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak [why] Resource release is needed on the error handling path to prevent memory leak. [how] Fix t… | |||
| CVE-2022-49043 | medium | — | 5.5 | 1y ago | xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. | |||
| CVE-2022-49430 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - cancel delayed work only in case of GPIO gpio_keys module can either accept gpios or interrupts. The module in… | |||
| CVE-2022-49078 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4_decompress_safe_partial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer o… | |||
| CVE-2022-50670 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: omap_hsmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will… | |||
| CVE-2022-50748 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue: fix possible memory leak in init_mqueue_fs() commit db7cfc380900 ("ipc: Free mq_sysctls if ipc namespace creation fa… | |||
| CVE-2022-50769 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: mxcmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory … | |||
| CVE-2022-49941 | medium | — | 5.5 | 2y ago | RHSA-2024:9315: kernel security update (Moderate) | |||
| CVE-2022-50468 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() The following WARNING message was given when r… | |||
| CVE-2022-50251 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory … | |||
| CVE-2022-50096 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/kprobes: Update kcb status flag after singlestepping Fix kprobes to update kcb (kprobes control block) status flag to KPROBE_… | |||
| CVE-2022-50663 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix possible memory leak in stmmac_dvr_probe() The bitmap_free() should be called to free priv->af_xdp_zc_qps when c… | |||
| CVE-2022-50177 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: rcutorture: Fix ksoftirqd boosting timing and iteration The RCU priority boosting can fail in two situations: 1) If (nr_cpus= > … | |||
| CVE-2022-50268 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: moxart: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory … | |||
| CVE-2022-50353 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: wmt-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memo… | |||
| CVE-2022-50141 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch of_find_matching_node() returns a node pointer with refcoun… | |||
| CVE-2022-50312 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drivers: serial: jsm: fix some leaks in probe This error path needs to unwind instead of just returning directly. | |||
| CVE-2022-49549 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails In mce_threshold_create_device(), if threshold_create_bank() fail… | |||
| CVE-2022-49787 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() pci_get_device() will increase the reference count for t… | |||
| CVE-2022-49124 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following condi… | |||
| CVE-2022-50347 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the… | |||
| CVE-2022-50858 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: alcor: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory t… | |||
| CVE-2022-48703 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer… | |||
| CVE-2022-49329 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: vduse: Fix NULL pointer dereference on sysfs access The control device has no drvdata. So we will get a NULL pointer dereference … | |||
| CVE-2022-50846 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will … | |||
| CVE-2022-50019 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: serial: Fix refcount leak bug in ucc_uart.c In soc_info(), of_find_node_by_type() will return a node pointer with refcount i… | |||
| CVE-2022-50886 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: toshsd: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory … | |||
| CVE-2022-49197 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: af_netlink: Fix shift out of bounds in group mask calculation When a netlink message is received, netlink_recvmsg() fills in the … | |||
| CVE-2022-48929 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel f… | |||
| CVE-2022-50486 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),… | |||
| CVE-2022-50284 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipc: fix memory leak in init_mqueue_fs() When setup_mq_sysctls() failed in init_mqueue_fs(), mqueue_inode_cachep is not released.… | |||
| CVE-2022-50625 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: serial: amba-pl011: avoid SBSA UART accessing DMACR register Chapter "B Generic UART" in "ARM Server Base System Architecture" [1… | |||
| CVE-2022-50761 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xen_init_lock_cpu() In xen_init_lock_cpu(), the @name has allocated new string by kasprintf(), if bin… | |||
| CVE-2022-50640 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fix kernel panic when remove non-standard SDIO card SDIO tuple is only allocated for standard SDIO card, especially it… | |||
| CVE-2022-49860 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: fix memory leak when register device fail If device_register() fails, it should call put_device() to… | |||
| CVE-2022-50720 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC (or xAPIC), and Extended APIC (or x2APIC). X2A… |