CVEs from 2022
Total
5,243
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0971 | unknown | — | — | — | Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafte… | |||
| CVE-2022-0979 | unknown | — | — | — | Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap cor… | |||
| CVE-2022-49278 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: remoteproc: Fix count check in rproc_coredump_write() Check count for 0, to avoid a potential underflow. Make the check the same … | |||
| CVE-2022-48702 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from n… | |||
| CVE-2022-48708 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference Added checking of pointer "function" in pcs_set_mux(). pinmux_generic_get_functio… | |||
| CVE-2022-48895 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown … | |||
| CVE-2022-49277 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_mount_fs If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error, we can observe t… | |||
| CVE-2022-48711 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domai… | |||
| CVE-2022-1135 | unknown | — | — | — | Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. | |||
| CVE-2022-48719 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NT… | |||
| CVE-2022-1310 | unknown | — | — | — | Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-49276 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_scan_medium If an error is returned in jffs2_scan_eraseblock() and some memory has been added to … | |||
| CVE-2022-48913 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debu… | |||
| CVE-2022-48718 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should not ever dereference the NULL pointer which drm_atomic_get_new_bridge_state… | |||
| CVE-2022-49258 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But ctx_p-… | |||
| CVE-2022-49254 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() In cal_ctx_v4l2_init_formats(), devm_kzalloc() … | |||
| CVE-2022-48721 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be s… | |||
| CVE-2022-48725 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siw_create_qp() The atomic_inc() needs to be paired with an atomic_dec() on the error path. | |||
| CVE-2022-48726 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure tha… | |||
| CVE-2022-49250 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing compander for aux AUX interpolator does not have compander, so check before accessing compa… | |||
| CVE-2022-2165 | unknown | — | — | — | Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||
| CVE-2022-2163 | unknown | — | — | — | Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI … | |||
| CVE-2022-48730 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and us… | |||
| CVE-2022-2296 | unknown | — | — | — | Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit h… | |||
| CVE-2022-48732 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject acces… | |||
| CVE-2022-48733 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structu… | |||
| CVE-2022-49248 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7… | |||
| CVE-2022-2481 | unknown | — | — | — | Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI i… | |||
| CVE-2022-2605 | unknown | — | — | — | Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-49246 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: atmel: Fix error handling in snd_proto_probe The device_node pointer is returned by of_parse_phandle() with refcount incre… | |||
| CVE-2022-48739 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: hdmi-codec: Fix OOB memory accesses Correct size of iec_status array by changing it to the size of status array of the stru… | |||
| CVE-2022-2609 | unknown | — | — | — | Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap … | |||
| CVE-2022-2617 | unknown | — | — | — | Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific … | |||
| CVE-2022-3169 | unknown | — | — | — | A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the drive… | |||
| CVE-2022-50174 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hinic: avoid kernel hung in hinic_get_stats64() When using hinic device as a bond slave device, and reading device stats of … | |||
| CVE-2022-3115 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer deref… | |||
| CVE-2022-50184 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init of_graph_get_remote_node() returns remote device nodepointe… | |||
| CVE-2022-3114 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereferenc… | |||
| CVE-2022-50197 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cpufreq: zynq: Fix refcount leak in zynq_get_revision of_find_compatible_node() returns a node pointer with refcount incremented,… | |||
| CVE-2022-50198 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init of_find_matching_node() returns a node pointer with refcount incremented… | |||
| CVE-2022-50205 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ext2: Add more validity checks for inode counts Add checks verifying number of inodes stored in the superblock matches the number… | |||
| CVE-2022-50210 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, … | |||
| CVE-2022-50220 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which may sleep… | |||
| CVE-2022-50225 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: riscv:uprobe fix SR_SPIE set/clear handling In riscv the process of uprobe going to clear spie before exec the origin insn,and se… | |||
| CVE-2022-0563 | unknown | — | — | — | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. W… | |||
| CVE-2022-3113 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and wil… | |||
| CVE-2022-50260 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm: Make .remove and .shutdown HW shutdown consistent Drivers' .remove and .shutdown callbacks are executed on different cod… | |||
| CVE-2022-50242 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() If vp alloc failed in qlcnic_sriov_init(), all previously … | |||
| CVE-2022-3112 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the nu… | |||
| CVE-2022-3111 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charg… | |||
| CVE-2022-3110 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the … | |||
