CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48947 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventua… | |||
| CVE-2022-50485 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode There are many places that will get unhappy (and crash) when ext4_ig… | |||
| CVE-2022-33065 | medium | — | 5.5 | 2y ago | Moderate: libsndfile security update | |||
| CVE-2022-48560 | medium | — | 5.5 | 2y ago | RHSA-2024:2987: python27:2.7 security update (Moderate) | |||
| CVE-2022-48564 | medium | — | 5.5 | 2y ago | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | |||
| CVE-2022-44638 | medium | — | 5.5 | 3y ago | RHSA-2024:0131: pixman security update (Moderate) | |||
| CVE-2022-24963 | medium | — | 5.5 | 3y ago | Moderate: apr security update | |||
| CVE-2022-50087 | medium | — | 5.5 | 3y ago | Moderate: kernel security update | |||
| CVE-2022-3064 | medium | — | 5.5 | 3y ago | RHSA-2024:10784: rhc security update (Moderate) | |||
| CVE-2022-23552 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-50341 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to … | |||
| CVE-2022-39306 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-50472 | medium | 5.5 | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context Tracepoints are not allowed to sleep, as such the followi… | |||
| CVE-2022-39201 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-48468 | medium | — | 5.5 | 3y ago | RHSA-2023:6944: protobuf-c security update (Moderate) | |||
| CVE-2022-50327 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which wo… | |||
| CVE-2022-37601 | medium | — | 5.5 | 3y ago | RHSA-2023:6972: grafana security and enhancement update (Moderate) | |||
| CVE-2022-49759 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmci_dispatch_dgs() tasklet function calls vmci_read_data() which uses wait_event… | |||
| CVE-2022-50543 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr->map double free rxe_mr_cleanup() which tries to free mr->map again will be called when rxe_mr_init_user() fails… | |||
| CVE-2022-39307 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-40318 | medium | — | 5.5 | 3y ago | Moderate: frr security and bug fix update | |||
| CVE-2022-2127 | medium | — | 5.5 | 3y ago | RHSA-2023:7139: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-50110 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource Unlike release_mem_region(), a call to release_resource() does not … | |||
| CVE-2022-40302 | medium | — | 5.5 | 3y ago | Moderate: frr security and bug fix update | |||
| CVE-2022-38745 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-36440 | medium | — | 5.5 | 3y ago | Moderate: frr security and bug fix update | |||
| CVE-2022-43681 | medium | — | 5.5 | 3y ago | Moderate: frr security and bug fix update | |||
| CVE-2022-50369 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in vkms_release() A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms->outp… | |||
| CVE-2022-49885 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() Change num_ghes from int to unsigned int, preventing an overflow and… | |||
| CVE-2022-50856 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_ses_add_channel() Before return, should free the xid, otherwise, the xid will be leaked. | |||
| CVE-2022-31130 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-40898 | medium | — | 5.5 | 3y ago | Moderate: python-wheel security update | |||
| CVE-2022-3565 | medium | — | 5.5 | 3y ago | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Blueto… | |||
| CVE-2022-50269 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix memory leak in vkms_init() A memory leak was reported after the vkms module install failed. unreferenced object 0x… | |||
| CVE-2022-39324 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-4285 | medium | — | 5.5 | 3y ago | RHSA-2023:6236: binutils security update (Moderate) | |||
| CVE-2022-50042 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: genl: fix error path memory leak in policy dumping If construction of the array of policies fails when recording non-first p… | |||
| CVE-2022-50865 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and in tcp… | |||
| CVE-2022-23527 | medium | — | 5.5 | 3y ago | RHSA-2023:6940: mod_auth_openidc:2.3 security and bug fix update (Moderate) | |||
| CVE-2022-31123 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-50423 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() There is an use-after-free reported by KASAN: BUG: KASAN: us… | |||
| CVE-2022-40433 | medium | — | 5.5 | 3y ago | RHSA-2023:5731: java-1.8.0-openjdk security update (Moderate) | |||
| CVE-2022-46663 | medium | — | 5.5 | 3y ago | Moderate: less security update | |||
| CVE-2022-48281 | medium | — | 5.5 | 3y ago | RHSA-2023:3827: libtiff security update (Moderate) | |||
| CVE-2022-50493 | medium | 5.5 | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call … | |||
| CVE-2022-27239 | medium | — | 5.5 | 3y ago | RHBA-2023:3052: cifs-utils bug fix and enhancement update (Moderate) | |||
| CVE-2022-4515 | medium | — | 5.5 | 3y ago | RHSA-2023:2863: ctags security update (Moderate) | |||
| CVE-2022-50069 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() The bpf_sys_bpf() helper function allows an eBPF program to load anot… | |||
