CVEs from 2022
Total
5,236
critical
critical 92
high
high 1,236
medium
medium 953
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-50846 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will … | |||
| CVE-2022-50347 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the… | |||
| CVE-2022-50761 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xen_init_lock_cpu() In xen_init_lock_cpu(), the @name has allocated new string by kasprintf(), if bin… | |||
| CVE-2022-50353 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: wmt-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memo… | |||
| CVE-2022-49430 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - cancel delayed work only in case of GPIO gpio_keys module can either accept gpios or interrupts. The module in… | |||
| CVE-2022-49549 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails In mce_threshold_create_device(), if threshold_create_bank() fail… | |||
| CVE-2022-50073 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered … | |||
| CVE-2022-50096 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/kprobes: Update kcb status flag after singlestepping Fix kprobes to update kcb (kprobes control block) status flag to KPROBE_… | |||
| CVE-2022-50720 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC (or xAPIC), and Extended APIC (or x2APIC). X2A… | |||
| CVE-2022-49787 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() pci_get_device() will increase the reference count for t… | |||
| CVE-2022-50468 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() The following WARNING message was given when r… | |||
| CVE-2022-48773 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create If there are failures then we must not leave the non-NULL pointe… | |||
| CVE-2022-24810 | medium | — | 5.5 | 2y ago | Moderate: net-snmp security update | |||
| CVE-2022-24809 | medium | — | 5.5 | 2y ago | Moderate: net-snmp security update | |||
| CVE-2022-24807 | medium | — | 5.5 | 2y ago | Moderate: net-snmp security update | |||
| CVE-2022-24805 | medium | — | 5.5 | 2y ago | Moderate: net-snmp security update | |||
| CVE-2022-24806 | medium | — | 5.5 | 2y ago | Moderate: net-snmp security update | |||
| CVE-2022-24808 | medium | — | 5.5 | 2y ago | Moderate: net-snmp security update | |||
| CVE-2022-48743 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2022-48829 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes iattr::ia_size is a loff_t, so these NFSv3 procedures must be caref… | |||
| CVE-2022-48828 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix ia_size underflow iattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as a… | |||
| CVE-2022-48622 | medium | — | 5.5 | 2y ago | Moderate: gdk-pixbuf2 security update | |||
| CVE-2022-50274 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: adopts refcnt to avoid UAF dvb_unregister_device() is known that prone to use-after-free. That is, the cleanup fro… | |||
| CVE-2022-48565 | medium | — | 5.5 | 2y ago | An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | |||
| CVE-2022-23222 | medium | — | 5.5 | 2y ago | kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. | |||
| CVE-2022-0500 | medium | — | 5.5 | 2y ago | A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows… | |||
| CVE-2022-49977 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_o… | |||
| CVE-2022-49940 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() A null pointer dereference can happen when attempting to acces… | |||
| CVE-2022-50782 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search caused by bad quota inode We got a issue as fllows: ========================================… | |||
| CVE-2022-50485 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode There are many places that will get unhappy (and crash) when ext4_ig… | |||
| CVE-2022-50673 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ====================================================… | |||
| CVE-2022-38096 | medium | 5.5 | 5.5 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-48947 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventua… | |||
| CVE-2022-50286 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline When converting files with inline data to extents, dela… | |||
| CVE-2022-33065 | medium | — | 5.5 | 2y ago | Moderate: libsndfile security update | |||
| CVE-2022-50638 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search caused by bad boot loader inode We got a issue as fllows: ==================================… | |||
| CVE-2022-40090 | medium | — | 5.5 | 2y ago | Moderate: libtiff security update | |||
| CVE-2022-50116 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user pack… | |||
| CVE-2022-48560 | medium | — | 5.5 | 2y ago | RHSA-2024:2987: python27:2.7 security update (Moderate) | |||
| CVE-2022-48564 | medium | — | 5.5 | 2y ago | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | |||
| CVE-2022-44638 | medium | — | 5.5 | 3y ago | RHSA-2024:0131: pixman security update (Moderate) | |||
| CVE-2022-24963 | medium | — | 5.5 | 3y ago | Moderate: apr security update | |||
| CVE-2022-3565 | medium | — | 5.5 | 3y ago | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Blueto… | |||
| CVE-2022-31130 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-43681 | medium | — | 5.5 | 3y ago | Moderate: frr security and bug fix update | |||
| CVE-2022-50327 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which wo… | |||
| CVE-2022-36440 | medium | — | 5.5 | 3y ago | Moderate: frr security and bug fix update | |||
