CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-4914 | unknown | — | — | — | Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a cra… | |||
| CVE-2022-48839 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THR… | |||
| CVE-2022-29910 | unknown | — | — | — | When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are una… | |||
| CVE-2022-37050 | unknown | — | — | — | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishand… | |||
| CVE-2022-4919 | unknown | — | — | — | Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-1973 | unknown | — | — | — | A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak… | |||
| CVE-2022-4923 | unknown | — | — | — | Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic… | |||
| CVE-2022-37051 | unknown | — | — | — | An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | |||
| CVE-2022-0213 | unknown | — | — | — | vim is vulnerable to Heap-based Buffer Overflow | |||
| CVE-2022-3592 | unknown | — | — | — | A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the… | |||
| CVE-2022-0156 | unknown | — | — | — | vim is vulnerable to Use After Free | |||
| CVE-2022-37052 | unknown | — | — | — | A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. | |||
| CVE-2022-0128 | unknown | — | — | — | vim is vulnerable to Out-of-bounds Read | |||
| CVE-2022-0433 | unknown | — | — | — | A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash … | |||
| CVE-2022-0319 | unknown | — | — | — | Out-of-bounds Read in vim/vim prior to 8.2. | |||
| CVE-2022-48902 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not WARN_ON() if we have PageError set Whenever we do any extent buffer operations we call assert_eb_page_uptodate() to… | |||
| CVE-2022-0158 | unknown | — | — | — | vim is vulnerable to Heap-based Buffer Overflow | |||
| CVE-2022-22746 | unknown | — | — | — | A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other oper… | |||
| CVE-2022-42931 | unknown | — | — | — | Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unenc… | |||
| CVE-2022-48571 | unknown | — | — | — | memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP. | |||
| CVE-2022-0351 | unknown | — | — | — | Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-4195 | unknown | — | — | — | Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: … | |||
| CVE-2022-0368 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-49271 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cifs: prevent bad output lengths in smb2_ioctl_query_info() When calling smb2_ioctl_query_info() with smb_query_info::flags=PASST… | |||
| CVE-2022-0393 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-0103 | unknown | — | — | — | Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0407 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-1310 | unknown | — | — | — | Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0408 | unknown | — | — | — | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-48711 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domai… | |||
| CVE-2022-22736 | unknown | — | — | — | If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not… | |||
| CVE-2022-50739 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check for inode operations This adds a sanity check for the i_op pointer of the inode which is returne… | |||
| CVE-2022-0417 | unknown | — | — | — | Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-49082 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() The function mpt3sas_transport_port_remove() called in _scsih_… | |||
| CVE-2022-0443 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-0800 | unknown | — | — | — | Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via… | |||
| CVE-2022-0572 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-48645 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC (taprio, cbs, gate, police) are conf… | |||
| CVE-2022-0629 | unknown | — | — | — | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2609 | unknown | — | — | — | Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap … | |||
| CVE-2022-0696 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. | |||
| CVE-2022-2085 | unknown | — | — | — | A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_… | |||
| CVE-2022-0714 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. | |||
| CVE-2022-33981 | unknown | — | — | — | drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. | |||
| CVE-2022-0729 | unknown | — | — | — | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. | |||
| CVE-2022-2380 | unknown | — | — | — | The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash th… | |||
| CVE-2022-50828 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy` "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is u… | |||
| CVE-2022-1381 | unknown | — | — | — | global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible … | |||
| CVE-2022-1616 | unknown | — | — | — | Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote ex… | |||
| CVE-2022-48913 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debu… | |||
| CVE-2022-3305 | unknown | — | — | — | Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2022-22750 | unknown | — | — | — | By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged proc… | |||
| CVE-2022-2296 | unknown | — | — | — | Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit h… | |||
| CVE-2022-1652 | unknown | — | — | — | Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, … | |||
| CVE-2022-50533 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mlme: fix null-ptr deref on failed assoc If association to an AP without a link 0 fails, then we crash in tracing… | |||
| CVE-2022-1720 | unknown | — | — | — | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | |||
| CVE-2022-1674 | unknown | — | — | — | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allow… | |||
| CVE-2022-29156 | unknown | — | — | — | drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. | |||
| CVE-2022-1725 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. | |||
| CVE-2022-0670 | unknown | — | — | — | A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volum… | |||
| CVE-2022-1733 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | |||
| CVE-2022-48629 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rng_alg expects that the desti… | |||
| CVE-2022-1735 | unknown | — | — | — | Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. | |||
| CVE-2022-3650 | unknown | — | — | — | A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. | |||
| CVE-2022-1769 | unknown | — | — | — | Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. | |||
| CVE-2022-48694 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error t… | |||
| CVE-2022-50568 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix f_hidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosi… | |||
| CVE-2022-3854 | unknown | — | — | — | A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. | |||
| CVE-2022-1851 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-0308 | unknown | — | — | — | Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap c… | |||
| CVE-2022-1886 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-34000 | unknown | — | — | — | libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | |||
| CVE-2022-1898 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-50575 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() As 'kdata.num' is user-controlled data, if user tries to all… | |||
| CVE-2022-26110 | unknown | — | — | — | An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then imper… | |||
| CVE-2022-2208 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. | |||
| CVE-2022-1942 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-44640 | unknown | — | — | — | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). | |||
| CVE-2022-1968 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-3055 | unknown | — | — | — | Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a c… | |||
| CVE-2022-2124 | unknown | — | — | — | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-46883 | unknown | — | — | — | Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corr… | |||
| CVE-2022-2042 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-0971 | unknown | — | — | — | Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafte… | |||
| CVE-2022-2125 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-0382 | unknown | — | — | — | An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a l… | |||
| CVE-2022-2129 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-49402 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ftrace: Clean up hash direct_functions on register failures We see the following GPF when register_ftrace_direct fails: [ ] gene… | |||
| CVE-2022-2183 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-32743 | unknown | — | — | — | Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | |||
| CVE-2022-3304 | unknown | — | — | — | Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-2175 | unknown | — | — | — | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-2182 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-3103 | unknown | — | — | — | off-by-one in io_uring module. | |||
| CVE-2022-1671 | unknown | — | — | — | A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information. | |||
| CVE-2022-22758 | unknown | — | — | — | When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this … | |||
| CVE-2022-0264 | unknown | — | — | — | A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions t… | |||
| CVE-2022-0400 | unknown | — | — | — | An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. | |||
| CVE-2022-22757 | unknown | — | — | — | Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected… | |||
| CVE-2022-37155 | unknown | — | — | — | RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter. |