CVEs from 2022

5,315 normalized CVEs published or assigned in this year.

Total

5,315

critical

critical 94

high

high 1,236

medium

medium 950

low

low 24

% Critical

1.8%

% with KEV

2.5%

% with exploit

3.3%

Top vendors

Top packages

critical high medium low unknown

KEV Has exploit

Reset

CVE	Severity	CVSS	Risk	Published	Description
CVE-2022-0417	unknown	—	—	—	Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
CVE-2022-0443	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-0572	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0629	unknown	—	—	—	Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0696	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
CVE-2022-0714	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
CVE-2022-0729	unknown	—	—	—	Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
CVE-2022-1381	unknown	—	—	—	global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible …
CVE-2022-1616	unknown	—	—	—	Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote ex…
CVE-2022-1619	unknown	—	—	—	Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote ex…
CVE-2022-1620	unknown	—	—	—	NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allow…
CVE-2022-1720	unknown	—	—	—	Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVE-2022-1674	unknown	—	—	—	NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allow…
CVE-2022-1725	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
CVE-2022-1733	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
CVE-2022-1735	unknown	—	—	—	Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
CVE-2022-1769	unknown	—	—	—	Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
CVE-2022-1796	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.4979.
CVE-2022-1851	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-1886	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-1898	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2208	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
CVE-2022-1942	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-1968	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2124	unknown	—	—	—	Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2042	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2125	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2129	unknown	—	—	—	Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2183	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2175	unknown	—	—	—	Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2182	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2206	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2207	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2231	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
CVE-2022-2210	unknown	—	—	—	Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2257	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2285	unknown	—	—	—	Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
CVE-2022-2264	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2284	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2286	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2287	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2288	unknown	—	—	—	Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
CVE-2022-2522	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
CVE-2022-2816	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
CVE-2022-2289	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.
CVE-2022-2344	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
CVE-2022-2304	unknown	—	—	—	Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2343	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
CVE-2022-2345	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0046.
CVE-2022-2571	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.
CVE-2022-2845	unknown	—	—	—	Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
CVE-2022-2580	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.
CVE-2022-2581	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
CVE-2022-2598	unknown	—	—	—	Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
CVE-2022-2604	unknown	—	—	—	Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-4923	unknown	—	—	—	Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic…
CVE-2022-48711	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domai…
CVE-2022-45141	unknown	—	—	—	Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Director…
CVE-2022-4919	unknown	—	—	—	Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2022-29910	unknown	—	—	—	When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are una…
CVE-2022-49067	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Beca…
CVE-2022-4914	unknown	—	—	—	Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a cra…
CVE-2022-4908	unknown	—	—	—	Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4924	unknown	—	—	—	Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2022-48732	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject acces…
CVE-2022-1943	unknown	—	—	—	A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this f…
CVE-2022-45059	unknown	—	—	—	An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-…
CVE-2022-4922	unknown	—	—	—	Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-2296	unknown	—	—	—	Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit h…
CVE-2022-4191	unknown	—	—	—	Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profil…
CVE-2022-4189	unknown	—	—	—	Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c…
CVE-2022-22757	unknown	—	—	—	Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected…
CVE-2022-22746	unknown	—	—	—	A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other oper…
CVE-2022-1887	unknown	—	—	—	The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.
CVE-2022-4926	unknown	—	—	—	Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security sever…
CVE-2022-48730	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and us…
CVE-2022-4920	unknown	—	—	—	Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr…
CVE-2022-3658	unknown	—	—	—	Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit h…
CVE-2022-0789	unknown	—	—	—	Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2085	unknown	—	—	—	A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_…
CVE-2022-3318	unknown	—	—	—	Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption …
CVE-2022-3314	unknown	—	—	—	Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chrom…
CVE-2022-4918	unknown	—	—	—	Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-3310	unknown	—	—	—	Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via…
CVE-2022-49082	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() The function mpt3sas_transport_port_remove() called in _scsih_…
CVE-2022-4916	unknown	—	—	—	Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2022-2163	unknown	—	—	—	Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI …
CVE-2022-3305	unknown	—	—	—	Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hig…
CVE-2022-3304	unknown	—	—	—	Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-4915	unknown	—	—	—	Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medi…
CVE-2022-37155	unknown	—	—	—	RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
CVE-2022-28961	unknown	—	—	—	Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
CVE-2022-2165	unknown	—	—	—	Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2022-48895	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown …
CVE-2022-50144	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: soundwire: revisit driver bind/unbind and callbacks In the SoundWire probe, we store a pointer from the driver ops into the 'slav…
CVE-2022-28960	unknown	—	—	—	A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
CVE-2022-28959	unknown	—	—	—	Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-4913	unknown	—	—	—	Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML pag…
CVE-2022-26847	unknown	—	—	—	SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
CVE-2022-26846	unknown	—	—	—	SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.

CVEs from 2022

Top vendors

Top products

Top packages