| CVE-2022-38745 | medium | — | 5.5 | 3y ago | Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. | |||
| CVE-2022-39306 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-50042 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: genl: fix error path memory leak in policy dumping If construction of the array of policies fails when recording non-first p… | |||
| CVE-2022-50087 | medium | — | 5.5 | 3y ago | Moderate: kernel security update | |||
| CVE-2022-49885 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() Change num_ghes from int to unsigned int, preventing an overflow and… | |||
| CVE-2022-40318 | medium | — | 5.5 | 3y ago | Moderate: frr security and bug fix update | |||
| CVE-2022-23527 | medium | — | 5.5 | 3y ago | RHSA-2023:6940: mod_auth_openidc:2.3 security and bug fix update (Moderate) | |||
| CVE-2022-50341 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to … | |||
| CVE-2022-50865 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and in tcp… | |||
| CVE-2022-50856 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_ses_add_channel() Before return, should free the xid, otherwise, the xid will be leaked. | |||
| CVE-2022-48468 | medium | — | 5.5 | 3y ago | RHSA-2023:6944: protobuf-c security update (Moderate) | |||
| CVE-2022-50543 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr->map double free rxe_mr_cleanup() which tries to free mr->map again will be called when rxe_mr_init_user() fails… | |||
| CVE-2022-37601 | medium | — | 5.5 | 3y ago | RHSA-2023:6972: grafana security and enhancement update (Moderate) | |||
| CVE-2022-3064 | medium | — | 5.5 | 3y ago | RHSA-2024:10784: rhc security update (Moderate) | |||
| CVE-2022-39307 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-50110 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource Unlike release_mem_region(), a call to release_resource() does not … | |||
| CVE-2022-4285 | medium | — | 5.5 | 3y ago | RHSA-2023:6236: binutils security update (Moderate) | |||
| CVE-2022-50472 | medium | 5.5 | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context Tracepoints are not allowed to sleep, as such the followi… | |||
| CVE-2022-31123 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-50369 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in vkms_release() A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms->outp… | |||
| CVE-2022-2127 | medium | — | 5.5 | 3y ago | RHSA-2023:7139: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49759 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmci_dispatch_dgs() tasklet function calls vmci_read_data() which uses wait_event… | |||
| CVE-2022-39201 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-50269 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix memory leak in vkms_init() A memory leak was reported after the vkms module install failed. unreferenced object 0x… | |||
| CVE-2022-50423 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() There is an use-after-free reported by KASAN: BUG: KASAN: us… | |||
| CVE-2022-39324 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-23552 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-40302 | medium | — | 5.5 | 3y ago | Moderate: frr security and bug fix update | |||
| CVE-2022-40898 | medium | — | 5.5 | 3y ago | Moderate: python-wheel security update | |||
| CVE-2022-40433 | medium | — | 5.5 | 3y ago | RHSA-2023:5731: java-1.8.0-openjdk security update (Moderate) | |||
| CVE-2022-46663 | medium | — | 5.5 | 3y ago | Moderate: less security update | |||
| CVE-2022-48281 | medium | — | 5.5 | 3y ago | RHSA-2023:3827: libtiff security update (Moderate) | |||
| CVE-2022-4515 | medium | — | 5.5 | 3y ago | RHSA-2023:2863: ctags security update (Moderate) | |||
| CVE-2022-50493 | medium | 5.5 | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call … | |||
| CVE-2022-27239 | medium | — | 5.5 | 3y ago | RHBA-2023:3052: cifs-utils bug fix and enhancement update (Moderate) | |||
| CVE-2022-3551 | medium | — | 5.5 | 3y ago | A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memor… | |||
| CVE-2022-46340 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger… | |||
| CVE-2022-4283 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetK… | |||
| CVE-2022-46343 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local pr… | |||
| CVE-2022-3627 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-3970 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-1924 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrit… | |||
| CVE-2022-1925 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to… | |||
| CVE-2022-49700 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as… | |||
| CVE-2022-49058 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_upda… | |||
| CVE-2022-50546 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4_evict_inode' Syzbot found the following issue: =========================================… | |||
| CVE-2022-50219 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in compute_effective_progs Syzbot found a Use After Free bug in compute_effective_progs(). The… | |||
| CVE-2022-3550 | medium | — | 5.5 | 3y ago | A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It… | |||
| CVE-2022-3597 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-39317 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-39283 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-50717 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(), add a bounds … | |||
| CVE-2022-3598 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update |