CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-2856 | unknown | — | 1.5 | 4y ago | Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability… | |||
| CVE-2022-32894 | unknown | — | 1.5 | 4y ago | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2022-34713 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application. | |||
| CVE-2022-27924 | unknown | — | 1.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries. | |||
| CVE-2022-26138 | unknown | — | 1.5 | 4y ago | Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence … | |||
| CVE-2022-22047 | unknown | — | 1.5 | 4y ago | Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges. | |||
| CVE-2022-26925 | unknown | — | 1.5 | 4y ago | Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM. | |||
| CVE-2022-29499 | unknown | — | 1.5 | 4y ago | The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation. | |||
| CVE-2022-20821 | unknown | — | 1.5 | 4y ago | Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running … | |||
| CVE-2022-21919 | unknown | — | 1.5 | 4y ago | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-22718 | unknown | — | 1.5 | 4y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation. | |||
| CVE-2022-1364 | unknown | — | 1.5 | 4y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |||
| CVE-2022-24521 | unknown | — | 1.5 | 4y ago | Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-23176 | unknown | — | 1.5 | 4y ago | WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. | |||
| CVE-2022-22674 | unknown | — | 1.5 | 4y ago | macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. | |||
| CVE-2022-22675 | unknown | — | 1.5 | 4y ago | macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. | |||
| CVE-2022-26871 | unknown | — | 1.5 | 4y ago | An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution. | |||
| CVE-2022-26143 | unknown | — | 1.5 | 4y ago | A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degr… | |||
| CVE-2022-20701 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20703 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20708 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-20700 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |||
| CVE-2022-24682 | unknown | — | 1.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code. | |||
| CVE-2022-0609 | unknown | — | 1.5 | 4y ago | Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |||
| CVE-2022-23134 | unknown | — | 1.5 | 4y ago | Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend. | |||
| CVE-2022-23131 | unknown | — | 1.5 | 4y ago | Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML. | |||
| CVE-2022-24086 | unknown | — | 1.5 | 4y ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution. | |||
| CVE-2022-22587 | unknown | — | 1.5 | 4y ago | Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. | |||
| CVE-2022-21661 | unknown | — | 1.0 | — | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is po… | |||
| CVE-2022-39285 | unknown | — | 1.0 | — | ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td"… | |||
| CVE-2022-24716 | unknown | — | 1.0 | — | Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server us… | |||
| CVE-2022-1043 | unknown | — | 1.0 | — | A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. | |||
| CVE-2022-29806 | unknown | — | 1.0 | — | ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. | |||
| CVE-2022-44267 | unknown | — | 1.0 | — | ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. | |||
| CVE-2022-39290 | unknown | — | 1.0 | — | ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web… | |||
| CVE-2022-39291 | unknown | — | 1.0 | — | ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to i… | |||
| CVE-2022-44268 | unknown | — | 1.0 | — | ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick b… | |||
| CVE-2022-35583 | unknown | — | 1.0 | — | wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the … | |||
| CVE-2022-22909 | unknown | — | 1.0 | — | HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room mo… | |||
| CVE-2022-24715 | unknown | — | 1.0 | — | Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended direc… | |||
| CVE-2022-46945 | unknown | — | 1.0 | — | Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. | |||
| CVE-2022-0995 | unknown | — | 1.0 | — | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user… | |||
| CVE-2022-37706 | unknown | — | 1.0 | — | enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substr… | |||
| CVE-2022-39986 | unknown | — | 1.0 | 3y ago | RaspAP Command Injection vulnerability | |||
| CVE-2022-4510 | unknown | — | 1.0 | 3y ago | A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extract… | |||
| CVE-2022-4407 | unknown | — | 1.0 | 4y ago | phpMyFAQ vulnerable to Cross-site Scripting | |||
| CVE-2022-3766 | unknown | — | 1.0 | 4y ago | phpMyFAQ vulnerable to reflected Cross-site Scripting | |||
| CVE-2022-38580 | unknown | — | 1.0 | 4y ago | Server-side request forger via X-Skipper-Proxy in github.com/zalando/skipper | |||
| CVE-2022-36551 | unknown | — | 1.0 | 4y ago | A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the sys… | |||
| CVE-2022-35513 | unknown | — | 1.0 | 4y ago | Blink1Control2 uses weak password encryption | |||
| CVE-2022-34668 | unknown | — | 1.0 | 4y ago | NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial… | |||
| CVE-2022-36633 | unknown | — | 1.0 | 4y ago | Improper token validation leading to code execution in Teleport | |||
| CVE-2022-34140 | unknown | — | 1.0 | 4y ago | Feehi CMS Cross-site Scripting | |||
| CVE-2022-35411 | unknown | — | 1.0 | 4y ago | rpc.py vulnerable to Deserialization of Untrusted Data | |||
| CVE-2022-31101 | unknown | — | 1.0 | 4y ago | BlockWishList SQL Injection vulnerability | |||
| CVE-2022-30781 | unknown | — | 1.0 | 4y ago | Shell command injection in gitea in code.gitea.io/gitea | |||
| CVE-2022-29885 | unknown | — | 1.0 | 4y ago | The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to r… | |||
