CVEs from 2022
Total
5,243
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-49127 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ref_tracker: implement use-after-free detection Whenever ref_tracker_dir_init() is called, mark the struct ref_tracker_dir as dea… | |||
| CVE-2022-49128 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/bridge: Add missing pm_runtime_put_sync pm_runtime_get_sync() will increase the rumtime PM counter even when it returns an er… | |||
| CVE-2022-49131 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ath11k: fix kernel panic during unload/load ath11k modules Call netif_napi_del() from ath11k_ahb_free_ext_irq() to fix the follow… | |||
| CVE-2022-49133 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: svm range restore work deadlock when process exit kfd_process_notifier_release flush svm_range_restore_work which cal… | |||
| CVE-2022-49134 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Guard against invalid local ports When processing events generated by the device's firmware, the driver protects… | |||
| CVE-2022-49137 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj This issue takes place in an error path in amdgpu_cs_fence_to_hand… | |||
| CVE-2022-49138 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multiple … | |||
| CVE-2022-49139 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt This event is just specified for SCO and eSCO link types. On the rece… | |||
| CVE-2022-49161 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8183_da7219_max98357_dev_probe The device_node pointer is returned by of_parse_phandle() … | |||
| CVE-2022-49163 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: fix a bug of accessing array out of bounds When error occurs in parsing jpeg, the slot isn't acquired yet, it ma… | |||
| CVE-2022-49164 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/tm: Fix more userspace r13 corruption Commit cf13435b730a ("powerpc/tm: Fix userspace r13 corruption") fixes a problem in… | |||
| CVE-2022-49165 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers If the application queues an NV12M jpeg as output buffer… | |||
| CVE-2022-3071 | unknown | — | — | — | Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit he… | |||
| CVE-2022-48903 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() We are seeing crashes similar to the followin… | |||
| CVE-2022-3445 | unknown | — | — | — | Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-23124 | unknown | — | — | — | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exi… | |||
| CVE-2022-43634 | unknown | — | — | — | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists with… | |||
| CVE-2022-48728 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix AIP early init panic An early failure in hfi1_ipoib_setup_rn() can lead to the following panic: BUG: unable to ha… | |||
| CVE-2022-31081 | unknown | — | — | — | HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison inte… | |||
| CVE-2022-48803 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: phy: ti: Fix missing sentinel for clk_div_table _get_table_maxdiv() tries to access "clk_div_table" array out of bound defined in… | |||
| CVE-2022-3979 | unknown | — | — | — | A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manip… | |||
| CVE-2022-37428 | unknown | — | — | — | PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS q… | |||
| CVE-2022-1771 | unknown | — | — | — | Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. | |||
| CVE-2022-0608 | unknown | — | — | — | Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-1899 | unknown | — | — | — | Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. | |||
| CVE-2022-28072 | unknown | — | — | — | A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0. | |||
| CVE-2022-4964 | unknown | — | — | — | Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. | |||
| CVE-2022-34469 | unknown | — | — | — | When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented wit… | |||
| CVE-2022-34473 | unknown | — | — | — | The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnera… | |||
| CVE-2022-34475 | unknown | — | — | — | SVG <code><use></code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required t… | |||
| CVE-2022-45407 | unknown | — | — | — | If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox… | |||
| CVE-2022-45417 | unknown | — | — | — | Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would no… | |||
| CVE-2022-22728 | unknown | — | — | — | A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could … | |||
| CVE-2022-0695 | unknown | — | — | — | Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | |||
| CVE-2022-50011 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: venus: pm_helpers: Fix warning in OPP during probe Fix the following WARN triggered during Venus driver probe on 5.19.0-rc8-next-… | |||
| CVE-2022-3443 | unknown | — | — | — | Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severi… | |||
| CVE-2022-0789 | unknown | — | — | — | Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0800 | unknown | — | — | — | Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via… | |||
| CVE-2022-48694 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error t… | |||
| CVE-2022-0971 | unknown | — | — | — | Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafte… | |||
| CVE-2022-0979 | unknown | — | — | — | Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap cor… | |||
| CVE-2022-48719 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NT… | |||
| CVE-2022-1310 | unknown | — | — | — | Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-48913 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debu… | |||
| CVE-2022-48718 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should not ever dereference the NULL pointer which drm_atomic_get_new_bridge_state… | |||
| CVE-2022-48721 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be s… | |||
| CVE-2022-48725 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siw_create_qp() The atomic_inc() needs to be paired with an atomic_dec() on the error path. | |||
| CVE-2022-48726 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure tha… | |||
| CVE-2022-2165 | unknown | — | — | — | Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||
| CVE-2022-2163 | unknown | — | — | — | Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI … | |||
| CVE-2022-48730 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and us… | |||
| CVE-2022-50409 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory Fixes the below NULL pointer dereference: [...] [ … | |||
| CVE-2022-4176 | unknown | — | — | — | Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentia… | |||
| CVE-2022-4185 | unknown | — | — | — | Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium secu… | |||
| CVE-2022-4913 | unknown | — | — | — | Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML pag… | |||
| CVE-2022-4916 | unknown | — | — | — | Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-4920 | unknown | — | — | — | Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr… | |||
| CVE-2022-22757 | unknown | — | — | — | Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected… | |||
| CVE-2022-4924 | unknown | — | — | — | Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |||
| CVE-2022-49067 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Beca… | |||
| CVE-2022-24106 | unknown | — | — | — | In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in S… | |||
| CVE-2022-49196 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in remove_phb_dynamic() In remove_phb_dynamic() we use &phb->io_resource, after we've called … | |||
| CVE-2022-48902 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not WARN_ON() if we have PageError set Whenever we do any extent buffer operations we call assert_eb_page_uptodate() to… | |||
| CVE-2022-34000 | unknown | — | — | — | libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | |||
| CVE-2022-22758 | unknown | — | — | — | When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this … | |||
| CVE-2022-0115 | unknown | — | — | — | Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2022-0296 | unknown | — | — | — | Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a… | |||
| CVE-2022-49003 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvme: fix SRCU protection of nvme_ns_head list Walking the nvme_ns_head siblings list is protected by the head's srcu in nvme_ns_… | |||
| CVE-2022-0466 | unknown | — | — | — | Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox e… | |||
| CVE-2022-2606 | unknown | — | — | — | Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corrupt… | |||
| CVE-2022-2860 | unknown | — | — | — | Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. | |||
| CVE-2022-2861 | unknown | — | — | — | Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebU… | |||
| CVE-2022-2998 | unknown | — | — | — | Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corru… | |||
| CVE-2022-26846 | unknown | — | — | — | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | |||
| CVE-2022-26847 | unknown | — | — | — | SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | |||
| CVE-2022-0213 | unknown | — | — | — | vim is vulnerable to Heap-based Buffer Overflow | |||
| CVE-2022-1381 | unknown | — | — | — | global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible … | |||
| CVE-2022-1616 | unknown | — | — | — | Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote ex… | |||
| CVE-2022-1619 | unknown | — | — | — | Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote ex… | |||
| CVE-2022-1620 | unknown | — | — | — | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allow… | |||
| CVE-2022-1720 | unknown | — | — | — | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | |||
| CVE-2022-1674 | unknown | — | — | — | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allow… | |||
| CVE-2022-1725 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. | |||
| CVE-2022-1733 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | |||
| CVE-2022-1735 | unknown | — | — | — | Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. | |||
| CVE-2022-1769 | unknown | — | — | — | Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. | |||
| CVE-2022-1796 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2.4979. | |||
| CVE-2022-1851 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-1886 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-1898 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2208 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. | |||
| CVE-2022-1942 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-1968 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2124 | unknown | — | — | — | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2042 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2344 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. | |||
| CVE-2022-2289 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2304 | unknown | — | — | — | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2343 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. | |||
| CVE-2022-2345 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0046. |