CVEs from 2022
Total
5,238
critical
critical 92
high
high 1,236
medium
medium 953
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3195 | unknown | — | — | — | Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-48623 | unknown | — | — | — | The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service. | |||
| CVE-2022-38863 | unknown | — | — | — | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 an… | |||
| CVE-2022-50231 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/poly1305 - fix a read out-of-bound A kasan error was reported during fuzzing: BUG: KASAN: slab-out-of-bounds in ne… | |||
| CVE-2022-21487 | unknown | — | — | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low pr… | |||
| CVE-2022-50818 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix running_req for internal abort commands Disabling the remote phy for a SATA disk causes a hang: root@(none)$ m… | |||
| CVE-2022-1270 | unknown | — | — | — | In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. | |||
| CVE-2022-23122 | unknown | — | — | — | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists with… | |||
| CVE-2022-42313 | unknown | — | — | — | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests … | |||
| CVE-2022-48759 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code… | |||
| CVE-2022-23481 | unknown | — | — | — | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confi… | |||
| CVE-2022-48914 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queu… | |||
| CVE-2022-23547 | unknown | — | — | — | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-… | |||
| CVE-2022-24786 | unknown | — | — | — | PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, … | |||
| CVE-2022-35037 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6adb1e. | |||
| CVE-2022-35476 | unknown | — | — | — | OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b. | |||
| CVE-2022-43516 | unknown | — | — | — | A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI) | |||
| CVE-2022-41684 | unknown | — | — | — | A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read… | |||
| CVE-2022-27470 | unknown | — | — | — | SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. | |||
| CVE-2022-49341 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog->jited_len along prog->jited syzbot reported an illegal copy_to_user() attempt from bpf_prog_get_info_by_f… | |||
| CVE-2022-31650 | unknown | — | — | — | In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | |||
| CVE-2022-49816 | unknown | — | — | — | ||||
| CVE-2022-32325 | unknown | — | — | — | JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. | |||
| CVE-2022-41981 | unknown | — | — | — | A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack… | |||
| CVE-2022-43753 | unknown | — | — | — | ||||
| CVE-2022-3528 | unknown | — | — | — | ||||
| CVE-2022-49201 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnic_xmit() acc… | |||
| CVE-2022-2469 | unknown | — | — | — | GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client | |||
| CVE-2022-49916 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rose_send_frame() The syzkaller reported an issue: KASAN: null-ptr-deref in range [0x00000… | |||
| CVE-2022-49335 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, causes an oops later, found trying t… | |||
| CVE-2022-49706 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefs_iomap_begin() for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the… | |||
| CVE-2022-48670 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: peci: cpu: Fix use-after-free in adev_release() When auxiliary_device_add() returns an error, auxiliary_device_uninit() is called… | |||
| CVE-2022-48631 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 When walking through an inode extents, the ext4_ext_binsea… | |||
| CVE-2022-27146 | unknown | — | — | — | GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. | |||
| CVE-2022-46768 | unknown | — | — | — | Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the fi… | |||
| CVE-2022-43245 | unknown | — | — | — | Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craft… | |||
| CVE-2022-26505 | unknown | — | — | — | A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. | |||
| CVE-2022-42917 | unknown | — | — | — | ||||
| CVE-2022-34677 | unknown | — | — | — | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of ser… | |||
| CVE-2022-3531 | unknown | — | — | — | ||||
| CVE-2022-45154 | unknown | — | — | — | ||||
| CVE-2022-43503 | unknown | — | — | — | ||||
| CVE-2022-50647 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as `insb', `outsb', etc. which use the ph… | |||
| CVE-2022-46293 | unknown | — | — | — | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted ma… | |||
| CVE-2022-23123 | unknown | — | — | — | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exi… | |||
| CVE-2022-46290 | unknown | — | — | — | Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary cod… | |||
| CVE-2022-48875 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthe… | |||
| CVE-2022-42259 | unknown | — | — | — | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service. | |||
| CVE-2022-1249 | unknown | — | — | — | A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an exp… | |||
| CVE-2022-31088 | unknown | — | — | — | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used t… | |||
| CVE-2022-23498 | unknown | — | — | — | ||||
| CVE-2022-37704 | unknown | — | — | — | Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the at… | |||
| CVE-2022-37708 | unknown | — | — | — | ||||
| CVE-2022-24975 | unknown | — | — | — | The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing… | |||
| CVE-2022-39176 | unknown | — | — | — | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | |||
| CVE-2022-1515 | unknown | — | — | — | A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS. | |||
| CVE-2022-45587 | unknown | — | — | — | Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. | |||
| CVE-2022-46457 | unknown | — | — | — | NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c. | |||
| CVE-2022-0604 | unknown | — | — | — | Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potenti… | |||
| CVE-2022-21621 | unknown | — | — | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high pr… | |||
| CVE-2022-0794 | unknown | — | — | — | Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a cr… | |||
| CVE-2022-48737 | unknown | — | — | — | ||||
| CVE-2022-30785 | unknown | — | — | — | A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | |||
| CVE-2022-33903 | unknown | — | — | — | Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. | |||
| CVE-2022-29500 | unknown | — | — | — | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. | |||
| CVE-2022-24578 | unknown | — | — | — | GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. | |||
| CVE-2022-25050 | unknown | — | — | — | rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||
| CVE-2022-3261 | unknown | — | — | — | ||||
| CVE-2022-1533 | unknown | — | — | — | Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution. | |||
| CVE-2022-49255 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fs_handle_failed_inode This patch fixes xfstests/generic/475 failure. [ 293.680694] F2FS-fs (dm… | |||
| CVE-2022-50942 | unknown | — | — | — | Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the Eve… | |||
| CVE-2022-30256 | unknown | — | — | — | An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expi… | |||
| CVE-2022-1908 | unknown | — | — | — | Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | |||
| CVE-2022-2279 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. | |||
| CVE-2022-1987 | unknown | — | — | — | Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | |||
| CVE-2022-33064 | unknown | — | — | — | ||||
| CVE-2022-0367 | unknown | — | — | — | A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. | |||
| CVE-2022-25763 | unknown | — | — | — | Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.… | |||
| CVE-2022-31778 | unknown | — | — | — | Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0… | |||
| CVE-2022-31779 | unknown | — | — | — | Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||
| CVE-2022-31780 | unknown | — | — | — | Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||
| CVE-2022-32749 | unknown | — | — | — | Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apac… | |||
| CVE-2022-37392 | unknown | — | — | — | Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||
| CVE-2022-40743 | unknown | — | — | — | Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apach… | |||
| CVE-2022-47184 | unknown | — | — | — | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0. | |||
| CVE-2022-29788 | unknown | — | — | — | libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. | |||
| CVE-2022-47185 | unknown | — | — | — | Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | |||
| CVE-2022-33749 | unknown | — | — | — | ||||
| CVE-2022-39836 | unknown | — | — | — | An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is … | |||
| CVE-2022-0110 | unknown | — | — | — | Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2022-0112 | unknown | — | — | — | Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. | |||
| CVE-2022-4344 | unknown | — | — | — | Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file | |||
| CVE-2022-0545 | unknown | — | — | — | An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achi… | |||
| CVE-2022-0713 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | |||
| CVE-2022-0116 | unknown | — | — | — | Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2022-40156 | unknown | — | — | — | ||||
| CVE-2022-4603 | unknown | — | — | — | A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpk… | |||
| CVE-2022-36179 | unknown | — | — | — | Fusiondirectory 1.3 suffers from Improper Session Handling. | |||
| CVE-2022-0118 | unknown | — | — | — | Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2022-0120 | unknown | — | — | — | Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. |