CVEs from 2022
Total
5,252
critical
critical 90
high
high 1,231
medium
medium 959
low
low 24
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3570 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-49058 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_upda… | |||
| CVE-2022-46340 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger… | |||
| CVE-2022-46341 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This i… | |||
| CVE-2022-34301 | medium | — | 5.5 | 3y ago | Moderate: fwupd security and bug fix update | |||
| CVE-2022-41973 | medium | — | 5.5 | 3y ago | RHSA-2023:2948: device-mapper-multipath security and bug fix update (Moderate) | |||
| CVE-2022-3924 | medium | — | 5.5 | 3y ago | RHSA-2023:2792: bind9.16 security and bug fix update (Moderate) | |||
| CVE-2022-29187 | medium | — | 5.5 | 3y ago | RHSA-2023:2859: git security and bug fix update (Moderate) | |||
| CVE-2022-48337 | medium | — | 5.5 | 3y ago | RHSA-2023:7083: emacs security update (Moderate) | |||
| CVE-2022-46344 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potentia… | |||
| CVE-2022-46343 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local pr… | |||
| CVE-2022-46342 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privi… | |||
| CVE-2022-2122 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending… | |||
| CVE-2022-3551 | medium | — | 5.5 | 3y ago | A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memor… | |||
| CVE-2022-3094 | medium | — | 5.5 | 3y ago | RHSA-2023:7177: bind security update (Moderate) | |||
| CVE-2022-34303 | medium | — | 5.5 | 3y ago | Moderate: fwupd security and bug fix update | |||
| CVE-2022-3550 | medium | — | 5.5 | 3y ago | A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It… | |||
| CVE-2022-48339 | medium | — | 5.5 | 3y ago | RHSA-2023:7083: emacs security update (Moderate) | |||
| CVE-2022-4283 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetK… | |||
| CVE-2022-4172 | medium | — | 5.5 | 3y ago | An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues m… | |||
| CVE-2022-3287 | medium | — | 5.5 | 3y ago | When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read … | |||
| CVE-2022-3165 | medium | — | 5.5 | 3y ago | An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending… | |||
| CVE-2022-49081 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: highmem: fix checks in __kmap_local_sched_{in,out} When CONFIG_DEBUG_KMAP_LOCAL is enabled __kmap_local_sched_{in,out} check that… | |||
| CVE-2022-50668 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock due to mbcache entry corruption When manipulating xattr blocks, we can deadlock infinitely looping inside ext4… | |||
| CVE-2022-38784 | medium | — | 5.5 | 3y ago | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image co… | |||
| CVE-2022-39319 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-2393 | medium | — | 5.5 | 3y ago | Moderate: pki-core security, bug fix, and enhancement update | |||
| CVE-2022-50546 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4_evict_inode' Syzbot found the following issue: =========================================… | |||
| CVE-2022-44793 | medium | — | 5.5 | 3y ago | RHSA-2023:2969: net-snmp security and bug fix update (Moderate) | |||
| CVE-2022-44792 | medium | — | 5.5 | 3y ago | RHSA-2023:2969: net-snmp security and bug fix update (Moderate) | |||
| CVE-2022-50069 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() The bpf_sys_bpf() helper function allows an eBPF program to load anot… | |||
| CVE-2022-3190 | medium | — | 5.5 | 3y ago | Moderate: wireshark security and bug fix update | |||
| CVE-2022-49541 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799 | |||
| CVE-2022-41725 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-39347 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-50153 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented,… | |||
| CVE-2022-39318 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-39283 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-39317 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-37454 | medium | — | 5.5 | 3y ago | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic… | |||
| CVE-2022-2625 | medium | — | 5.5 | 3y ago | RHSA-2023:1576: postgresql:13 security update (Moderate) | |||
| CVE-2022-4899 | medium | — | 5.5 | 3y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2022-45873 | medium | — | 5.5 | 3y ago | systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation m… | |||
| CVE-2022-4415 | medium | — | 5.5 | 3y ago | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | |||
| CVE-2022-31629 | medium | — | 5.5 | 3y ago | RHSA-2024:10952: php:7.4 security update (Moderate) | |||
| CVE-2022-40897 | medium | — | 5.5 | 3y ago | RHSA-2024:2987: python27:2.7 security update (Moderate) | |||
| CVE-2022-45061 | medium | — | 5.5 | 3y ago | Moderate: python3.9 security update | |||
| CVE-2022-47024 | medium | — | 5.5 | 3y ago | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impa… | |||
| CVE-2022-37436 | medium | — | 5.5 | 3y ago | Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers… | |||
| CVE-2022-36760 | medium | — | 5.5 | 3y ago | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reque… | |||
| CVE-2022-48303 | medium | — | 5.5 | 3y ago | RHSA-2023:0842: tar security update (Moderate) | |||
| CVE-2022-31630 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-31631 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-31628 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-4900 | medium | — | 5.5 | 3y ago | RHSA-2023:0848: php:8.0 security update (Moderate) | |||
| CVE-2022-4203 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-27664 | medium | — | 5.5 | 3y ago | Moderate: grafana-pcp security and enhancement update | |||
| CVE-2022-2057 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2880 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2022-41715 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2022-2056 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-40303 | medium | — | 5.5 | 3y ago | RHSA-2023:0173: libxml2 security update (Moderate) | |||
| CVE-2022-2879 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2022-2058 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-3715 | medium | — | 5.5 | 3y ago | Moderate: bash security update | |||
| CVE-2022-31197 | medium | — | 5.5 | 3y ago | Moderate: postgresql-jdbc security update | |||
| CVE-2022-2953 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2520 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2519 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-32221 | medium | — | 5.5 | 3y ago | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same han… | |||
| CVE-2022-3821 | medium | — | 5.5 | 3y ago | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format… | |||
| CVE-2022-40304 | medium | — | 5.5 | 3y ago | RHSA-2023:0173: libxml2 security update (Moderate) | |||
| CVE-2022-43680 | medium | — | 5.5 | 3y ago | RHSA-2023:0103: expat security update (Moderate) | |||
| CVE-2022-2521 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-26306 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-26305 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-50053 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavf_close in iavf_reset_task error handling. Doing so can lead to double call of napi… | |||
| CVE-2022-41717 | medium | — | 5.5 | 3y ago | Moderate: podman security and bug fix update | |||
| CVE-2022-26307 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-3140 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-42010 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-42011 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-42012 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-50054 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->v… | |||
| CVE-2022-2868 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-4144 | medium | — | 5.5 | 3y ago | An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, poten… | |||
| CVE-2022-2867 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2869 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-3517 | medium | — | 5.5 | 4y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2022-43548 | medium | — | 5.5 | 4y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2022-45442 | medium | — | 5.5 | 4y ago | RHSA-2023:0855: pcs security update (Moderate) | |||
| CVE-2022-24999 | medium | — | 5.5 | 4y ago | RHSA-2023:0050: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49188 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region The device_node pointer is returned by of_parse_phandle() o… | |||
| CVE-2022-49122 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and use… | |||
| CVE-2022-49123 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: [25393.301506] ath11k_pci 0000:01:00.0… | |||
| CVE-2022-49290 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 ("mac80211: mesh: Free ie data when leaving mesh") fix… | |||
| CVE-2022-49129 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the reset_work has already been schedu… | |||
| CVE-2022-29581 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-20572 | medium | — | 5.5 | 4y ago | In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution pri… | |||
| CVE-2022-22624 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web … |