CVEs from 2022
Total
5,244
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-49763 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfs_attr_find() Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs r… | |||
| CVE-2022-34480 | unknown | — | — | — | Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects… | |||
| CVE-2022-34474 | unknown | — | — | — | Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt… | |||
| CVE-2022-37797 | unknown | — | — | — | In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the se… | |||
| CVE-2022-22707 | unknown | — | — | — | In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of … | |||
| CVE-2022-41556 | unknown | — | — | — | A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is relat… | |||
| CVE-2022-0998 | unknown | — | — | — | An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potent… | |||
| CVE-2022-4293 | unknown | — | — | — | Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. | |||
| CVE-2022-20008 | unknown | — | — | — | In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that trigge… | |||
| CVE-2022-20132 | unknown | — | — | — | In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a ma… | |||
| CVE-2022-4292 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0882. | |||
| CVE-2022-20369 | unknown | — | — | — | In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges nee… | |||
| CVE-2022-3705 | unknown | — | — | — | A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads… | |||
| CVE-2022-20421 | unknown | — | — | — | In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges nee… | |||
| CVE-2022-20422 | unknown | — | — | — | In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privi… | |||
| CVE-2022-20423 | unknown | — | — | — | In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no ad… | |||
| CVE-2022-20568 | unknown | — | — | — | In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User inte… | |||
| CVE-2022-3591 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0789. | |||
| CVE-2022-3520 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. | |||
| CVE-2022-49737 | unknown | — | — | — | In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lo… | |||
| CVE-2022-3297 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0579. | |||
| CVE-2022-2991 | unknown | — | — | — | A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixe… | |||
| CVE-2022-29968 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. | |||
| CVE-2022-3078 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c. | |||
| CVE-2022-3104 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference. | |||
| CVE-2022-3110 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the … | |||
| CVE-2022-4141 | unknown | — | — | — | Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. | |||
| CVE-2022-3296 | unknown | — | — | — | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. | |||
| CVE-2022-3278 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. | |||
| CVE-2022-3256 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0530. | |||
| CVE-2022-3491 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | |||
| CVE-2022-3352 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0614. | |||
| CVE-2022-3235 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0490. | |||
| CVE-2022-3234 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | |||
| CVE-2022-3629 | unknown | — | — | — | A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to m… | |||
| CVE-2022-3099 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0360. | |||
| CVE-2022-3037 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0322. | |||
| CVE-2022-48626 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was fr… | |||
| CVE-2022-3016 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0286. | |||
| CVE-2022-3153 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. | |||
| CVE-2022-48628 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting When unmounting all the dirty buffers will be flushed and after the last osd request… | |||
| CVE-2022-48630 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ The commit referenced in the Fixes tag removed the 'brea… | |||
| CVE-2022-2980 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. | |||
| CVE-2022-48635 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fsdax: Fix infinite loop in dax_iomap_rw() I got an infinite loop and a WARNING report when executing a tail command in virtiofs.… | |||
| CVE-2022-48636 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by… | |||
| CVE-2022-48654 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this lead… | |||
| CVE-2022-2946 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0246. | |||
| CVE-2022-48641 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix memory leak when blob is malformed The bug fix was incomplete, it "replaced" crash with a memory leak. T… | |||
| CVE-2022-3134 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0389. | |||
| CVE-2022-2923 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. | |||
| CVE-2022-48643 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() syzbot is reporting underflow of nft_counters_en… | |||
| CVE-2022-48647 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but th… | |||
| CVE-2022-48657 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int… | |||
| CVE-2022-48673 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible access to freed memory in link clear After modifying the QP to the Error state, all RX WR would be complete… | |||
| CVE-2022-2982 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0260. | |||
| CVE-2022-2889 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0225. | |||
| CVE-2022-48650 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() Commit 8f394da36a36 ("scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_T… | |||
| CVE-2022-2874 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. | |||
| CVE-2022-48656 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference return… | |||
