CVEs from 2022
Total
5,236
critical
critical 92
high
high 1,236
medium
medium 953
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37186 | unknown | — | — | — | In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a … | |||
| CVE-2022-3048 | unknown | — | — | — | Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to … | |||
| CVE-2022-3078 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c. | |||
| CVE-2022-3099 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0360. | |||
| CVE-2022-3110 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the … | |||
| CVE-2022-3202 | unknown | — | — | — | A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal informatio… | |||
| CVE-2022-49812 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bridge: switchdev: Fix memory leaks when changing VLAN protocol The bridge driver can offload VLANs to the underlying hardware ei… | |||
| CVE-2022-2157 | unknown | — | — | — | Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2022-3307 | unknown | — | — | — | Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-4184 | unknown | — | — | — | Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Med… | |||
| CVE-2022-48842 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: Fix race condition during interface enslave Commit 5dbbbd01cbba83 ("ice: Avoid RTNL lock when re-creating auxiliary device")… | |||
| CVE-2022-23122 | unknown | — | — | — | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists with… | |||
| CVE-2022-48759 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code… | |||
| CVE-2022-49341 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog->jited_len along prog->jited syzbot reported an illegal copy_to_user() attempt from bpf_prog_get_info_by_f… | |||
| CVE-2022-49706 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefs_iomap_begin() for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the… | |||
| CVE-2022-48670 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: peci: cpu: Fix use-after-free in adev_release() When auxiliary_device_add() returns an error, auxiliary_device_uninit() is called… | |||
| CVE-2022-48631 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 When walking through an inode extents, the ext4_ext_binsea… | |||
| CVE-2022-50647 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as `insb', `outsb', etc. which use the ph… | |||
| CVE-2022-23123 | unknown | — | — | — | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exi… | |||
| CVE-2022-0604 | unknown | — | — | — | Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potenti… | |||
| CVE-2022-0794 | unknown | — | — | — | Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a cr… | |||
| CVE-2022-0469 | unknown | — | — | — | Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HT… | |||
| CVE-2022-0470 | unknown | — | — | — | Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0603 | unknown | — | — | — | Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-49255 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fs_handle_failed_inode This patch fixes xfstests/generic/475 failure. [ 293.680694] F2FS-fs (dm… | |||
| CVE-2022-0110 | unknown | — | — | — | Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2022-0112 | unknown | — | — | — | Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. | |||
| CVE-2022-0713 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | |||
| CVE-2022-0116 | unknown | — | — | — | Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2022-0118 | unknown | — | — | — | Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2022-0120 | unknown | — | — | — | Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. | |||
| CVE-2022-48728 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix AIP early init panic An early failure in hfi1_ipoib_setup_rn() can lead to the following panic: BUG: unable to ha… | |||
| CVE-2022-31081 | unknown | — | — | — | HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison inte… | |||
| CVE-2022-48803 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: phy: ti: Fix missing sentinel for clk_div_table _get_table_maxdiv() tries to access "clk_div_table" array out of bound defined in… | |||
| CVE-2022-3979 | unknown | — | — | — | A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manip… | |||
| CVE-2022-1771 | unknown | — | — | — | Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. | |||
| CVE-2022-0608 | unknown | — | — | — | Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-1899 | unknown | — | — | — | Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. | |||
| CVE-2022-28072 | unknown | — | — | — | A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0. | |||
| CVE-2022-4964 | unknown | — | — | — | Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. | |||
| CVE-2022-22752 | unknown | — | — | — | Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort… | |||
| CVE-2022-46875 | unknown | — | — | — | The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Oth… | |||
| CVE-2022-50749 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: acct: fix potential integer overflow in encode_comp_t() The integer overflow is descripted with following codes: > 317 static c… | |||
| CVE-2022-31214 | unknown | — | — | — | A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local … | |||
| CVE-2022-50764 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEV_STATS_INC() to avoid data-races syzbot/KCSAN reported that multiple cpus are updating dev->stats.tx_error concu… | |||
| CVE-2022-50765 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xff2000000403d00… | |||
| CVE-2022-27920 | unknown | — | — | — | libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. | |||
| CVE-2022-50830 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() hd44780_probe() allocates a memory chunk for hd with kzalloc()… | |||
| CVE-2022-50834 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: Fix potential resource leaks nfc_get_device() take reference for the device, add missing nfc_put_device() to release it when… | |||
| CVE-2022-50836 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() The kfree() should be called when of_irq_get_byname() fails or de… | |||
