CVEs from 2022
Total
5,243
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-50375 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown lpuart_dma_shutdown tears down lpuart dma, but lpuart… | |||
| CVE-2022-40961 | unknown | — | — | — | During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operati… | |||
| CVE-2022-42930 | unknown | — | — | — | If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106. | |||
| CVE-2022-26126 | unknown | — | — | — | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. | |||
| CVE-2022-50387 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hinic: fix the issue of CMDQ memory leaks When hinic_set_cmdq_depth() fails in hinic_init_cmdqs(), the cmdq memory is not re… | |||
| CVE-2022-42931 | unknown | — | — | — | Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unenc… | |||
| CVE-2022-50401 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure On error situation `clp->cl_cb_conn.cb_xprt` should not be giv… | |||
| CVE-2022-26127 | unknown | — | — | — | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. | |||
| CVE-2022-26128 | unknown | — | — | — | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. | |||
| CVE-2022-26129 | unknown | — | — | — | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/mes… | |||
| CVE-2022-37035 | unknown | — | — | — | An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could… | |||
| CVE-2022-45419 | unknown | — | — | — | If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have ke… | |||
| CVE-2022-50398 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: add atomic_check to bridge ops DRM commit_tails() will disable downstream crtc/encoder/bridge if both disable crtc is… | |||
| CVE-2022-50399 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: atomisp: prevent integer overflow in sh_css_set_black_frame() The "height" and "width" values come from the user so the "h… | |||
| CVE-2022-45413 | unknown | — | — | — | Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for And… | |||
| CVE-2022-45415 | unknown | — | — | — | When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system comprom… | |||
| CVE-2022-46873 | unknown | — | — | — | Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been ab… | |||
| CVE-2022-50413 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free We've already freed the assoc_data at this point, so need to use another copy of the AP (MLD) … | |||
| CVE-2022-46879 | unknown | — | — | — | Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evi… | |||
| CVE-2022-50414 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails fcoe_init() calls fcoe_transport_attach(&fcoe_sw_transport), b… | |||
| CVE-2022-46883 | unknown | — | — | — | Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corr… | |||
| CVE-2022-46884 | unknown | — | — | — | A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable cras… | |||
| CVE-2022-50433 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: efi: ssdt: Don't free memory if ACPI table was loaded successfully Amadeusz reports KASAN use-after-free errors introduced by com… | |||
| CVE-2022-50434 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault injection test: unreferenced obje… | |||
| CVE-2022-50435 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is noth… | |||
| CVE-2022-50438 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hinic: fix memory leak when reading function table When the input parameter idx meets the expected case option in hinic_dbg_… | |||
| CVE-2022-50451 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak on ntfs_fill_super() error path syzbot reported kmemleak as below: BUG: memory leak unreferenced objec… | |||
| CVE-2022-50456 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix resolving backrefs for inline extent followed by prealloc If a file consists of an inline extent followed by a regular… | |||
| CVE-2022-50461 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65_cpsw_nuss_ndo_slave_open() Ensure pm_runtime_put() is issued in erro… | |||
| CVE-2022-50471 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctl… | |||
| CVE-2022-50483 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdp_do_redirect() failure Before enetc_clean_rx_ring_xdp() calls xdp_do_redirect(), each softwa… | |||
| CVE-2022-50498 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: eth: alx: take rtnl_lock on resume Zbynek reports that alx trips an rtnl assertion on resume: RTNL: assertion failed at net/cor… | |||
| CVE-2022-50507 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit befo… | |||
| CVE-2022-31114 | unknown | — | — | 3d ago | backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.… | |||
| CVE-2022-49957 | unknown | — | — | 1y ago | In the Linux kernel, the following vulnerability has been resolved: kcm: fix strp_init() order and cleanup strp_init() is called just a few lines above this csk->sk_user_data check, it also initial… | |||
| CVE-2022-41137 | unknown | — | — | 2y ago | Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore | |||
| CVE-2022-23553 | unknown | — | — | 2y ago | Alpine allows URL access filter bypass | |||
| CVE-2022-23554 | unknown | — | — | 2y ago | Alpine allows Authentication Filter bypass | |||
| CVE-2022-48833 | unknown | — | — | 2y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: skip reserved bytes warning on unmount after log cleanup failure After the recent changes made by commit c2e39305299f01 ("… | |||
| CVE-2022-29946 | unknown | — | — | 2y ago | NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one sc… | |||
| CVE-2022-30636 | unknown | — | — | 2y ago | httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a di… | |||
| CVE-2022-47894 | unknown | — | — | 2y ago | Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE | |||
| CVE-2022-4963 | unknown | — | — | 2y ago | SQL injection in Folio Spring Module Core | |||
| CVE-2022-34321 | unknown | — | — | 2y ago | Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint | |||
| CVE-2022-45320 | unknown | — | — | 2y ago | Privilege escalation in Liferay Portal | |||