| CVE-2022-48661 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated strin… | |||
| CVE-2022-48658 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() i… | |||
| CVE-2022-48659 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc() fails In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to out-of-memory, if it… | |||
| CVE-2022-2862 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0221. | |||
| CVE-2022-48665 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity part… | |||
| CVE-2022-48666 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free There are two .exit_cmd_priv implementations. Both implementations use resources associated with… | |||
| CVE-2022-2849 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. | |||
| CVE-2022-2285 | unknown | — | — | — | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-48705 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix crash in chip reset fail In case of drv own fail in reset, we may need to run mac_reset several times. T… | |||
| CVE-2022-48706 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: vdpa: ifcvf: Do proper cleanup if IFCVF init fails ifcvf_mgmt_dev leaks memory if it is not freed before returning. Call is made … | |||
| CVE-2022-48709 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: switch: fix potential memleak in ice_add_adv_recipe() When ice_add_special_words() fails, the 'rm' is not released, which wi… | |||
| CVE-2022-48707 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset callback. The CXL specification all… | |||
| CVE-2022-48710 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix a possible null pointer dereference In radeon_fp_native_mode(), the return value of drm_mode_duplicate() is assig… | |||
| CVE-2022-48713 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/pt: Fix crash with stop filters in single-range mode Add a check for !buf->single before calling pt_buffer_region_… | |||
| CVE-2022-48712 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ext4: fix error handling in ext4_fc_record_modified_inode() Current code does not fully takes care of krealloc() error case, whic… | |||
| CVE-2022-48714 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Use VM_MAP instead of VM_ALLOC for ringbuf After commit 2fd3fb0be1d1 ("kasan, vmalloc: unpoison VM_ALLOC pages after mapping… | |||
| CVE-2022-48715 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe Running tests with a debug kernel shows that bnx2fc_recv_frame() is modifying the … | |||
| CVE-2022-48716 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd938x: fix incorrect used of portid Mixer controls have the channel id in mixer->reg, which is not same as port i… | |||
| CVE-2022-48720 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fix offload support for NETDEV_UNREGISTER event Current macsec netdev notify handler handles NETDEV_UNREGISTER event… | |||
| CVE-2022-48717 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: max9759: fix underflow in speaker_gain_control_put() Check for negative values of "priv->gain" to prevent an out of bounds … | |||
| CVE-2022-48722 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_… | |||
| CVE-2022-2257 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-48723 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: spi: uniphier: fix reference count leak in uniphier_spi_probe() The issue happens in several error paths in uniphier_spi_probe().… | |||
| CVE-2022-48727 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Avoid consuming a stale esr value when SError occur When any exception other than an IRQ occurs, the CPU updates the … | |||
| CVE-2022-48731 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid scanning potential huge holes When using devm_request_free_mem_region() and devm_memremap_pages() to add ZONE_… | |||
| CVE-2022-48729 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix panic with larger ipoib send_queue_size When the ipoib send_queue_size is increased from the default the following p… | |||
| CVE-2022-48744 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid field-overflowing memcpy() In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds c… | |||
| CVE-2022-2210 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2231 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-48740 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the c… | |||
| CVE-2022-48742 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() While looking at one unrelated syzbot bug, I found the repla… | |||
| CVE-2022-48753 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: block: fix memory leak in disk_register_independent_access_ranges kobject_init_and_add() takes reference even when it fails. Acco… | |||
| CVE-2022-48741 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ovl: fix NULL pointer dereference in copy up warning This patch is fixing a NULL pointer dereference to get a recently introduced… | |||
| CVE-2022-48745 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use del_timer_sync in fw reset flow of halting poll Substitute del_timer() with del_timer_sync() in fw reset polling de… | |||
| CVE-2022-3559 | unknown | — | — | — | A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the p… | |||
| CVE-2022-37451 | unknown | — | — | — | Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. | |||
| CVE-2022-3620 | unknown | — | — | — | A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use aft… | |||
| CVE-2022-48746 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix handling of wrong devices during bond netevent Current implementation of bond netevent handler only check if the h… | |||
| CVE-2022-48748 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in __allowed_ingress When using per-vlan state, if vlan snooping and stats are disabled, untag… | |||
| CVE-2022-37452 | unknown | — | — | — | Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | |||
| CVE-2022-48749 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc The function performs a check on the "ctx" input parameter, however, i… |