CVEs from 2022
Total
5,236
critical
critical 92
high
high 1,236
medium
medium 953
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-49779 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case In __unregister_kprobe_top(), if the currently unregiste… | |||
| CVE-2022-49780 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() If device_register() fails in tcm_loop_setup_hba_bus()… | |||
| CVE-2022-49790 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforce_init_device(… | |||
| CVE-2022-49791 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: io_uring: fix multishot accept request leaks Having REQ_F_POLLED set doesn't guarantee that the request is executed as a multisho… | |||
| CVE-2022-49794 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_trigger_register() returns error, it should ca… | |||
| CVE-2022-49800 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() test_gen_synth_cmd() only free buf in fail path, he… | |||
| CVE-2022-49801 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in tracing_read_pipe() kmemleak reports this issue: unreferenced object 0xffff888105a18900 (size 128): … | |||
| CVE-2022-49802 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix null pointer dereference in ftrace_add_mod() The @ftrace_mod is allocated by kzalloc(), so both the members {prev,nex… | |||
| CVE-2022-49807 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak in nvmet_auth_set_key When changing dhchap secrets we need to release the old secrets as well. kmemleak… | |||
| CVE-2022-49809 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25_lapb_receive_frame() x25_lapb_receive_frame() using skb_copy() to get a private copy of skb, the new… | |||
| CVE-2022-49810 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfs: Fix missing xas_retry() calls in xarray iteration netfslib has a number of places in which it performs iteration of an xar… | |||
| CVE-2022-49817 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fix memory leak in mhi_net_dellink() MHI driver registers network device without setting the needs_free_netdev flag, an… | |||
| CVE-2022-49823 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() is not … | |||
| CVE-2022-49818 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling devic… | |||
| CVE-2022-49824 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() is no… | |||
| CVE-2022-49825 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is no… | |||
| CVE-2022-49826 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device… | |||
| CVE-2022-49829 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: fix fence ref counting We leaked dependency fences when processes were beeing killed. Additional to that grab a r… | |||
| CVE-2022-49831 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: initialize device's zone info for seeding When performing seeding on a zoned filesystem it is necessary to initiali… | |||
| CVE-2022-49834 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corrupti… | |||
| CVE-2022-49835 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error… | |||
| CVE-2022-49838 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sctp: clear out_curr if all frag chunks of current msg are pruned A crash was reported by Zhen Chen: list_del corruption, ffff… | |||
| CVE-2022-49841 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [… | |||
| CVE-2022-40961 | unknown | — | — | — | During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operati… | |||
| CVE-2022-49898 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix tree mod log mishandling of reallocated nodes We have been seeing the following panic in production kernel BUG at f… | |||
| CVE-2022-49886 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that #VE on "private" memory access All normal kernel memory is "TDX private memory". This include… | |||
| CVE-2022-49887 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got b… | |||
| CVE-2022-49919 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flow rule object from commit path No need to postpone this to the commit release path, since no pac… | |||
| CVE-2022-49893 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix cxl_region leak, cleanup targets at region delete When a region is deleted any targets that have been previously … | |||
| CVE-2022-3888 | unknown | — | — | — | Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-49905 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smc_init() In smc_init(), register_pernet_subsys(&smc_net_stat_ops) is called wi… | |||
| CVE-2022-49907 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for __mdiobus_register Shifting signed 32-bit value by 31 bits is undefined, so ch… | |||
| CVE-2022-3629 | unknown | — | — | — | A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to m… | |||
| CVE-2022-49913 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix inode list leak during backref walking at find_parent_nodes() During backref walking, at find_parent_nodes(), if we ar… | |||
| CVE-2022-49914 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix inode list leak during backref walking at resolve_indirect_refs() During backref walking, at resolve_indirect_refs(), … | |||
| CVE-2022-3620 | unknown | — | — | — | A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use aft… | |||
| CVE-2022-49921 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in red_enqueue() We can't use "skb" again after passing it to qdisc_enqueue(). This is basically … | |||
| CVE-2022-49924 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: Fix potential memory leak in fdp_nci_send() fdp_nci_send() will call fdp_nci_i2c_write that will not free skb in the fu… | |||
| CVE-2022-49972 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xsk: Fix corrupted packets for XDP_SHARED_UMEM Fix an issue in XDP_SHARED_UMEM mode together with aligned mode where packets are … | |||
| CVE-2022-49975 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Don't redirect packets with invalid pkt_len Syzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any skbs, … | |||
| CVE-2022-49976 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS The x86-android-tablets handling for the… | |||
| CVE-2022-3559 | unknown | — | — | — | A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the p… | |||
| CVE-2022-3521 | unknown | — | — | — | A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation … | |||
| CVE-2022-3491 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | |||
| CVE-2022-3479 | unknown | — | — | — | A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. | |||
| CVE-2022-3202 | unknown | — | — | — | A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal informatio… | |||
| CVE-2022-3110 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the … | |||
| CVE-2022-3099 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0360. | |||
| CVE-2022-3078 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c. | |||
| CVE-2022-49997 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: lantiq_xrx200: restore buffer if memory allocation failed In a situation where memory allocation fails, an invalid buffer ad… | |||
| CVE-2022-50025 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cxl: Fix a memory leak in an error handling path A bitmap_zalloc() must be balanced by a corresponding bitmap_free() in the error… | |||
| CVE-2022-3048 | unknown | — | — | — | Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to … | |||