| CVE-2022-2393 | medium | — | 5.5 | 3y ago | Moderate: pki-core security, bug fix, and enhancement update | |||
| CVE-2022-50081 | medium | — | 5.5 | 3y ago | RHSA-2022:7683: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-29187 | medium | — | 5.5 | 3y ago | RHSA-2023:2859: git security and bug fix update (Moderate) | |||
| CVE-2022-41725 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-3287 | medium | — | 5.5 | 3y ago | When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read … | |||
| CVE-2022-50635 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() I found a null pointer reference in arch_prepare_kprobe(): … | |||
| CVE-2022-50730 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: silence the warning when evicting inode with dioread_nolock When evicting an inode with default dioread_nolock, it could be… | |||
| CVE-2022-30786 | medium | — | 5.5 | 3y ago | RHSA-2023:2757: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-40023 | medium | — | 5.5 | 3y ago | RHSA-2023:2893: python-mako security update (Moderate) | |||
| CVE-2022-50055 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent memory for VF mailbox. … | |||
| CVE-2022-24765 | medium | — | 5.5 | 3y ago | RHSA-2023:2859: git security and bug fix update (Moderate) | |||
| CVE-2022-41877 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-35957 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-39260 | medium | — | 5.5 | 3y ago | RHSA-2023:2859: git security and bug fix update (Moderate) | |||
| CVE-2022-50153 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented,… | |||
| CVE-2022-39316 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-48915 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the th… | |||
| CVE-2022-38784 | medium | — | 5.5 | 3y ago | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image co… | |||
| CVE-2022-41860 | medium | — | 5.5 | 3y ago | RHSA-2023:2870: freeradius:3.0 security update (Moderate) | |||
| CVE-2022-34301 | medium | — | 5.5 | 3y ago | Moderate: fwupd security and bug fix update | |||
| CVE-2022-39253 | medium | — | 5.5 | 3y ago | RHSA-2023:2859: git security and bug fix update (Moderate) | |||
| CVE-2022-39320 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-39282 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-30788 | medium | — | 5.5 | 3y ago | RHSA-2023:2757: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-30789 | medium | — | 5.5 | 3y ago | RHSA-2023:2757: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-50403 | medium | — | 5.5 | 3y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-50344 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: ===========================================… | |||
| CVE-2022-3570 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-34302 | medium | — | 5.5 | 3y ago | Moderate: fwupd security and bug fix update | |||
| CVE-2022-1920 | medium | — | 5.5 | 3y ago | Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through hea… | |||
| CVE-2022-1922 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a h… | |||
| CVE-2022-41973 | medium | — | 5.5 | 3y ago | RHSA-2023:2948: device-mapper-multipath security and bug fix update (Moderate) | |||
| CVE-2022-2795 | medium | — | 5.5 | 3y ago | RHSA-2023:3002: bind security and bug fix update (Moderate) | |||
| CVE-2022-1921 | medium | — | 5.5 | 3y ago | Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. | |||
| CVE-2022-4172 | medium | — | 5.5 | 3y ago | An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues m… | |||
| CVE-2022-44792 | medium | — | 5.5 | 3y ago | RHSA-2023:2969: net-snmp security and bug fix update (Moderate) | |||
| CVE-2022-4283 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetK… | |||
| CVE-2022-41724 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-1923 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwr… | |||
| CVE-2022-32323 | medium | — | 5.5 | 3y ago | RHSA-2023:3067: autotrace security update (Moderate) | |||
| CVE-2022-2929 | medium | — | 5.5 | 3y ago | RHSA-2023:3000: dhcp security and bug fix update (Moderate) | |||
| CVE-2022-45939 | medium | — | 5.5 | 3y ago | RHSA-2023:3042: emacs security and bug fix update (Moderate) | |||
| CVE-2022-4645 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-2928 | medium | — | 5.5 | 3y ago | RHSA-2023:3000: dhcp security and bug fix update (Moderate) | |||
| CVE-2022-44793 | medium | — | 5.5 | 3y ago | RHSA-2023:2969: net-snmp security and bug fix update (Moderate) | |||
| CVE-2022-3550 | medium | — | 5.5 | 3y ago | A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It… | |||
| CVE-2022-46343 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local pr… | |||
| CVE-2022-48339 | medium | — | 5.5 | 3y ago | RHSA-2023:7083: emacs security update (Moderate) | |||
| CVE-2022-3551 | medium | — | 5.5 | 3y ago | A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memor… | |||
| CVE-2022-46340 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger… | |||
| CVE-2022-41946 | medium | — | 5.5 | 3y ago | Moderate: postgresql-jdbc security update | |||
| CVE-2022-3190 | medium | — | 5.5 | 3y ago | Moderate: wireshark security and bug fix update |