CVEs from 2022
Total
5,314
critical
critical 94
high
high 1,236
medium
medium 950
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.3%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37969 | unknown | — | 1.5 | 4y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-32917 | unknown | — | 1.5 | 4y ago | Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges. | |||
| CVE-2022-26258 | unknown | — | 1.5 | 4y ago | D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution. | |||
| CVE-2022-3075 | unknown | — | 1.5 | 4y ago | Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a craf… | |||
| CVE-2022-27593 | unknown | — | 1.5 | 4y ago | Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerabi… | |||
| CVE-2022-36537 | unknown | — | 1.5 | 4y ago | ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Jav… | |||
| CVE-2022-2294 | unknown | — | 1.5 | 4y ago | WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerab… | |||
| CVE-2022-0028 | unknown | — | 1.5 | 4y ago | A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. | |||
| CVE-2022-21971 | unknown | — | 1.5 | 4y ago | Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution. | |||
| CVE-2022-2856 | unknown | — | 1.5 | 4y ago | Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability… | |||
| CVE-2022-32894 | unknown | — | 1.5 | 4y ago | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2022-34713 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application. | |||
| CVE-2022-27924 | unknown | — | 1.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries. | |||
| CVE-2022-26138 | unknown | — | 1.5 | 4y ago | Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence … | |||
| CVE-2022-22047 | unknown | — | 1.5 | 4y ago | Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges. | |||
| CVE-2022-26925 | unknown | — | 1.5 | 4y ago | Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM. | |||
| CVE-2022-29499 | unknown | — | 1.5 | 4y ago | The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation. | |||
| CVE-2022-20821 | unknown | — | 1.5 | 4y ago | Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running … | |||
| CVE-2022-21919 | unknown | — | 1.5 | 4y ago | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-22718 | unknown | — | 1.5 | 4y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation. | |||
| CVE-2022-1364 | unknown | — | 1.5 | 4y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |||
| CVE-2022-24521 | unknown | — | 1.5 | 4y ago | Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-23176 | unknown | — | 1.5 | 4y ago | WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. | |||
| CVE-2022-22675 | unknown | — | 1.5 | 4y ago | macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. | |||
| CVE-2022-22674 | unknown | — | 1.5 | 4y ago | macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. | |||
| CVE-2022-26871 | unknown | — | 1.5 | 4y ago | An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution. | |||
| CVE-2022-26143 | unknown | — | 1.5 | 4y ago | A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degr… | |||
| CVE-2022-20701 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20700 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20708 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20703 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-24682 | unknown | — | 1.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code. | |||
| CVE-2022-0609 | unknown | — | 1.5 | 4y ago | Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |||
| CVE-2022-23131 | unknown | — | 1.5 | 4y ago | Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML. | |||
| CVE-2022-23134 | unknown | — | 1.5 | 4y ago | Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend. | |||
| CVE-2022-24086 | unknown | — | 1.5 | 4y ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution. | |||
| CVE-2022-22587 | unknown | — | 1.5 | 4y ago | Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. | |||
| CVE-2022-46945 | unknown | — | 1.0 | — | Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. | |||
| CVE-2022-44268 | unknown | — | 1.0 | — | ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick b… | |||
| CVE-2022-44267 | unknown | — | 1.0 | — | ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. | |||
| CVE-2022-1043 | unknown | — | 1.0 | — | A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. | |||
| CVE-2022-0995 | unknown | — | 1.0 | — | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user… | |||
| CVE-2022-29885 | unknown | — | 1.0 | 4y ago | The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to r… | |||
| CVE-2022-49441 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tty: fix deadlock caused by calling printk() under tty_port->lock pty_write() invokes kmalloc() which may invoke a normal printk(… | |||
| CVE-2022-2284 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-3309 | unknown | — | — | — | Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escap… | |||
| CVE-2022-2264 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2285 | unknown | — | — | — | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2257 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2210 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-3201 | unknown | — | — | — | Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass naviga… | |||
| CVE-2022-2286 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2287 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2288 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-0605 | unknown | — | — | — | Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interac… | |||
| CVE-2022-2231 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2207 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-3200 | unknown | — | — | — | Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-2206 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2182 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-0971 | unknown | — | — | — | Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafte… | |||
| CVE-2022-2175 | unknown | — | — | — | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2183 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2129 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2125 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-22758 | unknown | — | — | — | When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this … | |||
| CVE-2022-3055 | unknown | — | — | — | Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a c… | |||
| CVE-2022-37966 | unknown | — | — | — | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | |||
| CVE-2022-2042 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2124 | unknown | — | — | — | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-1968 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-1942 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-49402 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ftrace: Clean up hash direct_functions on register failures We see the following GPF when register_ftrace_direct fails: [ ] gene… | |||
| CVE-2022-3052 | unknown | — | — | — | Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially… | |||
| CVE-2022-2208 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. | |||
| CVE-2022-1898 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-48694 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error t… | |||
| CVE-2022-1886 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-1851 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-48718 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should not ever dereference the NULL pointer which drm_atomic_get_new_bridge_state… | |||
| CVE-2022-34482 | unknown | — | — | — | An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tr… | |||
| CVE-2022-50262 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate BOOT record_size When the NTFS BOOT record_size field < 0, it represents a shift value. However, there is no s… | |||
| CVE-2022-1796 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2.4979. | |||
| CVE-2022-1769 | unknown | — | — | — | Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. | |||
| CVE-2022-48956 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems … | |||
| CVE-2022-1735 | unknown | — | — | — | Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. | |||
| CVE-2022-1733 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | |||
| CVE-2022-34000 | unknown | — | — | — | libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | |||
| CVE-2022-2858 | unknown | — | — | — | Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. | |||
| CVE-2022-1725 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. | |||
| CVE-2022-1674 | unknown | — | — | — | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allow… | |||
| CVE-2022-3854 | unknown | — | — | — | A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. | |||
| CVE-2022-1720 | unknown | — | — | — | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | |||
| CVE-2022-1620 | unknown | — | — | — | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allow… | |||
| CVE-2022-3650 | unknown | — | — | — | A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. | |||
| CVE-2022-2617 | unknown | — | — | — | Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific … | |||
| CVE-2022-48913 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debu… | |||
| CVE-2022-3437 | unknown | — | — | — | A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI li… | |||
| CVE-2022-45141 | unknown | — | — | — | Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Director… | |||
| CVE-2022-1619 | unknown | — | — | — | Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote ex… |