CVEs from 2022
Total
5,243
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-39177 | unknown | — | — | — | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | |||
| CVE-2022-0529 | unknown | — | — | — | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specia… | |||
| CVE-2022-21944 | unknown | — | — | — | ||||
| CVE-2022-35058 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce. | |||
| CVE-2022-50259 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: fix race in sock_map_free() sock_map_free() calls release_sock(sk) without owning a reference on the socket. This c… | |||
| CVE-2022-35060 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32. | |||
| CVE-2022-2126 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-3324 | unknown | — | — | — | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. | |||
| CVE-2022-24107 | unknown | — | — | — | Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. | |||
| CVE-2022-39028 | unknown | — | — | — | telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application w… | |||
| CVE-2022-24917 | unknown | — | — | — | An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the v… | |||
| CVE-2022-34568 | unknown | — | — | — | SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. | |||
| CVE-2022-35206 | unknown | — | — | — | Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. | |||
| CVE-2022-3555 | unknown | — | — | — | ||||
| CVE-2022-47673 | unknown | — | — | — | An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. | |||
| CVE-2022-37705 | unknown | — | — | — | A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar… | |||
| CVE-2022-38128 | unknown | — | — | — | ||||
| CVE-2022-3953 | unknown | — | — | — | ||||
| CVE-2022-40155 | unknown | — | — | — | ||||
| CVE-2022-43272 | unknown | — | — | — | DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. | |||
| CVE-2022-4338 | unknown | — | — | — | An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | |||
| CVE-2022-44369 | unknown | — | — | — | NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c. | |||
| CVE-2022-4743 | unknown | — | — | — | A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability… | |||
| CVE-2022-45153 | unknown | — | — | — | ||||
| CVE-2022-45155 | unknown | — | — | — | ||||
| CVE-2022-23125 | unknown | — | — | — | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists with… | |||
| CVE-2022-47695 | unknown | — | — | — | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. | |||
| CVE-2022-22995 | unknown | — | — | — | The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbit… | |||
| CVE-2022-30775 | unknown | — | — | — | xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with… | |||
| CVE-2022-23613 | unknown | — | — | — | xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is abl… | |||
| CVE-2022-30524 | unknown | — | — | — | There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example)… | |||
| CVE-2022-23468 | unknown | — | — | — | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() … | |||
| CVE-2022-23479 | unknown | — | — | — | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() f… | |||
| CVE-2022-23480 | unknown | — | — | — | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_dev… | |||
| CVE-2022-3647 | unknown | — | — | — | ** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. T… | |||
| CVE-2022-35230 | unknown | — | — | — | An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the … | |||
| CVE-2022-1475 | unknown | — | — | — | An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. | |||
| CVE-2022-28391 | unknown | — | — | — | BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to … | |||
| CVE-2022-0137 | unknown | — | — | — | A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. | |||
| CVE-2022-43358 | unknown | — | — | — | Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS… | |||
| CVE-2022-29170 | unknown | — | — | — | ||||
| CVE-2022-50455 | unknown | — | — | — | ||||
| CVE-2022-1350 | unknown | — | — | — | A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads … | |||
| CVE-2022-29501 | unknown | — | — | — | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. | |||
| CVE-2022-3116 | unknown | — | — | — | The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the ap… | |||
| CVE-2022-3637 | unknown | — | — | — | A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation l… | |||
| CVE-2022-48174 | unknown | — | — | — | There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. | |||
| CVE-2022-1798 | unknown | — | — | — | ||||
| CVE-2022-21180 | unknown | — | — | — | ||||
| CVE-2022-23097 | unknown | — | — | — | An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. | |||
| CVE-2022-0175 | unknown | — | — | — | A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this fla… | |||
| CVE-2022-32275 | unknown | — | — | — | ||||
| CVE-2022-22075 | unknown | — | — | — | ||||
| CVE-2022-48064 | unknown | — | — | — | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafte… | |||
| CVE-2022-44840 | unknown | — | — | — | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. | |||
| CVE-2022-38223 | unknown | — | — | — | There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or p… | |||
| CVE-2022-49897 | unknown | — | — | — | ||||
| CVE-2022-41409 | unknown | — | — | — | Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. | |||
| CVE-2022-30065 | unknown | — | — | — | A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | |||
| CVE-2022-3530 | unknown | — | — | — | ||||
| CVE-2022-3719 | unknown | — | — | — | ||||
| CVE-2022-3755 | unknown | — | — | — | ||||
| CVE-2022-37703 | unknown | — | — | — | In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary … | |||
| CVE-2022-43295 | unknown | — | — | — | XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. | |||
| CVE-2022-3964 | unknown | — | — | — | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of th… | |||
| CVE-2022-23853 | unknown | — | — | — | The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binar… | |||
| CVE-2022-27135 | unknown | — | — | — | xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by… | |||
| CVE-2022-23478 | unknown | — | — | — | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_… | |||
| CVE-2022-23901 | unknown | — | — | — | A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. | |||
| CVE-2022-31081 | unknown | — | — | — | HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison inte… | |||
| CVE-2022-1622 | unknown | — | — | — | LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sou… | |||
| CVE-2022-1623 | unknown | — | — | — | LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sou… | |||
| CVE-2022-33103 | unknown | — | — | — | Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). | |||
| CVE-2022-23132 | unknown | — | — | — | During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, wr… | |||
| CVE-2022-3219 | unknown | — | — | — | GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. | |||
| CVE-2022-3527 | unknown | — | — | — | ||||
| CVE-2022-3638 | unknown | — | — | — | ||||
| CVE-2022-3931 | unknown | — | — | — | ||||
| CVE-2022-40320 | unknown | — | — | — | cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. | |||
| CVE-2022-40468 | unknown | — | — | — | Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_requ… | |||
| CVE-2022-41852 | unknown | — | — | — | ||||
| CVE-2022-29869 | unknown | — | — | — | cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. | |||
| CVE-2022-0582 | unknown | — | — | — | Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file | |||
| CVE-2022-0585 | unknown | — | — | — | Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file | |||
| CVE-2022-4345 | unknown | — | — | — | Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file | |||
| CVE-2022-3172 | unknown | — | — | — | A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as… | |||
| CVE-2022-45586 | unknown | — | — | — | Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. | |||
| CVE-2022-23824 | unknown | — | — | — | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | |||
| CVE-2022-33748 | unknown | — | — | — | lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention t… | |||
| CVE-2022-33745 | unknown | — | — | — | insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, … | |||
| CVE-2022-42312 | unknown | — | — | — | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests … | |||
| CVE-2022-42318 | unknown | — | — | — | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests … | |||
| CVE-2022-42314 | unknown | — | — | — | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests … | |||
| CVE-2022-42319 | unknown | — | — | — | Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed… | |||
| CVE-2022-42324 | unknown | — | — | — | Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml … | |||
| CVE-2022-42334 | unknown | — | — | — | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability cont… | |||
| CVE-2022-3704 | unknown | — | — | — | A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The man… | |||
| CVE-2022-23483 | unknown | — | — | — | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel… | |||
| CVE-2022-23493 | unknown | — | — | — | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_d… | |||
| CVE-2022-35951 | unknown | — | — | — | Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific s… |