CVEs from 2022
Total
5,243
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0617 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-32742 | medium | — | 5.5 | 4y ago | RHSA-2022:7111: samba security and bug fix update (Moderate) | |||
| CVE-2022-0168 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-1304 | medium | — | 5.5 | 4y ago | RHSA-2022:7720: e2fsprogs security and bug fix update (Moderate) | |||
| CVE-2022-49297 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for m… | |||
| CVE-2022-48936 | medium | — | 5.5 | 4y ago | RHSA-2024:8870: kernel-rt security update (Moderate) | |||
| CVE-2022-30699 | medium | — | 5.5 | 4y ago | RHSA-2022:7622: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-32990 | medium | — | 5.5 | 4y ago | Moderate: gimp security and enhancement update | |||
| CVE-2022-2503 | medium | — | 5.5 | 4y ago | Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads c… | |||
| CVE-2022-2320 | medium | — | 5.5 | 4y ago | A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, whi… | |||
| CVE-2022-29581 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-2153 | medium | — | 5.5 | 4y ago | A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. Th… | |||
| CVE-2022-3107 | medium | — | 5.5 | 4y ago | An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null p… | |||
| CVE-2022-20572 | medium | — | 5.5 | 4y ago | In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution pri… | |||
| CVE-2022-1263 | medium | — | 5.5 | 4y ago | A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, cau… | |||
| CVE-2022-1158 | medium | — | 5.5 | 4y ago | A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, thi… | |||
| CVE-2022-0562 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-0865 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-0908 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-0924 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-0909 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-22844 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-1354 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |||
| CVE-2022-1355 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-49263 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path This avoids leaking memory if brcmf_chip_get_raminfo fails. … | |||
| CVE-2022-1049 | medium | — | 5.5 | 4y ago | RHSA-2022:7447: pcs security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-42432 | medium | — | 5.5 | 4y ago | This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged… | |||
| CVE-2022-22719 | medium | — | 5.5 | 4y ago | A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | |||
| CVE-2022-22721 | medium | — | 5.5 | 4y ago | If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apac… | |||
| CVE-2022-23943 | medium | — | 5.5 | 4y ago | Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version … | |||
| CVE-2022-28615 | medium | — | 5.5 | 4y ago | Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed … | |||
| CVE-2022-26377 | medium | — | 5.5 | 4y ago | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reque… | |||
| CVE-2022-28614 | medium | — | 5.5 | 4y ago | The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as w… | |||
| CVE-2022-29404 | medium | — | 5.5 | 4y ago | In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. | |||
| CVE-2022-30522 | medium | — | 5.5 | 4y ago | If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigg… | |||
| CVE-2022-30556 | medium | — | 5.5 | 4y ago | Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | |||
| CVE-2022-31813 | medium | — | 5.5 | 4y ago | Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based auth… | |||
| CVE-2022-48905 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. | |||
| CVE-2022-48918 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses a… | |||
| CVE-2022-48912 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been release… | |||
| CVE-2022-48921 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. This has been bisected to commit 4ef0c5c6b5ba ("k… | |||
| CVE-2022-49235 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. … | |||
| CVE-2022-49238 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 Commit b4a0f54156ac ("ath11k: move peer delete after vd… | |||
| CVE-2022-49504 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external … | |||
| CVE-2022-49515 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defin… | |||
| CVE-2022-49531 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is stored in the gendisk private data is valid until the gendisk is f… | |||
| CVE-2022-49534 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and l… | |||
| CVE-2022-49536 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces … | |||
| CVE-2022-49537 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processo… | |||
| CVE-2022-49538 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_rep… | |||
| CVE-2022-49543 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() When test device recovery with below command, it has warning i… | |||
| CVE-2022-49557 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave) Set the starting uABI size of KVM's guest FPU to 'stru… | |||
| CVE-2022-49561 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set… | |||
| CVE-2022-49584 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero It is possible to disable VFs while the PF driver is proces… | |||
| CVE-2022-30067 | medium | — | 5.5 | 4y ago | Moderate: gimp security and enhancement update | |||
| CVE-2022-49615 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe f… | |||
| CVE-2022-49625 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efx_ef10_try_update_nic_stats_… | |||
| CVE-2022-41105 | medium | 5.5 | 5.5 | 4y ago | Microsoft Excel Information Disclosure Vulnerability | |||
| CVE-2022-41104 | medium | 5.5 | 5.5 | 4y ago | Microsoft Excel Security Feature Bypass Vulnerability | |||
| CVE-2022-41103 | medium | 5.5 | 5.5 | 4y ago | Microsoft Word Information Disclosure Vulnerability | |||
| CVE-2022-41060 | medium | 5.5 | 5.5 | 4y ago | Microsoft Word Information Disclosure Vulnerability | |||
| CVE-2022-21682 | medium | — | 5.5 | 4y ago | RHSA-2022:7458: flatpak-builder security and bug fix update (Moderate) | |||
| CVE-2022-21824 | medium | — | 5.5 | 4y ago | RHSA-2022:9073: nodejs:16 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49616 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: rt7*-sdw: harden jack_detect_handler Realtek headset codec drivers typically check if the card is instantiated before proce… | |||
| CVE-2022-23960 | medium | — | 5.5 | 4y ago | Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buf… | |||
| CVE-2022-2938 | medium | — | 5.5 | 4y ago | A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corr… | |||
| CVE-2022-49674 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load (using raid_ctr), dm-raid allocates an array rs->devs… | |||
| CVE-2022-27950 | medium | — | 5.5 | 4y ago | In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. | |||
| CVE-2022-50095 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to… | |||
| CVE-2022-37434 | medium | — | 5.5 | 4y ago | Moderate: rsync security and bug fix update | |||
| CVE-2022-33099 | medium | — | 5.5 | 4y ago | Moderate: lua security update | |||
| CVE-2022-49281 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their o… | |||
| CVE-2022-21253 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21297 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21378 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21304 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49611 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comme… | |||
| CVE-2022-21358 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21367 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21351 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21374 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21302 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49610 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPEC_CTRL val… | |||
| CVE-2022-21352 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21344 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21301 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21245 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21372 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21265 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21368 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21379 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21278 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21249 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21348 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21600 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21339 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21370 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21342 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21362 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21254 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) |