CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-50668 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock due to mbcache entry corruption When manipulating xattr blocks, we can deadlock infinitely looping inside ext4… | |||
| CVE-2022-3204 | medium | — | 5.5 | 3y ago | Moderate: unbound security update | |||
| CVE-2022-3599 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-3598 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-3597 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-3570 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-49700 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as… | |||
| CVE-2022-50730 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: silence the warning when evicting inode with dioread_nolock When evicting an inode with default dioread_nolock, it could be… | |||
| CVE-2022-41725 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-50228 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, … | |||
| CVE-2022-41946 | medium | — | 5.5 | 3y ago | Moderate: postgresql-jdbc security update | |||
| CVE-2022-3970 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-39347 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-3626 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-3627 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-4645 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-39229 | medium | — | 5.5 | 3y ago | RHSA-2023:2784: grafana security update (Moderate) | |||
| CVE-2022-40023 | medium | — | 5.5 | 3y ago | RHSA-2023:2893: python-mako security update (Moderate) | |||
| CVE-2022-35957 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-39318 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-29187 | medium | — | 5.5 | 3y ago | RHSA-2023:2859: git security and bug fix update (Moderate) | |||
| CVE-2022-34303 | medium | — | 5.5 | 3y ago | Moderate: fwupd security and bug fix update | |||
| CVE-2022-41973 | medium | — | 5.5 | 3y ago | RHSA-2023:2948: device-mapper-multipath security and bug fix update (Moderate) | |||
| CVE-2022-38784 | medium | — | 5.5 | 3y ago | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image co… | |||
| CVE-2022-39317 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-39283 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-37032 | medium | — | 5.5 | 3y ago | An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. | |||
| CVE-2022-39319 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-2795 | medium | — | 5.5 | 3y ago | RHSA-2023:3002: bind security and bug fix update (Moderate) | |||
| CVE-2022-34302 | medium | — | 5.5 | 3y ago | Moderate: fwupd security and bug fix update | |||
| CVE-2022-4172 | medium | — | 5.5 | 3y ago | An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues m… | |||
| CVE-2022-50219 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in compute_effective_progs Syzbot found a Use After Free bug in compute_effective_progs(). The… | |||
| CVE-2022-50153 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented,… | |||
| CVE-2022-50069 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() The bpf_sys_bpf() helper function allows an eBPF program to load anot… | |||
| CVE-2022-3165 | medium | — | 5.5 | 3y ago | An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending… | |||
| CVE-2022-50055 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent memory for VF mailbox. … | |||
| CVE-2022-49541 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799 | |||
| CVE-2022-49058 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_upda… | |||
| CVE-2022-50403 | medium | — | 5.5 | 3y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-50344 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: ===========================================… | |||
| CVE-2022-34301 | medium | — | 5.5 | 3y ago | Moderate: fwupd security and bug fix update | |||
| CVE-2022-30784 | medium | — | 5.5 | 3y ago | RHSA-2023:2757: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-37454 | medium | — | 5.5 | 3y ago | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic… | |||
| CVE-2022-2625 | medium | — | 5.5 | 3y ago | RHSA-2023:1576: postgresql:13 security update (Moderate) | |||
| CVE-2022-4899 | medium | — | 5.5 | 3y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2022-45873 | medium | — | 5.5 | 3y ago | systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation m… | |||
| CVE-2022-4415 | medium | — | 5.5 | 3y ago | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | |||
| CVE-2022-37436 | medium | — | 5.5 | 3y ago | Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers… | |||
| CVE-2022-36760 | medium | — | 5.5 | 3y ago | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reque… | |||
| CVE-2022-48303 | medium | — | 5.5 | 3y ago | RHSA-2023:0842: tar security update (Moderate) | |||
| CVE-2022-40897 | medium | — | 5.5 | 3y ago | RHSA-2024:2987: python27:2.7 security update (Moderate) | |||
| CVE-2022-31628 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-31631 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-31629 | medium | — | 5.5 | 3y ago | RHSA-2024:10952: php:7.4 security update (Moderate) | |||
| CVE-2022-47024 | medium | — | 5.5 | 3y ago | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impa… | |||
| CVE-2022-45061 | medium | — | 5.5 | 3y ago | Moderate: python3.9 security update | |||
| CVE-2022-31630 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-4900 | medium | — | 5.5 | 3y ago | RHSA-2023:0848: php:8.0 security update (Moderate) | |||
| CVE-2022-4203 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-42010 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-42011 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-3715 | medium | — | 5.5 | 3y ago | Moderate: bash security update | |||
| CVE-2022-27664 | medium | — | 5.5 | 3y ago | Moderate: grafana-pcp security and enhancement update | |||
| CVE-2022-42012 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-2953 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2520 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2519 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2057 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2056 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2058 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-3821 | medium | — | 5.5 | 3y ago | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format… | |||
| CVE-2022-41715 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2022-2880 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2022-2879 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2022-3140 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-26305 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-50054 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->v… | |||
| CVE-2022-50053 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavf_close in iavf_reset_task error handling. Doing so can lead to double call of napi… | |||
| CVE-2022-41717 | medium | — | 5.5 | 3y ago | Moderate: podman security and bug fix update | |||
| CVE-2022-26307 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-2521 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-31197 | medium | — | 5.5 | 3y ago | Moderate: postgresql-jdbc security update | |||
| CVE-2022-43680 | medium | — | 5.5 | 3y ago | RHSA-2023:0103: expat security update (Moderate) | |||
| CVE-2022-40304 | medium | — | 5.5 | 3y ago | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can b… | |||
| CVE-2022-40303 | medium | — | 5.5 | 3y ago | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an a… | |||
| CVE-2022-32221 | medium | — | 5.5 | 3y ago | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same han… | |||
| CVE-2022-26306 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-2867 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2869 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2868 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-4144 | medium | — | 5.5 | 3y ago | An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, poten… | |||
| CVE-2022-43548 | medium | — | 5.5 | 4y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2022-3517 | medium | — | 5.5 | 4y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2022-45442 | medium | — | 5.5 | 4y ago | RHSA-2023:0855: pcs security update (Moderate) | |||
| CVE-2022-24999 | medium | — | 5.5 | 4y ago | RHSA-2023:0050: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49378 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: sfc: fix considering that all channels have TX queues Normally, all channels have RX and TX queues, but this is not true if modpa… | |||
| CVE-2022-1348 | medium | — | 5.5 | 4y ago | Moderate: logrotate security update | |||
| CVE-2022-49297 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for m… | |||
| CVE-2022-25310 | medium | — | 5.5 | 4y ago | RHSA-2022:7514: fribidi security update (Moderate) | |||
| CVE-2022-2309 | medium | — | 5.5 | 4y ago | NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earli… |