CVEs from 2022
Total
5,236
critical
critical 92
high
high 1,236
medium
medium 953
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-21673 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-50213 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID… | |||
| CVE-2022-27406 | medium | — | 5.5 | 4y ago | RHSA-2022:7745: freetype security update (Moderate) | |||
| CVE-2022-21703 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-39190 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49398 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback The list_for_each_entry_safe() macro saves the current it… | |||
| CVE-2022-31625 | medium | — | 5.5 | 4y ago | RHSA-2022:7624: php:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49253 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: media: usb: go7007: s2250-board: fix leak in probe() Call i2c_unregister_device(audio) on this error path. | |||
| CVE-2022-36946 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49268 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM Do not call snd_dma_free_pages() when snd_dma_alloc_pages() returns -ENOME… | |||
| CVE-2022-29900 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-27405 | medium | — | 5.5 | 4y ago | RHSA-2022:7745: freetype security update (Moderate) | |||
| CVE-2022-29162 | medium | — | 5.5 | 4y ago | RHSA-2022:7469: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-27191 | medium | — | 5.5 | 4y ago | RHSA-2022:7469: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-28893 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-29901 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-28390 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-2639 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49264 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard … | |||
| CVE-2022-26373 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-0918 | medium | — | 5.5 | 4y ago | RHSA-2022:5823: 389-ds:1.4 security update (Moderate) | |||
| CVE-2022-22844 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-23816 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-23825 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-1355 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-1354 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |||
| CVE-2022-21499 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21125 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-2850 | medium | — | 5.5 | 4y ago | RHSA-2022:7133: 389-ds:1.4 security update (Moderate) | |||
| CVE-2022-29581 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21123 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-20368 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-42432 | medium | — | 5.5 | 4y ago | This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged… | |||
| CVE-2022-1852 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-50187 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: fix netdev open race Make sure to allocate resources needed before registering the device. This specifically avoids havi… | |||
| CVE-2022-1679 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49347 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in ext4_writepages we got issue as follows: EXT4-fs error (device loop0): ext4_mb_generate_buddy:1141: group 0, … | |||
| CVE-2022-0924 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-1280 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-1184 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49559 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a trip… | |||
| CVE-2022-1016 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-32742 | medium | — | 5.5 | 4y ago | RHSA-2022:7111: samba security and bug fix update (Moderate) | |||
| CVE-2022-49606 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix sleep from invalid context BUG Taking the qos_mutex to process RoCEv2 QP's on netdev events causes a kernel splat… | |||
| CVE-2022-0617 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-1304 | medium | — | 5.5 | 4y ago | RHSA-2022:7720: e2fsprogs security and bug fix update (Moderate) | |||
| CVE-2022-49707 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4 image which is freshly clear res… | |||
| CVE-2022-0168 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-50027 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe … | |||
| CVE-2022-50178 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: 8852a: rfk: fix div 0 exception The DPK is a kind of RF calibration whose algorithm is to fine tune parameters and c… | |||
| CVE-2022-49265 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() When a genpd with GENPD_FLAG_IRQ_SAFE gets removed, the follo… | |||
| CVE-2022-49426 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3-sva: Fix mm use-after-free We currently call arm64_mm_context_put() without holding a reference to the mm, whic… | |||
| CVE-2022-49695 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: igb: fix a use-after-free issue in igb_clean_tx_ring Fix the following use-after-free bug in igb_clean_tx_ring routine when the N… | |||
| CVE-2022-49697 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix request_sock leak in sk lookup helpers A customer reported a request_socket leak in a Calico cloud environment. We found… | |||
| CVE-2022-49698 | medium | — | 5.5 | 4y ago | Linux kernel (BlueField) vulnerabilities | |||
| CVE-2022-22629 | medium | — | 5.5 | 4y ago | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 1… | |||
| CVE-2022-21713 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-32891 | medium | — | 5.5 | 4y ago | The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | |||
| CVE-2022-49708 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on ext4_mb_use_inode_pa Hulk Robot reported a BUG_ON: =============================================================… | |||
| CVE-2022-50092 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN… | |||
| CVE-2022-21166 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49142 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta … | |||
| CVE-2022-49145 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, … | |||
| CVE-2022-20572 | medium | — | 5.5 | 4y ago | In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution pri… | |||
| CVE-2022-49147 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, i… | |||
| CVE-2022-1998 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-22624 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web … | |||
| CVE-2022-1706 | medium | — | 5.5 | 4y ago | Moderate: ignition security, bug fix, and enhancement update | |||
| CVE-2022-50212 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table When doing lookups for chains on the same batch by using it… | |||
| CVE-2022-49673 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5_add_disks There's a KASAN warning in raid5_add_disk when running the LVM testsuite. The warni… | |||
| CVE-2022-48738 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() We don't currently validate that the values being set are within th… | |||
| CVE-2022-49270 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm: fix use-after-free in dm_cleanup_zoned_dev() dm_cleanup_zoned_dev() uses queue, so it must be called before blk_cleanup_disk(… | |||
| CVE-2022-49671 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix memory leak in ib_cm_insert_listen cm_alloc_id_priv() allocates resource for the cm_id_priv. When cm_init_listen() f… | |||
| CVE-2022-50084 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and ru… | |||
| CVE-2022-26717 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Win… | |||
| CVE-2022-49152 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_S… | |||
| CVE-2022-49109 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in ceph_get_snapdir() The ceph_get_inode() will search for or insert a new inode into the hash … | |||
| CVE-2022-49153 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 (s… | |||
| CVE-2022-49325 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with code breaking the assumption that tp->snd_cwn… | |||
| CVE-2022-26716 | medium | — | 5.5 | 4y ago | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing malicious… | |||
| CVE-2022-1353 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49123 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: [25393.301506] ath11k_pci 0000:01:00.0… | |||
| CVE-2022-49122 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and use… | |||
| CVE-2022-49156 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer (fc_remote_port_delete) which can put the thread… | |||
| CVE-2022-49158 | medium | 5.5 | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel trigg… | |||
| CVE-2022-1048 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49093 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: skbuff: fix coalescing for page_pool fragment recycling Fix a use-after-free when using page_pool with page fragments. We encount… | |||
| CVE-2022-49413 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback jus… | |||
| CVE-2022-49160 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash during module load unload test During purex packet handling the driver was incorrectly freeing a pre-all… | |||
| CVE-2022-49409 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ==============================================================… | |||
| CVE-2022-49288 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation chan… | |||
| CVE-2022-49404 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix potential integer multiplication overflow errors When multiplying of different types, an overflow is possible even… | |||
| CVE-2022-50030 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Malformed user input to debugfs results in buffe… | |||
| CVE-2022-0854 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-48921 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. This has been bisected to commit 4ef0c5c6b5ba ("k… | |||
| CVE-2022-32189 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-24448 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-48905 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. | |||
| CVE-2022-49086 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate mem… | |||
| CVE-2022-21702 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) |