CVEs from 2022
Total
5,250
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-32919 | high | — | 8.0 | 3y ago | The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing. | |||
| CVE-2022-49699 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: filemap: Handle sibling entries in filemap_get_read_batch() If a read races with an invalidation followed by another read, it is … | |||
| CVE-2022-49028 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethr… | |||
| CVE-2022-49748 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: fix potential integer overflow on shift of a int The left shift of int 32 bit integer constant 1 is evaluated using… | |||
| CVE-2022-48991 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifi… | |||
| CVE-2022-49811 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe() iterator to … | |||
| CVE-2022-48988 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcg_write_event_control() memcg_write_event_control() accesses the dentry->d_name of the … | |||
| CVE-2022-49855 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg ipc_pcie_read_bios_cfg() is using the acpi_evaluate_dsm() to obtain th… | |||
| CVE-2022-49938 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the req… | |||
| CVE-2022-50064 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Avoid use-after-free on suspend/resume hctx->user_data is set to vq in virtblk_init_hctx(). However, vq is freed on … | |||
| CVE-2022-50107 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when using fscache If we hit the 'index == next_cached' case, we leak a refcount on the struct page. Fix t… | |||
| CVE-2022-50239 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fix writes in read-only memory region This commit fixes a kernel oops because of a write in some read-only memory:… | |||
| CVE-2022-50279 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() There is a global-out-of-bounds reported by KAS… | |||
| CVE-2022-3594 | high | — | 8.0 | 3y ago | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. … | |||
| CVE-2022-49256 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: watch_queue: Actually free the watch free_watch() does everything barring actually freeing the watch object. Fix this by adding … | |||
| CVE-2022-49316 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open() compound, we have to b… | |||
| CVE-2022-50650 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions (sync and async) as… | |||
| CVE-2022-49339 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport __init-annotated seg6_hmac_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text sectio… | |||
| CVE-2022-48975 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix memory leak in gpiochip_setup_dev() Here is a backtrace report about memory leak detected in gpiochip_setup_dev(): … | |||
| CVE-2022-48950 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: perf: Fix perf_pending_task() UaF Per syzbot it is possible for perf_pending_task() to run after the event is free()'d. There are… | |||
| CVE-2022-50705 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as that might be off soft/hard irq… | |||
| CVE-2022-50290 | high | — | 8.0 | 3y ago | RHSA-2023:7077: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-46329 | high | — | 8.0 | 3y ago | Important: linux-firmware security, bug fix, and enhancement update | |||
| CVE-2022-50824 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak In check_acpi_tpm2(), we get the TPM2 table just to make sure th… | |||
| CVE-2022-50740 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() Syzkaller reports a long-known leak of urbs in a… | |||
| CVE-2022-50004 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix metadata dst->dev xmit null pointer dereference When we try to transmit an skb with metadata_dst attached (i.e.… | |||
| CVE-2022-50885 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed There is a null-ptr-deref when mount.cifs over rdma… | |||
| CVE-2022-50488 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq->bic' Our test report a uaf for 'bfqq->bic' in 5.10: ====================================… | |||
| CVE-2022-49760 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix PTE marker handling in hugetlb_change_protection() Patch series "mm/hugetlb: uffd-wp fixes for hugetlb_change_pro… | |||
| CVE-2022-49287 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tpm: fix reference counting for struct tpm_chip The following sequence of operations results in a refcount warning: 1. Open devi… | |||
| CVE-2022-49795 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: rethook: fix a potential memleak in rethook_alloc() In rethook_alloc(), the variable rh is not freed or passed out if handler is … | |||
| CVE-2022-49687 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix xdp_rxq_info bug after suspend/resume The following sequence currently causes a driver bug warning when using vir… | |||
| CVE-2022-49344 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s lock h… | |||
| CVE-2022-48997 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: char: tpm: Protect tpm_pm_suspend with locks Currently tpm transactions are executed unconditionally in tpm_pm_suspend() function… | |||
| CVE-2022-40284 | high | — | 8.0 | 3y ago | RHSA-2023:5264: virt:rhel and virt-devel:rhel security and bug fix update (Important) | |||
| CVE-2022-32082 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-47015 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32084 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-38791 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32091 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32089 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32081 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-25883 | high | — | 8.0 | 3y ago | RHSA-2023:5362: nodejs:18 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-50661 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copy_seccomp() to no failure path. Our syzbot instance reported memory leaks in do_seccomp() [0], similar to the re… | |||
| CVE-2022-41804 | high | — | 8.0 | 3y ago | RHEA-2023:4995: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2022-40982 | high | — | 8.0 | 3y ago | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable in… | |||
| CVE-2022-45869 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-32885 | high | — | 8.0 | 3y ago | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lea… | |||
| CVE-2022-40609 | high | — | 8.0 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2022-37967 | high | — | 8.0 | 3y ago | RHEA-2023:3850: krb5 bug fix update (Important) | |||
| CVE-2022-25265 | high | — | 8.0 | 3y ago | In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execu… | |||
| CVE-2022-41218 | high | — | 8.0 | 3y ago | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. | |||
| CVE-2022-25147 | high | — | 8.0 | 3y ago | RHSA-2023:3109: apr-util security update (Important) | |||
| CVE-2022-50130 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: core: set smem_len before fb_deferred_io_init call The fbtft_framebuffer_alloc() calls fb_deferred_io_init() befo… | |||
