CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-27382 | medium | — | 5.5 | 4y ago | RHSA-2022:5826: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-27380 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-27377 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-32088 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-31622 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-27455 | medium | — | 5.5 | 4y ago | RHSA-2022:5826: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-24048 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-27447 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-48943 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvm_arch_c… | |||
| CVE-2022-1785 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-1897 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-27456 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-27452 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-27445 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-24051 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-32087 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-32085 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-32083 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2022-31618 | medium | 5.5 | 5.5 | 4y ago | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service. | |||
| CVE-2022-35737 | medium | — | 5.5 | 4y ago | RHSA-2023:0110: sqlite security update (Moderate) | |||
| CVE-2022-23773 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-30630 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-30632 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-28131 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-30629 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |||
| CVE-2022-1705 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-24675 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-30633 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-28327 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-1962 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-24921 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-30635 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-30631 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-32148 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-29526 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-1650 | medium | — | 5.5 | 4y ago | RHSA-2022:6057: .NET Core 3.1 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-2514 | medium | — | 5.5 | 4y ago | The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim. | |||
| CVE-2022-2097 | medium | — | 5.5 | 4y ago | RHSA-2022:5818: openssl security update (Moderate) | |||
| CVE-2022-1586 | medium | — | 5.5 | 4y ago | RHSA-2022:5809: pcre2 security update (Moderate) | |||
| CVE-2022-1629 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-25313 | medium | — | 5.5 | 4y ago | Moderate: expat security update | |||
| CVE-2022-49044 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tag_size is less than digest size It is possible to set up dm-integrity in such a way th… | |||
| CVE-2022-26280 | medium | — | 5.5 | 4y ago | Moderate: libarchive security update | |||
| CVE-2022-1587 | medium | — | 5.5 | 4y ago | An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regula… | |||
| CVE-2022-29824 | medium | — | 5.5 | 4y ago | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation … | |||
| CVE-2022-0943 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-26353 | medium | — | 5.5 | 4y ago | A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memo… | |||
| CVE-2022-26354 | medium | — | 5.5 | 4y ago | A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected … | |||
| CVE-2022-0554 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-1420 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-1154 | medium | — | 5.5 | 4y ago | RHSA-2022:1552: vim security update (Moderate) | |||
| CVE-2022-1621 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-25314 | medium | — | 5.5 | 4y ago | Moderate: expat security update | |||
| CVE-2022-27776 | medium | — | 5.5 | 4y ago | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | |||
| CVE-2022-1215 | medium | — | 5.5 | 4y ago | Moderate: libinput security update | |||
| CVE-2022-30184 | medium | — | 5.5 | 4y ago | RHSA-2022:5061: .NET Core 3.1 security and bugfix update (Moderate) | |||
| CVE-2022-30552 | medium | 5.5 | 5.5 | 4y ago | Das U-Boot 2022.01 has a Buffer Overflow. | |||
| CVE-2022-1708 | medium | — | 5.5 | 4y ago | RHSA-2022:7529: container-tools:3.0 security update (Moderate) | |||
| CVE-2022-23772 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-23806 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-0413 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-22826 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22824 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-21434 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-22823 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22822 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-21496 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-22825 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22827 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-21443 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-23303 | medium | — | 5.5 | 4y ago | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an inc… | |||
| CVE-2022-25762 | medium | — | 5.5 | 4y ago | If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible tha… | |||
| CVE-2022-28265 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28264 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28263 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28261 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28259 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28258 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28255 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28253 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28251 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28245 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-29107 | medium | 5.5 | 5.5 | 4y ago | Microsoft Office Security Feature Bypass Vulnerability | |||
| CVE-2022-21658 | medium | — | 5.5 | 4y ago | Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_d… | |||
| CVE-2022-27650 | medium | — | 5.5 | 4y ago | A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with… | |||
| CVE-2022-0485 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22590 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously… | |||
| CVE-2022-22637 | medium | — | 5.5 | 4y ago | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause un… | |||
| CVE-2022-22594 | medium | — | 5.5 | 4y ago | A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A webs… | |||
| CVE-2022-22592 | medium | — | 5.5 | 4y ago | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted w… | |||
| CVE-2022-22589 | medium | — | 5.5 | 4y ago | A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously … | |||
| CVE-2022-1117 | medium | — | 5.5 | 4y ago | RHSA-2022:1898: fapolicyd security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-1343 | medium | — | 5.5 | 4y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-1473 | medium | — | 5.5 | 4y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-27385 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-31621 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-31624 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-28346 | medium | — | 5.5 | 4y ago | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via … | |||
| CVE-2022-28347 | medium | — | 5.5 | 4y ago | A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion… | |||
| CVE-2022-24795 | medium | — | 5.5 | 4y ago | RHSA-2022:7524: yajl security update (Moderate) |