| CVE-2022-50036 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when computing packet sizes Currently, the packet overhead is subtracted using unsigned arithme… | |||
| CVE-2022-50038 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() In this function, there are two refcount leak bugs: (1) when… | |||
| CVE-2022-50040 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() If an error occurs in dsa_devlink_region_create(), then… | |||
| CVE-2022-50045 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/pci: Fix get_phb_number() locking The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP warning on some syste… | |||
| CVE-2022-50047 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6060: prevent crash on an unused port If the port isn't a CPU port nor a user port, 'cpu_dp' is a null pointer and… | |||
| CVE-2022-50114 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: 9p: fix refcount leak in p9_read_work() error handling p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid … | |||
| CVE-2022-48980 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() The SJA1105 family has 45 L2 policing table entries (… | |||
| CVE-2022-37186 | unknown | — | — | — | In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a … | |||
| CVE-2022-50134 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() setup_base_ctxt() allocates a memory chunk for uctxt->groups with hfi1_… | |||
| CVE-2022-50140 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: memstick/ms_block: Fix a memory leak 'erased_blocks_bitmap' is never freed. As it is allocated at the same time as 'used_blocks_b… | |||
| CVE-2022-50142 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: intel_th: msu: Fix vmalloced buffers After commit f5ff79fddf0e ("dma-mapping: remove CONFIG_DMA_REMAP") there's a chance of DMA b… | |||
| CVE-2022-36314 | unknown | — | — | — | When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Fi… | |||
| CVE-2022-50155 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset of_find_node_by_path() returns a node pointer with refcou… | |||
| CVE-2022-50162 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in if_usb_probe() usb_get_dev will be called before lbs_get_firmware_async which means… | |||
| CVE-2022-50169 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a single… | |||
| CVE-2022-50171 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to deencrypt and decrypt packets du… | |||
| CVE-2022-50173 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case. Otherwise, we could… | |||
| CVE-2022-50175 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: tw686x: Fix memory leak in tw686x_video_init video_device_alloc() allocates memory for vdev, when video_register_device() … | |||
| CVE-2022-2000 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-50218 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028_remove() The driver use the non-managed form of the register function in isl290… | |||
| CVE-2022-50222 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read immediately af… | |||
| CVE-2022-50232 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables [ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire k… | |||
| CVE-2022-50236 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix crash on isr after kexec() If the system is rebooted via isr(), the IRQ handler might be triggered before the… | |||
| CVE-2022-50244 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() If device_register() fails in cxl_pci_afu|adapter(), the device is… | |||
| CVE-2022-50293 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range If we get -ENOMEM while dropping file extent items in a g… | |||
| CVE-2022-50307 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix out-of-bounds access on cio_ignore free The channel-subsystem-driver scans for newly available devices whenever dev… | |||
| CVE-2022-50310 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ip6mr: fix UAF issue in ip6mr_sk_done() when addrconf_init_net() failed If the initialization fails in calling addrconf_init_net(… | |||
| CVE-2022-50314 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nbd: Fix hung when signal interrupts nbd_start_device_ioctl() syzbot reported hung task [1]. The following program is a simplifi… | |||
| CVE-2022-50321 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() The brcmf_netdev_start_xmit() returns NETDEV_TX_OK without… | |||
| CVE-2022-1736 | unknown | — | — | — | Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default. | |||
| CVE-2022-50330 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "code_length" value comes from the firmware file. If your firmwar… | |||
| CVE-2022-50331 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() Inject fault while probing module, if device_register() fails, but t… | |||
| CVE-2022-50336 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check to attr_load_runs_vcn Some metadata files are handled before MFT. This adds a null pointer check… | |||
| CVE-2022-50332 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: video/aperture: Call sysfb_disable() before removing PCI devices Call sysfb_disable() from aperture_remove_conflicting_pci_device… | |||
| CVE-2022-50333 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding t… | |||
| CVE-2022-50334 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() Syzkaller reports a null-ptr-deref bug as follows: =====================… | |||
| CVE-2022-50335 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the refcount will be zero if it is reu… | |||
| CVE-2022-50339 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again reporting attempt to cancel uninitialized work a… | |||
| CVE-2022-50337 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling get_function_0() get_function_0() calls pci_get_domain_bus_and_slot(), as comment… | |||
| CVE-2022-50382 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: padata: Always leave BHs disabled when running ->parallel() A deadlock can happen when an overloaded system runs ->parallel() in … | |||
| CVE-2022-50394 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: ismt: Fix an out-of-bounds bug in ismt_access() When the driver does not check the data from the user, the variable 'data->b… | |||
| CVE-2022-50400 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: staging: greybus: audio_helper: remove unused and wrong debugfs usage In the greybus audio_helper code, the debugfs file for the … | |||
| CVE-2022-50404 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fbdev: fbcon: release buffer when fbcon_do_set_font() failed syzbot is reporting memory leak at fbcon_do_set_font() [1], for comm… | |||
| CVE-2022-26846 | unknown | — | — | — | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | |||
| CVE-2022-50411 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpi_ds_call_control_method() A use-after-free in acpi_ps_parse_aml() after a failing invocaion of… | |||
| CVE-2022-50417 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix GEM handle creation ref-counting panfrost_gem_create_with_handle() previously returned a BO but with the only r… | |||
| CVE-2022-50419 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times device_add shall not be called multiple times as stated in… | |||
| CVE-2022-50420 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre - fix resource leak in remove process In hpre_remove(), when the disable operation of qm sriov failed, the… |