CVEs from 2022
Total
5,243
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-49098 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix potential crash on module unload The vmbus driver relies on the panic notifier infrastructure to perform … | |||
| CVE-2022-49411 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgrou… | |||
| CVE-2022-49199 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() This code checks "index" for an upper bound but it does no… | |||
| CVE-2022-49107 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error Reset the last_readdir at the same time, and add a comm… | |||
| CVE-2022-49142 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta … | |||
| CVE-2022-49145 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, … | |||
| CVE-2022-49349 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_rename_dir_prepare We got issue as follows: EXT4-fs (loop0): mounted filesystem without journal.… | |||
| CVE-2022-49147 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, i… | |||
| CVE-2022-22624 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web … | |||
| CVE-2022-49160 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash during module load unload test During purex packet handling the driver was incorrectly freeing a pre-all… | |||
| CVE-2022-22628 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously… | |||
| CVE-2022-22662 | medium | — | 5.5 | 4y ago | A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may … | |||
| CVE-2022-26700 | medium | — | 5.5 | 4y ago | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing malicious… | |||
| CVE-2022-27337 | medium | — | 5.5 | 4y ago | A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||
| CVE-2022-26709 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously… | |||
| CVE-2022-30550 | medium | — | 5.5 | 4y ago | An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and m… | |||
| CVE-2022-49263 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path This avoids leaking memory if brcmf_chip_get_raminfo fails. … | |||
| CVE-2022-32891 | medium | — | 5.5 | 4y ago | The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | |||
| CVE-2022-49664 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipc_node_create Shuang Li reported a NULL pointer dereference crash: [] BUG: kernel NULL … | |||
| CVE-2022-2153 | medium | — | 5.5 | 4y ago | A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. Th… | |||
| CVE-2022-26125 | medium | — | 5.5 | 4y ago | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. | |||
| CVE-2022-50178 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: 8852a: rfk: fix div 0 exception The DPK is a kind of RF calibration whose algorithm is to fine tune parameters and c… | |||
| CVE-2022-49412 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bfq: Avoid merging queues with different parents It can happen that the parent of a bfqq changes between the moment we decide two… | |||
| CVE-2022-49615 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe f… | |||
| CVE-2022-31625 | medium | — | 5.5 | 4y ago | RHSA-2022:7624: php:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-0996 | medium | — | 5.5 | 4y ago | RHSA-2022:5823: 389-ds:1.4 security update (Moderate) | |||
| CVE-2022-0918 | medium | — | 5.5 | 4y ago | RHSA-2022:5823: 389-ds:1.4 security update (Moderate) | |||
| CVE-2022-48786 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsock_connect() expects that the socket could al… | |||
| CVE-2022-1049 | medium | — | 5.5 | 4y ago | RHSA-2022:7447: pcs security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-32189 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-48765 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC The below warning is splatting during guest reboot. ------------[ cu… | |||
| CVE-2022-2319 | medium | — | 5.5 | 4y ago | A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. | |||
| CVE-2022-30698 | medium | — | 5.5 | 4y ago | RHSA-2022:7622: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-0561 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-0891 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-0934 | medium | — | 5.5 | 4y ago | RHSA-2022:7633: dnsmasq security and bug fix update (Moderate) | |||
| CVE-2022-3107 | medium | — | 5.5 | 4y ago | An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null p… | |||
| CVE-2022-1328 | medium | — | 5.5 | 4y ago | RHSA-2022:7640: mutt security update (Moderate) | |||
| CVE-2022-49710 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITS_PER_LONG The code in dm-log rounds up bitset_size to 32 bits. It then uses fin… | |||
| CVE-2022-49238 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 Commit b4a0f54156ac ("ath11k: move peer delete after vd… | |||
| CVE-2022-49559 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a trip… | |||
| CVE-2022-49235 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. … | |||
| CVE-2022-50212 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table When doing lookups for chains on the same batch by using it… | |||
| CVE-2022-2503 | medium | — | 5.5 | 4y ago | Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads c… | |||
| CVE-2022-49606 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix sleep from invalid context BUG Taking the qos_mutex to process RoCEv2 QP's on netdev events causes a kernel splat… | |||
| CVE-2022-49707 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4 image which is freshly clear res… | |||
| CVE-2022-50027 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe … | |||
| CVE-2022-42432 | medium | — | 5.5 | 4y ago | This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged… | |||
| CVE-2022-50115 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes We have sanity checks for byte controls and i… | |||
| CVE-2022-1706 | medium | — | 5.5 | 4y ago | Moderate: ignition security, bug fix, and enhancement update | |||
| CVE-2022-1348 | medium | — | 5.5 | 4y ago | Moderate: logrotate security update | |||
| CVE-2022-0562 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-27405 | medium | — | 5.5 | 4y ago | RHSA-2022:7745: freetype security update (Moderate) | |||
| CVE-2022-50213 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID… | |||
| CVE-2022-49605 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: igc: Reinstate IGC_REMOVED logic and implement it properly The initially merged version of the igc driver code (via commit 146740… | |||
| CVE-2022-27406 | medium | — | 5.5 | 4y ago | RHSA-2022:7745: freetype security update (Moderate) | |||
| CVE-2022-2989 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-41105 | medium | 5.5 | 5.5 | 4y ago | Microsoft Excel Information Disclosure Vulnerability | |||
| CVE-2022-41104 | medium | 5.5 | 5.5 | 4y ago | Microsoft Excel Security Feature Bypass Vulnerability | |||
| CVE-2022-41103 | medium | 5.5 | 5.5 | 4y ago | Microsoft Word Information Disclosure Vulnerability | |||
| CVE-2022-41060 | medium | 5.5 | 5.5 | 4y ago | Microsoft Word Information Disclosure Vulnerability | |||
| CVE-2022-2938 | medium | — | 5.5 | 4y ago | A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corr… | |||
| CVE-2022-27950 | medium | — | 5.5 | 4y ago | In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. | |||
| CVE-2022-21824 | medium | — | 5.5 | 4y ago | RHSA-2022:9073: nodejs:16 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-23960 | medium | — | 5.5 | 4y ago | Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buf… | |||
| CVE-2022-49616 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: rt7*-sdw: harden jack_detect_handler Realtek headset codec drivers typically check if the card is instantiated before proce… | |||
| CVE-2022-21682 | medium | — | 5.5 | 4y ago | RHSA-2022:7458: flatpak-builder security and bug fix update (Moderate) | |||
| CVE-2022-49674 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load (using raid_ctr), dm-raid allocates an array rs->devs… | |||
| CVE-2022-33099 | medium | — | 5.5 | 4y ago | Moderate: lua security update | |||
| CVE-2022-50095 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to… | |||
| CVE-2022-37434 | medium | — | 5.5 | 4y ago | Moderate: rsync security and bug fix update | |||
| CVE-2022-49281 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their o… | |||
| CVE-2022-21253 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21344 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21301 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21245 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21304 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21600 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21302 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21348 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21303 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21265 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21270 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21264 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21342 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21278 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21339 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21256 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21378 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21254 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21297 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21351 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49611 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comme… | |||
| CVE-2022-21362 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21352 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21379 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21368 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21372 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21249 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49610 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPEC_CTRL val… |