CVEs from 2022
Total
5,236
critical
critical 92
high
high 1,236
medium
medium 953
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-26307 | medium | — | 5.5 | 3y ago | LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in Lib… | |||
| CVE-2022-2953 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2519 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-32221 | medium | — | 5.5 | 3y ago | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same han… | |||
| CVE-2022-2057 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-3821 | medium | — | 5.5 | 3y ago | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format… | |||
| CVE-2022-41717 | medium | — | 5.5 | 3y ago | Moderate: podman security and bug fix update | |||
| CVE-2022-41715 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2022-2879 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2022-27664 | medium | — | 5.5 | 3y ago | Moderate: grafana-pcp security and enhancement update | |||
| CVE-2022-42011 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-3715 | medium | — | 5.5 | 3y ago | Moderate: bash security update | |||
| CVE-2022-2521 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-42012 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-42010 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-40303 | medium | — | 5.5 | 3y ago | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an a… | |||
| CVE-2022-50054 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->v… | |||
| CVE-2022-50053 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavf_close in iavf_reset_task error handling. Doing so can lead to double call of napi… | |||
| CVE-2022-31197 | medium | — | 5.5 | 3y ago | Moderate: postgresql-jdbc security update | |||
| CVE-2022-40304 | medium | — | 5.5 | 3y ago | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can b… | |||
| CVE-2022-43680 | medium | — | 5.5 | 3y ago | RHSA-2023:0103: expat security update (Moderate) | |||
| CVE-2022-2867 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2869 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2868 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-4144 | medium | — | 5.5 | 3y ago | An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, poten… | |||
| CVE-2022-3517 | medium | — | 5.5 | 4y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2022-43548 | medium | — | 5.5 | 4y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2022-45442 | medium | — | 5.5 | 4y ago | RHSA-2023:0855: pcs security update (Moderate) | |||
| CVE-2022-24999 | medium | — | 5.5 | 4y ago | RHSA-2023:0050: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49175 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in device_pm_check_callbacks() The function device_pm_check_callbacks() can be called under the spin loc… | |||
| CVE-2022-1353 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-48735 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix UAF of leds class devs at unbinding The LED class devices that are created by HD-audio codec drivers are registere… | |||
| CVE-2022-49129 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the reset_work has already been schedu… | |||
| CVE-2022-0996 | medium | — | 5.5 | 4y ago | RHSA-2022:5823: 389-ds:1.4 security update (Moderate) | |||
| CVE-2022-49107 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error Reset the last_readdir at the same time, and add a comm… | |||
| CVE-2022-39190 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49060 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() dev_name() was called with dev.parent as argument but without to NULL… | |||
| CVE-2022-21713 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-0854 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-1706 | medium | — | 5.5 | 4y ago | Moderate: ignition security, bug fix, and enhancement update | |||
| CVE-2022-49465 | medium | — | 5.5 | 4y ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2022-49292 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INT_MAX overflow at vmalloc() allocation that … | |||
| CVE-2022-49411 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgrou… | |||
| CVE-2022-49291 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against t… | |||
| CVE-2022-49272 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock syzbot caught a potential deadlock between the PCM runtime->b… | |||
| CVE-2022-49710 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITS_PER_LONG The code in dm-log rounds up bitset_size to 32 bits. It then uses fin… | |||
| CVE-2022-22629 | medium | — | 5.5 | 4y ago | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 1… | |||
| CVE-2022-22719 | medium | — | 5.5 | 4y ago | A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | |||
| CVE-2022-48765 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC The below warning is splatting during guest reboot. ------------[ cu… | |||
| CVE-2022-49215 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. Th… | |||
| CVE-2022-24448 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49199 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() This code checks "index" for an upper bound but it does no… | |||
| CVE-2022-32746 | medium | — | 5.5 | 4y ago | RHSA-2022:7730: libldb security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21703 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-1184 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-48918 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses a… | |||
| CVE-2022-26373 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-32891 | medium | — | 5.5 | 4y ago | The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | |||
| CVE-2022-25255 | medium | — | 5.5 | 4y ago | In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | |||
| CVE-2022-23816 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-26716 | medium | — | 5.5 | 4y ago | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing malicious… | |||
| CVE-2022-23825 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21499 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21125 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21123 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-1048 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-20368 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-1852 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-0168 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-1679 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-2850 | medium | — | 5.5 | 4y ago | RHSA-2022:7133: 389-ds:1.4 security update (Moderate) | |||
| CVE-2022-0617 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-31625 | medium | — | 5.5 | 4y ago | RHSA-2022:7624: php:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-1016 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-1280 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21698 | medium | — | 5.5 | 4y ago | RHSA-2022:7529: container-tools:3.0 security update (Moderate) | |||
| CVE-2022-50179 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem wa… | |||
| CVE-2022-21166 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49408 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in parse_apply_sb_mount_options() If processing the on-disk mount options fails after any memory was alloca… | |||
| CVE-2022-32742 | medium | — | 5.5 | 4y ago | RHSA-2022:7111: samba security and bug fix update (Moderate) | |||
| CVE-2022-49515 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defin… | |||
| CVE-2022-26125 | medium | — | 5.5 | 4y ago | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. | |||
| CVE-2022-20572 | medium | — | 5.5 | 4y ago | In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution pri… | |||
| CVE-2022-49440 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Keep MSR[RI] set when calling RTAS RTAS runs in real mode (MSR[DR] and MSR[IR] unset) and in 32-bit big endian mode… | |||
| CVE-2022-28615 | medium | — | 5.5 | 4y ago | Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed … | |||
| CVE-2022-1998 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49584 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero It is possible to disable VFs while the PF driver is proces… | |||
| CVE-2022-49412 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bfq: Avoid merging queues with different parents It can happen that the parent of a bfqq changes between the moment we decide two… | |||
| CVE-2022-50085 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert… | |||
| CVE-2022-26717 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Win… | |||
| CVE-2022-49605 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: igc: Reinstate IGC_REMOVED logic and implement it properly The initially merged version of the igc driver code (via commit 146740… | |||
| CVE-2022-49264 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard … | |||
| CVE-2022-36946 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49247 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED If the callback 'start_streaming' fails, then all… | |||
| CVE-2022-29900 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-28893 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-29901 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-0918 | medium | — | 5.5 | 4y ago | RHSA-2022:5823: 389-ds:1.4 security update (Moderate) | |||
| CVE-2022-28390 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-2639 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update |