CVEs from 2022
Total
5,244
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-2061 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0. | |||
| CVE-2022-35133 | unknown | — | — | — | A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a nod… | |||
| CVE-2022-47657 | unknown | — | — | — | GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662 | |||
| CVE-2022-46449 | unknown | — | — | — | An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2022-36141 | unknown | — | — | — | SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*). | |||
| CVE-2022-36139 | unknown | — | — | — | SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Writer::writeByte(unsigned char). | |||
| CVE-2022-48993 | unknown | — | — | — | ||||
| CVE-2022-36140 | unknown | — | — | — | SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer*, SWF::Context*). | |||
| CVE-2022-26530 | unknown | — | — | — | swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor. | |||
| CVE-2022-36142 | unknown | — | — | — | SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Reader::getU30(). | |||
| CVE-2022-36143 | unknown | — | — | — | SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via __interceptor_strlen.part at /sanitizer_common/sanitizer_common_interceptors.inc. | |||
| CVE-2022-38266 | unknown | — | — | — | An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. | |||
| CVE-2022-38860 | unknown | — | — | — | Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencod… | |||
| CVE-2022-0675 | unknown | — | — | — | In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist… | |||
| CVE-2022-30974 | unknown | — | — | — | compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. | |||
| CVE-2022-30975 | unknown | — | — | — | In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. | |||
| CVE-2022-43595 | unknown | — | — | — | Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null… | |||
| CVE-2022-49101 | unknown | — | — | — | ||||
| CVE-2022-21813 | unknown | — | — | — | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write… | |||
| CVE-2022-35861 | unknown | — | — | — | pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execu… | |||
| CVE-2022-39173 | unknown | — | — | — | In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client… | |||
| CVE-2022-42961 | unknown | — | — | — | An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in ser… | |||
| CVE-2022-36148 | unknown | — | — | — | fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c. | |||
| CVE-2022-4087 | unknown | — | — | — | A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of … | |||
| CVE-2022-28181 | unknown | — | — | — | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a special… | |||
| CVE-2022-47664 | unknown | — | — | — | Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse | |||
| CVE-2022-35069 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e. | |||
| CVE-2022-50345 | unknown | — | — | — | ||||
| CVE-2022-34679 | unknown | — | — | — | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of serv… | |||
| CVE-2022-23709 | unknown | — | — | — | ||||
| CVE-2022-24249 | unknown | — | — | — | A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. | |||
| CVE-2022-27145 | unknown | — | — | — | GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. | |||
| CVE-2022-42905 | unknown | — | — | — | In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes.… | |||
| CVE-2022-35434 | unknown | — | — | — | jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c. | |||
| CVE-2022-43235 | unknown | — | — | — | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Servic… | |||
| CVE-2022-43237 | unknown | — | — | — | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Den… | |||
| CVE-2022-4968 | unknown | — | — | — | netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected. | |||
| CVE-2022-43238 | unknown | — | — | — | Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted… | |||
| CVE-2022-43243 | unknown | — | — | — | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Servi… | |||
| CVE-2022-43248 | unknown | — | — | — | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Se… | |||
| CVE-2022-34520 | unknown | — | — | — | Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) … | |||
| CVE-2022-31084 | unknown | — | — | — | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objec… | |||
| CVE-2022-24851 | unknown | — | — | — | LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are … | |||
| CVE-2022-31087 | unknown | — | — | — | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /l… | |||
| CVE-2022-1714 | unknown | — | — | — | Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensit… | |||
| CVE-2022-1809 | unknown | — | — | — | Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. | |||
| CVE-2022-43252 | unknown | — | — | — | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) v… | |||
| CVE-2022-28071 | unknown | — | — | — | A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. | |||
| CVE-2022-4398 | unknown | — | — | — | Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0. | |||
| CVE-2022-28070 | unknown | — | — | — | A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0. | |||
| CVE-2022-28068 | unknown | — | — | — | A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0. | |||
| CVE-2022-48620 | unknown | — | — | — | uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. | |||
| CVE-2022-22728 | unknown | — | — | — | A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could … | |||
| CVE-2022-47665 | unknown | — | — | — | Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) | |||
| CVE-2022-35020 | unknown | — | — | — | Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. | |||
| CVE-2022-1253 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to … | |||
| CVE-2022-35024 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. | |||
| CVE-2022-29242 | unknown | — | — | — | GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed an… | |||
| CVE-2022-33047 | unknown | — | — | — | OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c. | |||
| CVE-2022-1804 | unknown | — | — | — | accountsservice no longer drops permissions when writting .pam_environment | |||
| CVE-2022-35467 | unknown | — | — | — | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b8. | |||
| CVE-2022-35472 | unknown | — | — | — | OTFCC v0.10.4 was discovered to contain a global overflow via /release-x64/otfccdump+0x718693. | |||
| CVE-2022-35486 | unknown | — | — | — | OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae. | |||
| CVE-2022-3433 | unknown | — | — | — | The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending special… | |||
| CVE-2022-0523 | unknown | — | — | — | Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. | |||
| CVE-2022-3590 | unknown | — | — | — | WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hos… | |||
| CVE-2022-21662 | unknown | — | — | — | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute… | |||
| CVE-2022-21663 | unknown | — | — | — | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening u… | |||
| CVE-2022-21664 | unknown | — | — | — | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for uninte… | |||
| CVE-2022-43497 | unknown | — | — | — | Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for al… | |||
| CVE-2022-43504 | unknown | — | — | — | Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post … | |||
| CVE-2022-43500 | unknown | — | — | — | Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for al… | |||
| CVE-2022-37660 | unknown | — | — | — | In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, … | |||
| CVE-2022-35454 | unknown | — | — | — | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05aa. | |||
| CVE-2022-35022 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae. | |||
| CVE-2022-42258 | unknown | — | — | — | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. | |||
| CVE-2022-26362 | unknown | — | — | — | x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's s… | |||
| CVE-2022-35040 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567. | |||
| CVE-2022-35023 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a segmentation violation via /lib/x86_64-linux-gnu/libc.so.6+0xbb384. | |||
| CVE-2022-39333 | unknown | — | — | — | Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop… | |||
| CVE-2022-35029 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea. | |||
| CVE-2022-1444 | unknown | — | — | — | heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service. | |||
| CVE-2022-39334 | unknown | — | — | — | Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TL… | |||
| CVE-2022-41882 | unknown | — | — | — | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virt… | |||
| CVE-2022-35068 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d. | |||
| CVE-2022-35063 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8. | |||
| CVE-2022-35067 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0. | |||
| CVE-2022-35450 | unknown | — | — | — | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b84b1. | |||
| CVE-2022-35070 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x65fc97. | |||
| CVE-2022-39264 | unknown | — | — | — | nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Us… | |||
| CVE-2022-26488 | unknown | — | — | — | In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the s… | |||
| CVE-2022-35460 | unknown | — | — | — | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x61731f. | |||
| CVE-2022-34682 | unknown | — | — | — | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service. | |||
| CVE-2022-4399 | unknown | — | — | — | A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/n… | |||
| CVE-2022-34670 | unknown | — | — | — | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive o… | |||
| CVE-2022-38228 | unknown | — | — | — | XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. | |||
| CVE-2022-40299 | unknown | — | — | — | In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Re… | |||
| CVE-2022-31001 | unknown | — | — | — | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type… | |||
| CVE-2022-31003 | unknown | — | — | — | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `… | |||
| CVE-2022-35458 | unknown | — | — | — | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05ce. |