| CVE-2022-3328 | unknown | — | — | 2y ago | Race condition in snap-confine's must_mkdir_and_open_with_perms() | |||
| CVE-2022-45135 | unknown | — | — | 3y ago | Apache Cocoon SQL Injection vulnerability | |||
| CVE-2022-2232 | unknown | — | — | 3y ago | Keycloak vulnerable to LDAP Injection on UsernameForm Login | |||
| CVE-2022-41678 | unknown | — | — | 3y ago | Apache ActiveMQ Deserialization of Untrusted Data vulnerability | |||
| CVE-2022-46337 | unknown | — | — | 3y ago | Apache Derby: LDAP injection vulnerability in authenticator | |||
| CVE-2022-4245 | unknown | — | — | 3y ago | codehaus-plexus vulnerable to XML injection | |||
| CVE-2022-4244 | unknown | — | — | 3y ago | plexus-codehaus vulnerable to directory traversal | |||
| CVE-2022-28357 | unknown | — | — | 3y ago | NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account. | |||
| CVE-2022-1415 | unknown | — | — | 3y ago | Drools Core Deserialization of Untrusted Data vulnerability | |||
| CVE-2022-44729 | unknown | — | — | 3y ago | Apache XML Graphics Batik Server-Side Request Forgery vulnerability | |||
| CVE-2022-46751 | unknown | — | — | 3y ago | Apache Ivy External Entity Reference vulnerability | |||
| CVE-2022-41401 | unknown | — | — | 3y ago | OpenRefine Server-Side Request Forgery vulnerability | |||
| CVE-2022-40896 | unknown | — | — | 3y ago | A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. | |||
| CVE-2022-42009 | unknown | — | — | 3y ago | Apache Ambari Expression Language Injection vulnerability | |||
| CVE-2022-45855 | unknown | — | — | 3y ago | Apache Ambari Expression Language Injection vulnerability | |||
| CVE-2022-45048 | unknown | — | — | 3y ago | Apache Ranger code execution vulnerability in policy expressions | |||
| CVE-2022-45802 | unknown | — | — | 3y ago | Apache StreamPark Path Traversal vulnerability | |||
| CVE-2022-46365 | unknown | — | — | 3y ago | Apache StreamPark Improper Input Validation vulnerability | |||
| CVE-2022-24697 | unknown | — | — | 3y ago | Apache Kylin vulnerable to remote code execution | |||
| CVE-2022-4361 | unknown | — | — | 3y ago | Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC | |||
| CVE-2022-46907 | unknown | — | — | 3y ago | Apache JSPWiki vulnerable to cross-site scripting on several plugins | |||
| CVE-2022-47937 | unknown | — | — | 3y ago | Apache Sling Commons JSON bundle vulnerable to Improper Input Validation | |||
| CVE-2022-45801 | unknown | — | — | 3y ago | Apache StreamPark LDAP Injection vulnerability | |||
| CVE-2022-45064 | unknown | — | — | 3y ago | Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation | |||
| CVE-2022-41918 | unknown | — | — | 3y ago | OpenSearch has issue with fine-grained access control of indices backing data streams | |||
| CVE-2022-3277 | unknown | — | — | 3y ago | An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates re… | |||
| CVE-2022-1274 | unknown | — | — | 3y ago | HTML Injection in Keycloak Admin REST API | |||
| CVE-2022-4137 | unknown | — | — | 3y ago | Keycloak Cross-site Scripting on OpenID connect login service | |||
| CVE-2022-1438 | unknown | — | — | 3y ago | Keycloak vulnerable to Cross-site Scripting | |||
| CVE-2022-39228 | unknown | — | — | 3y ago | vantage6 vulnerable to Observable Response Discrepancy | |||
| CVE-2022-4492 | unknown | — | — | 3y ago | Undertow client not checking server identity presented by server certificate in https connections | |||
| CVE-2022-42735 | unknown | — | — | 3y ago | Privilege escalation in Apache ShenYu | |||
| CVE-2022-4903 | unknown | — | — | 3y ago | CodenameOne Pending Intent vulnerability | |||
| CVE-2022-24894 | unknown | — | — | 3y ago | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers… | |||
| CVE-2022-24895 | unknown | — | — | 3y ago | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the… | |||
| CVE-2022-44645 | unknown | — | — | 3y ago | Apache Linkis contains Deserialization of Untrusted Data | |||
| CVE-2022-44644 | unknown | — | — | 3y ago | Apache Linkis vulnerable to Exposure of Sensitive Information | |||
| CVE-2022-2712 | unknown | — | — | 3y ago | Path Traversal In Eclipse GlassFish | |||
| CVE-2022-47951 | unknown | — | — | 3y ago | An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0… | |||
| CVE-2022-25894 | unknown | — | — | 3y ago | Remote Code Execution in com.bstek.uflo:uflo-core | |||
| CVE-2022-47042 | unknown | — | — | 3y ago | Arbitrary file write in net.mingsoft:ms-mcms | |||
| CVE-2022-47105 | unknown | — | — | 3y ago | Jeecg-boot is vulnerable to SQL injection | |||
| CVE-2022-47950 | unknown | — | — | 3y ago | An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file c… | |||
| CVE-2022-25901 | unknown | — | — | 3y ago | cookiejar Regular Expression Denial of Service via Cookie.parse function | |||
| CVE-2022-41721 | unknown | — | — | 3y ago | A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from th… | |||
| CVE-2022-23532 | unknown | — | — | 3y ago | org.neo4j.procedure:apoc Path Traversal Vulnerability | |||
| CVE-2022-3143 | unknown | — | — | 3y ago | Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator | |||
| CVE-2022-24913 | unknown | — | — | 3y ago | Java Merge-sort Insecure Temporary File vulnerability | |||
| CVE-2022-46176 | unknown | — | — | 3y ago | Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could explo… | |||
| CVE-2022-46769 | unknown | — | — | 4y ago | Apache Sling App CMS vulnerable to reflected Cross-site Scripting | |||
| CVE-2022-45787 | unknown | — | — | 4y ago | Apache James MIME4J vulnerable to information disclosure to local users | |||
| CVE-2022-45935 | unknown | — | — | 4y ago | Apache James server allows an attacker with local access to access private user data in transit | |||
| CVE-2022-45875 | unknown | — | — | 4y ago | Apache DolphinScheduler vulnerable to Improper Input Validation | |||
| CVE-2022-38723 | unknown | — | — | 4y ago | Gravitee API Management contains Path Traversal | |||
| CVE-2022-45143 | unknown | — | — | 4y ago | The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from use… |