| CVE-2022-50033 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return a node pointer wi… | |||
| CVE-2022-50037 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should st… | |||
| CVE-2022-50039 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() Commit 09f012e64e4b ("stmmac: intel: Fix cloc… | |||
| CVE-2022-50044 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads … | |||
| CVE-2022-50049 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcm_add_paths(), it doesn't check … | |||
| CVE-2022-50773 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt I got a null-ptr-defer error report when I do the following tests… | |||
| CVE-2022-50583 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: md/raid0, raid10: Don't set discard sectors for request queue It should use disk_stack_limits to get a proper max_discard_sectors… | |||
| CVE-2022-50149 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential deadlock in __driver_attach In __driver_attach function, There are also AA deadlock problem, like the … | |||
| CVE-2022-49943 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix obscure lockdep violation for udc_mutex A recent commit expanding the scope of the udc_lock mutex in the gadget … | |||
| CVE-2022-50866 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter() kasprintf() would return NULL pointer when kmalloc() fail to allocate. Need t… | |||
| CVE-2022-50863 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: free unused skb to prevent memory leak This avoid potential memory leak under power saving mode. | |||
| CVE-2022-50861 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdr_stream conversion inadvertently left some code that set the page_… | |||
| CVE-2022-50549 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata Following concurrent processes: P1(drop cach… | |||
| CVE-2022-21640 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-39400 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-39408 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-50843 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: dm clone: Fix UAF in clone_dtr() Dm_clone also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Theref… | |||
| CVE-2022-50816 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report [1] with no reproducer hints at a bug in ip6_gre tunnel (dev:ip6gre… | |||
| CVE-2022-50783 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: use proper req destructor for IPv6 Before, only the destructor from TCP request sock in IPv4 was called even if the subflo… | |||
| CVE-2022-50768 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Correct device removal for multi-actuator devices Correct device count for multi-actuator drives which can cause … | |||
| CVE-2022-50752 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() When running chunk-sized reads on disks with badblocks duplicate… | |||
| CVE-2022-50744 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fn… | |||
| CVE-2022-50738 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix an iotlb memory leak Before commit 3d5698793897 ("vhost-vdpa: introduce asid based IOTLB") we called vhost_vdpa_i… | |||
| CVE-2022-50703 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() There are two refcount leak bugs in qcom_smsm_probe(): (1) The 'loc… | |||
| CVE-2022-50702 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() Inject fault while probing module, if device_regi… | |||
| CVE-2022-49401 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm/page_owner: use strscpy() instead of strlcpy() current->comm[] is not a string (no guarantee for a zero byte in it). strlcpy(… | |||
| CVE-2022-50148 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: kernfs: fix potential NULL dereference in __kernfs_remove When lockdep is enabled, lockdep_assert_held_write would cause potentia… | |||
| CVE-2022-50698 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() If clk_hw_register() fails, the corresponding clk should n… | |||
| CVE-2022-50678 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address… | |||
| CVE-2022-50679 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix DMA mappings leak During reallocation of RX buffers, new DMA mappings are created for those buffers. steps for reprodu… | |||
| CVE-2022-50622 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential memory leak in ext4_fc_record_modified_inode() As krealloc may return NULL, in this case 'state->fc_modified_… | |||
| CVE-2022-50615 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() pci_get_device() will increase the reference count for t… | |||
| CVE-2022-50569 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: Update ipcomp_scratches with NULL when freed Currently if ipcomp_alloc_scratches() fails to allocate memory ipcomp_scratche… | |||
| CVE-2022-50530 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() Our syzkaller report a null pointer dereference, root cause is … | |||
| CVE-2022-50516 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sb_lvbptr I experience issues when putting a lkbsb on the stack and have sb_lvbptr field to a d… | |||
| CVE-2022-50512 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential memory leak in ext4_fc_record_regions() As krealloc may return NULL, in this case 'state->fc_regions' may not… | |||
| CVE-2022-50496 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy() Dm_cache also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefor… | |||
| CVE-2022-50484 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a buffer, it aborts and goes to t… | |||
| CVE-2022-50452 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: sched: cake: fix null pointer access issue when cake_init() fails When the default qdisc is cake, if the qdisc of dev_queue … | |||
| CVE-2022-50431 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() dev_set_name() in soundbus_add_one() allocates memory for name, i… | |||
| CVE-2022-50436 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: don't set up encryption key during jbd2 transaction Commit a80f7fcf1867 ("ext4: fixup ext4_fc_track_* functions' signature"… | |||
| CVE-2022-50396 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_set_parms Syzkaller reports a memory leak as follows: ====================================… | |||
| CVE-2022-50381 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: md: fix a crash in mempool_free There's a crash in mempool_free when running the lvm test shell/lvchange-rebuild-raid.sh. The re… | |||
| CVE-2022-50385 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfs_d_automount() When mounting from a NFSv4 referral, path->dentry can end up being a negative dentry, so de… | |||
| CVE-2022-50363 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: skmsg: pass gfp argument to alloc_sk_msg() syzbot found that alloc_sk_msg() could be called from a non sleepable context. sk_psoc… | |||
| CVE-2022-50348 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix a memory leak in an error handling path If this memdup_user() call fails, the memory allocated in a previous call a few… |