| CVE-2022-50837 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path If dsa_tag_8021q_setup() fails, for example due to … | |||
| CVE-2022-50841 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribut… | |||
| CVE-2022-50840 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snic_tgt_create() Smatch reports a warning as follows: drivers/scsi/snic/snic_disc.c:307 snic_tg… | |||
| CVE-2022-50853 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a credential leak in _nfs4_discover_trunking() | |||
| CVE-2022-50848 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drivers: dio: fix possible memory leak in dio_init() If device_register() returns error, the 'dev' and name needs be freed. Add a… | |||
| CVE-2022-50852 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() Don't dereference "sar_root" after it has been freed. | |||
| CVE-2022-50854 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: virtual_ncidev: Fix memory leak in virtual_nci_send() skb should be free in virtual_nci_send(), otherwise kmemleak will repo… | |||
| CVE-2022-50857 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rapidio: rio: fix possible name leak in rio_register_mport() If device_register() returns error, the name allocated by dev_set_na… | |||
| CVE-2022-50860 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in alloc_ns() After changes in commit a1bd627b46d1 ("apparmor: share profile name on replacement"), the hna… | |||
| CVE-2022-50864 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field s_log_block_size of superblock data is corrupted… | |||
| CVE-2022-50867 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage adreno_show_object() is a trap! It will re-allocate the pointer it is passed o… | |||
| CVE-2022-50868 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() … | |||
| CVE-2022-50870 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtas_os_term() rtas_os_term() is called during panic. Its behavior depends on a couple… | |||
| CVE-2022-50871 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix qmi_msg_handler data structure initialization qmi_msg_handler is required to be null terminated by QMI module. … | |||
| CVE-2022-50872 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix memory leak in realtime_counter_init() The "sys_clk" resource is malloced by clk_get(), it is not released when … | |||
| CVE-2022-50873 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove In vp_vdpa_remove(), the code kfree(&vp_vdpa_mgtdev->mgtdev.id_table) u… | |||
| CVE-2022-50874 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Fix refcount leak in erdma_mmap rdma_user_mmap_entry_get() take reference, we should release it when not need anymore… | |||
| CVE-2022-50875 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() When kmalloc() fail to allocat… | |||
| CVE-2022-50876 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musb_gadget.c rxstate overflow bug The usb function device call musb_gadget_queue() adds the passed request to mus… | |||
| CVE-2022-50877 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: broadcom: bcm4908_enet: update TX stats after actual transmission Queueing packets doesn't guarantee their transmission. Upd… | |||
| CVE-2022-28506 | unknown | — | — | — | There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. | |||
| CVE-2022-50887 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() I got the the following report: OF: ERROR: memory l… | |||
| CVE-2022-50888 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() q6v5_wcss_init_mmio() will call platform_get_resour… | |||
| CVE-2022-46449 | unknown | — | — | — | An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2022-23124 | unknown | — | — | — | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exi… | |||
| CVE-2022-0465 | unknown | — | — | — | Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction. | |||
| CVE-2022-0789 | unknown | — | — | — | Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0800 | unknown | — | — | — | Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via… | |||
| CVE-2022-48694 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error t… | |||
| CVE-2022-0971 | unknown | — | — | — | Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafte… | |||
| CVE-2022-48702 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from n… | |||
| CVE-2022-48708 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference Added checking of pointer "function" in pcs_set_mux(). pinmux_generic_get_functio… | |||
| CVE-2022-48895 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown … | |||
| CVE-2022-48711 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domai… | |||
| CVE-2022-1135 | unknown | — | — | — | Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. | |||
| CVE-2022-48719 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NT… | |||
| CVE-2022-1310 | unknown | — | — | — | Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-48913 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debu… | |||
| CVE-2022-48718 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should not ever dereference the NULL pointer which drm_atomic_get_new_bridge_state… | |||
| CVE-2022-48721 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be s… | |||
| CVE-2022-48725 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siw_create_qp() The atomic_inc() needs to be paired with an atomic_dec() on the error path. | |||
| CVE-2022-48726 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure tha… | |||
| CVE-2022-2165 | unknown | — | — | — | Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||
| CVE-2022-2163 | unknown | — | — | — | Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI … | |||
| CVE-2022-48730 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and us… | |||
| CVE-2022-2296 | unknown | — | — | — | Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit h… | |||
| CVE-2022-48732 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject acces… | |||
| CVE-2022-48733 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structu… | |||
| CVE-2022-2481 | unknown | — | — | — | Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI i… | |||
| CVE-2022-2605 | unknown | — | — | — | Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |