CVEs from 2022

5,243 normalized CVEs published or assigned in this year.

Total

5,243

critical

critical 92

high

high 1,233

medium

medium 961

low

low 24

% Critical

1.8%

% with KEV

2.5%

% with exploit

3.4%

Top vendors

Top packages

critical high medium low unknown

KEV Has exploit

Reset

CVE	Severity	CVSS	Risk	Published	Description
CVE-2022-26846	unknown	—	—	—	SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
CVE-2022-26847	unknown	—	—	—	SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
CVE-2022-4189	unknown	—	—	—	Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c…
CVE-2022-4191	unknown	—	—	—	Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profil…
CVE-2022-4922	unknown	—	—	—	Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-45059	unknown	—	—	—	An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-…
CVE-2022-4908	unknown	—	—	—	Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-29910	unknown	—	—	—	When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are una…
CVE-2022-4923	unknown	—	—	—	Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic…
CVE-2022-4919	unknown	—	—	—	Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2022-0213	unknown	—	—	—	vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-1381	unknown	—	—	—	global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible …
CVE-2022-1616	unknown	—	—	—	Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote ex…
CVE-2022-1619	unknown	—	—	—	Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote ex…
CVE-2022-1620	unknown	—	—	—	NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allow…
CVE-2022-1720	unknown	—	—	—	Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVE-2022-1674	unknown	—	—	—	NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allow…
CVE-2022-1725	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
CVE-2022-1733	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
CVE-2022-1735	unknown	—	—	—	Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
CVE-2022-1769	unknown	—	—	—	Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
CVE-2022-1796	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.4979.
CVE-2022-1851	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-1886	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-1898	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2208	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
CVE-2022-1942	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-1968	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2124	unknown	—	—	—	Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2042	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2125	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2129	unknown	—	—	—	Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2183	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2175	unknown	—	—	—	Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2182	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2206	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2207	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2231	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
CVE-2022-2210	unknown	—	—	—	Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2257	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2285	unknown	—	—	—	Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
CVE-2022-2264	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2284	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2286	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2287	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2288	unknown	—	—	—	Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
CVE-2022-2522	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
CVE-2022-2816	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
CVE-2022-2344	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
CVE-2022-2289	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.
CVE-2022-2304	unknown	—	—	—	Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2343	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
CVE-2022-2345	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0046.
CVE-2022-2571	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.
CVE-2022-2845	unknown	—	—	—	Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
CVE-2022-2580	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.
CVE-2022-2581	unknown	—	—	—	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
CVE-2022-2598	unknown	—	—	—	Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
CVE-2022-2817	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0213.
CVE-2022-2819	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
CVE-2022-2849	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.
CVE-2022-2862	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0221.
CVE-2022-2874	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.
CVE-2022-2889	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0225.
CVE-2022-2982	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0260.
CVE-2022-2923	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.
CVE-2022-3134	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0389.
CVE-2022-2946	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0246.
CVE-2022-2980	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.
CVE-2022-3153	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
CVE-2022-3016	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0286.
CVE-2022-3037	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0322.
CVE-2022-3099	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0360.
CVE-2022-3234	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
CVE-2022-3235	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVE-2022-3352	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0614.
CVE-2022-3491	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.
CVE-2022-3256	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0530.
CVE-2022-3278	unknown	—	—	—	NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
CVE-2022-3296	unknown	—	—	—	Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
CVE-2022-4141	unknown	—	—	—	Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
CVE-2022-3297	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0579.
CVE-2022-3520	unknown	—	—	—	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
CVE-2022-3591	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0789.
CVE-2022-3705	unknown	—	—	—	A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads…
CVE-2022-4292	unknown	—	—	—	Use After Free in GitHub repository vim/vim prior to 9.0.0882.
CVE-2022-4293	unknown	—	—	—	Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
CVE-2022-49729	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred Similar to the handling of play_deferred in commit 19cfe912c37b ("Bluetoot…
CVE-2022-49733	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL…
CVE-2022-34474	unknown	—	—	—	Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt…
CVE-2022-34480	unknown	—	—	—	Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects…
CVE-2022-49763	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfs_attr_find() Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs r…
CVE-2022-34482	unknown	—	—	—	An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tr…
CVE-2022-34483	unknown	—	—	—	An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tr…
CVE-2022-36317	unknown	—	—	—	When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox fo…
CVE-2022-49789	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()'…
CVE-2022-49888	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortex_a76_erratum_1463225_debug_handler() function is called when handling debug except…
CVE-2022-49999	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix space cache corruption and potential double allocations When testing space_cache v2 on a large set of machines, we enc…
CVE-2022-50098	unknown	—	—	—	In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts Ensure SRB is returned during I/O timeout error escalation. …
CVE-2022-23467	unknown	—	—	—	OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `raz…

CVEs from 2022

Top vendors

Top products

Top packages