| CVE-2022-3104 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference. | |||
| CVE-2022-50256 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/meson: remove drm bridges at aggregate driver unbind time drm bridges added by meson_encoder_hdmi_init and meson_encoder_cvbs… | |||
| CVE-2022-3078 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c. | |||
| CVE-2022-29968 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. | |||
| CVE-2022-2991 | unknown | — | — | — | A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixe… | |||
| CVE-2022-50273 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on destination blkaddr during recovery As Wenqing Liu reported in bugzilla: https://bugzilla.kernel… | |||
| CVE-2022-49737 | unknown | — | — | — | In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lo… | |||
| CVE-2022-49231 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rtw88: fix memory overrun and memory leak during hw_scan Previously we allocated less memory than actual required, overwrite to t… | |||
| CVE-2022-50267 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_pci: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memor… | |||
| CVE-2022-28796 | unknown | — | — | — | jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. | |||
| CVE-2022-50270 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix the assign logic of iocb commit 18ae8d12991b ("f2fs: show more DIO information in tracepoint") introduces iocb field in… | |||
| CVE-2022-1452 | unknown | — | — | — | Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. … | |||
| CVE-2022-1382 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system. | |||
| CVE-2022-1284 | unknown | — | — | — | heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. | |||
| CVE-2022-1240 | unknown | — | — | — | Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into th… | |||
| CVE-2022-1296 | unknown | — | — | — | Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. | |||
| CVE-2022-1238 | unknown | — | — | — | Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap … | |||
| CVE-2022-37026 | unknown | — | — | — | In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. | |||
| CVE-2022-27223 | unknown | — | — | — | In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. | |||
| CVE-2022-1297 | unknown | — | — | — | Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. | |||
| CVE-2022-50281 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create() In error case in bridge_platform_create after calling platfo… | |||
| CVE-2022-50283 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mtd: core: add missing of_node_get() in dynamic partitions code This fixes unbalanced of_node_put(): [ 1.078910] 6 cmdlinepart… | |||
| CVE-2022-1237 | unknown | — | — | — | Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overf… | |||
| CVE-2022-50292 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggreg… | |||
| CVE-2022-26966 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. | |||
| CVE-2022-0559 | unknown | — | — | — | Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. | |||
| CVE-2022-50296 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cp… | |||
| CVE-2022-0521 | unknown | — | — | — | Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. | |||
| CVE-2022-50288 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure adapter->dcb would get silently freed inside qlcnic_dcb_enabl… | |||
| CVE-2022-50294 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix memory leak in lbs_init_adapter() When kfifo_alloc() failed in lbs_init_adapter(), cmd buffer is not released… | |||
| CVE-2022-2602 | unknown | — | — | — | io_uring UAF, Unix SCM garbage collection | |||
| CVE-2022-2590 | unknown | — | — | — | A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local… | |||
| CVE-2022-50316 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefs_sysfs_init() When insert and remove the orangefs module, there are kobjects memory leaked as b… | |||
| CVE-2022-50323 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: do not sense pfmemalloc status in skb_append_pagefrags() skb_append_pagefrags() is used by af_unix and udp sendpage() implem… | |||
| CVE-2022-50301 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu/omap: Fix buffer overflow in debugfs There are two issues here: 1) The "len" variable needs to be checked before the very … | |||
| CVE-2022-50300 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when handling missing device in read_one_chunk Store the error code before freeing the exten… | |||
| CVE-2022-27672 | unknown | — | — | — | When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. | |||
| CVE-2022-50304 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mtd: core: fix possible resource leak in init_mtd() I got the error report while inject fault in init_mtd(): sysfs: cannot creat… | |||
| CVE-2022-0476 | unknown | — | — | — | Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | |||
| CVE-2022-50309 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init of_get_child_by_name() returns a node pointer with refcount increme… | |||
| CVE-2022-25375 | unknown | — | — | — | An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain… | |||
| CVE-2022-23042 | unknown | — | — | — | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Li… | |||
| CVE-2022-50315 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS UBSAN complains about array-index-out-of-bounds: [ 1.980703] kernel: UBSAN:… | |||
| CVE-2022-25258 | unknown | — | — | — | An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large … | |||
| CVE-2022-23041 | unknown | — | — | — | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Li… | |||
| CVE-2022-0519 | unknown | — | — | — | Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. | |||
| CVE-2022-50324 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mtd: maps: pxa2xx-flash: fix memory leak in probe Free 'info' upon remapping error to avoid a memory leak. [<miquel.raynal@bootl… | |||
| CVE-2022-0518 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. | |||
| CVE-2022-23040 | unknown | — | — | — | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Li… |