| CVE-2022-1631 | unknown | — | 1.0 | 4y ago | Incorrect Authorization in microweber | |||
| CVE-2022-26986 | unknown | — | 1.0 | 4y ago | SQL injection in ImpressCMS | |||
| CVE-2022-0088 | unknown | — | 1.0 | 4y ago | Cross-Site Request Forgery in YOURLS | |||
| CVE-2022-28368 | unknown | — | 1.0 | 4y ago | Remote code injection in dompdf/dompdf | |||
| CVE-2022-24637 | unknown | — | 1.0 | 4y ago | Improper Privilege Management in Open Web Analytics | |||
| CVE-2022-0967 | unknown | — | 1.0 | 4y ago | Stored Cross-site Scripting in showdoc | |||
| CVE-2022-0482 | unknown | — | 1.0 | 4y ago | Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments | |||
| CVE-2022-26149 | unknown | — | 1.0 | 4y ago | Unrestricted Upload of File with Dangerous Type in MODX Revolution | |||
| CVE-2022-0557 | unknown | — | 1.0 | 4y ago | OS Command Injection in Microweber | |||
| CVE-2022-24124 | unknown | — | 1.0 | 4y ago | SQL Injection in Casdoor in github.com/casdoor/casdoor | |||
| CVE-2022-0332 | unknown | — | 1.0 | 4y ago | SQL injection in Moodle | |||
| CVE-2022-35062 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3. | |||
| CVE-2022-50434 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault injection test: unreferenced obje… | |||
| CVE-2022-50435 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is noth… | |||
| CVE-2022-50438 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hinic: fix memory leak when reading function table When the input parameter idx meets the expected case option in hinic_dbg_… | |||
| CVE-2022-27939 | unknown | — | — | — | tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. | |||
| CVE-2022-50483 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdp_do_redirect() failure Before enetc_clean_rx_ring_xdp() calls xdp_do_redirect(), each softwa… | |||
| CVE-2022-43242 | unknown | — | — | — | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cr… | |||
| CVE-2022-50517 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: do not clobber swp_entry_t during THP split The following has been observed when running stressng mmap since comm… | |||
| CVE-2022-50551 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() This patch fixes a shift-out-of-bounds in brcmfmac … | |||
| CVE-2022-3479 | unknown | — | — | — | A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. | |||
| CVE-2022-50553 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' When generate a synthetic event with many params and then creat… | |||
| CVE-2022-50557 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions() The thunderbay_add_functions() will free memory of … | |||
| CVE-2022-50560 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/meson: explicitly remove aggregate driver at module unload time Because component_master_del wasn't being called when unloadi… | |||
| CVE-2022-50651 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ethtool: eeprom: fix null-deref on genl_info in dump The similar fix as commit 46cdedf2a0fa ("ethtool: pse-pd: fix null-deref on … | |||
| CVE-2022-50648 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller Naveen reported recursive locking of direct_mutex with … | |||
| CVE-2022-50657 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: riscv: mm: add missing memcpy in kasan_init Hi Atish, It seems that the panic is due to the missing memcpy during kasan_init. Co… | |||
| CVE-2022-50652 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: uio: uio_dmem_genirq: Fix missing unlock in irq configuration Commit b74351287d4b ("uio: fix a sleep-in-atomic-context bug in uio… | |||
| CVE-2022-50722 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: ipu3-imgu: Fix NULL pointer dereference in active selection access What the IMGU driver did was that it first acquired the… | |||
| CVE-2022-50727 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: efct: Fix possible memleak in efct_device_init() In efct_device_init(), when efct_scsi_reg_fc_transport() fails, efct_scsi_… | |||
| CVE-2022-50762 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Avoid UBSAN error on true_sectors_per_clst() syzbot reported UBSAN error as below: [ 76.901829][ T6677] ============… | |||
| CVE-2022-50763 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/octeontx - prevent integer overflows The "code_length" value comes from the firmware file. If your firmware is u… | |||
| CVE-2022-50786 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSE_INSTANCE command, ctx_work_bits was not getting cle… | |||
| CVE-2022-50826 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() Calling v4l2_subdev_get_try_crop() and v4l2_subdev_get_try… | |||
| CVE-2022-50821 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails | |||
| CVE-2022-49251 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: va-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out o… | |||
| CVE-2022-42257 | unknown | — | — | — | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. | |||
| CVE-2022-49285 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: accel: mma8452: use the correct logic to get mma8452_data The original logic to get mma8452_data is wrong, the *dev point to… | |||
| CVE-2022-49289 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on access_ok() Three architectures check the end of a user access against the address limit without… | |||
| CVE-2022-1114 | unknown | — | — | — | A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to Image… | |||
| CVE-2022-2719 | unknown | — | — | — | In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of ser… | |||
| CVE-2022-49470 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event We should not access skb buffer data anymore after hci_recv_fram… | |||
| CVE-2022-49509 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix kernel oops when removing module When removing the max9286 module we get a kernel oops: Unable to handl… |