CVEs from 2022
Total
5,250
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-1922 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a h… | |||
| CVE-2022-1923 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwr… | |||
| CVE-2022-48337 | medium | — | 5.5 | 3y ago | RHSA-2023:7083: emacs security update (Moderate) | |||
| CVE-2022-49541 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799 | |||
| CVE-2022-41859 | medium | — | 5.5 | 3y ago | RHSA-2023:2870: freeradius:3.0 security update (Moderate) | |||
| CVE-2022-29187 | medium | — | 5.5 | 3y ago | RHSA-2023:2859: git security and bug fix update (Moderate) | |||
| CVE-2022-3736 | medium | — | 5.5 | 3y ago | RHSA-2023:2792: bind9.16 security and bug fix update (Moderate) | |||
| CVE-2022-50153 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented,… | |||
| CVE-2022-50055 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent memory for VF mailbox. … | |||
| CVE-2022-49700 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as… | |||
| CVE-2022-50228 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, … | |||
| CVE-2022-34302 | medium | — | 5.5 | 3y ago | Moderate: fwupd security and bug fix update | |||
| CVE-2022-1921 | medium | — | 5.5 | 3y ago | Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. | |||
| CVE-2022-40023 | medium | — | 5.5 | 3y ago | RHSA-2023:2893: python-mako security update (Moderate) | |||
| CVE-2022-2929 | medium | — | 5.5 | 3y ago | RHSA-2023:3000: dhcp security and bug fix update (Moderate) | |||
| CVE-2022-41723 | medium | — | 5.5 | 3y ago | A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | |||
| CVE-2022-41861 | medium | — | 5.5 | 3y ago | RHSA-2023:2870: freeradius:3.0 security update (Moderate) | |||
| CVE-2022-50069 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() The bpf_sys_bpf() helper function allows an eBPF program to load anot… | |||
| CVE-2022-32323 | medium | — | 5.5 | 3y ago | RHSA-2023:3067: autotrace security update (Moderate) | |||
| CVE-2022-2928 | medium | — | 5.5 | 3y ago | RHSA-2023:3000: dhcp security and bug fix update (Moderate) | |||
| CVE-2022-50717 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(), add a bounds … | |||
| CVE-2022-39377 | medium | — | 5.5 | 3y ago | RHSA-2023:2800: sysstat security and bug fix update (Moderate) | |||
| CVE-2022-50546 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4_evict_inode' Syzbot found the following issue: =========================================… | |||
| CVE-2022-46341 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This i… | |||
| CVE-2022-34301 | medium | — | 5.5 | 3y ago | Moderate: fwupd security and bug fix update | |||
| CVE-2022-1920 | medium | — | 5.5 | 3y ago | Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through hea… | |||
| CVE-2022-45939 | medium | — | 5.5 | 3y ago | RHSA-2023:3042: emacs security and bug fix update (Moderate) | |||
| CVE-2022-3598 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-39319 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-41973 | medium | — | 5.5 | 3y ago | RHSA-2023:2948: device-mapper-multipath security and bug fix update (Moderate) | |||
| CVE-2022-49081 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: highmem: fix checks in __kmap_local_sched_{in,out} When CONFIG_DEBUG_KMAP_LOCAL is enabled __kmap_local_sched_{in,out} check that… | |||
| CVE-2022-2122 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending… | |||
| CVE-2022-39347 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-39318 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-39283 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-39317 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-48339 | medium | — | 5.5 | 3y ago | RHSA-2023:7083: emacs security update (Moderate) | |||
| CVE-2022-37032 | medium | — | 5.5 | 3y ago | An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. | |||
| CVE-2022-2795 | medium | — | 5.5 | 3y ago | RHSA-2023:3002: bind security and bug fix update (Moderate) | |||
| CVE-2022-3094 | medium | — | 5.5 | 3y ago | RHSA-2023:7177: bind security update (Moderate) | |||
| CVE-2022-3924 | medium | — | 5.5 | 3y ago | RHSA-2023:2792: bind9.16 security and bug fix update (Moderate) | |||
| CVE-2022-2393 | medium | — | 5.5 | 3y ago | Moderate: pki-core security, bug fix, and enhancement update | |||
| CVE-2022-37454 | medium | — | 5.5 | 3y ago | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic… | |||
| CVE-2022-2625 | medium | — | 5.5 | 3y ago | RHSA-2023:1576: postgresql:13 security update (Moderate) | |||
| CVE-2022-4899 | medium | — | 5.5 | 3y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2022-47024 | medium | — | 5.5 | 3y ago | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impa… | |||
| CVE-2022-31631 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-31628 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-31629 | medium | — | 5.5 | 3y ago | RHSA-2024:10952: php:7.4 security update (Moderate) | |||
| CVE-2022-45061 | medium | — | 5.5 | 3y ago | Moderate: python3.9 security update | |||
| CVE-2022-31630 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-48303 | medium | — | 5.5 | 3y ago | RHSA-2023:0842: tar security update (Moderate) | |||
| CVE-2022-40897 | medium | — | 5.5 | 3y ago | RHSA-2024:2987: python27:2.7 security update (Moderate) | |||
| CVE-2022-4415 | medium | — | 5.5 | 3y ago | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | |||
| CVE-2022-36760 | medium | — | 5.5 | 3y ago | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reque… | |||
| CVE-2022-37436 | medium | — | 5.5 | 3y ago | Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers… | |||
| CVE-2022-45873 | medium | — | 5.5 | 3y ago | systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation m… | |||
| CVE-2022-4900 | medium | — | 5.5 | 3y ago | RHSA-2023:0848: php:8.0 security update (Moderate) | |||
| CVE-2022-4203 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-43680 | medium | — | 5.5 | 3y ago | RHSA-2023:0103: expat security update (Moderate) | |||
| CVE-2022-40304 | medium | — | 5.5 | 3y ago | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can b… | |||
| CVE-2022-42012 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-26307 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-26305 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-3821 | medium | — | 5.5 | 3y ago | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format… | |||
| CVE-2022-3140 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-40303 | medium | — | 5.5 | 3y ago | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an a… | |||
| CVE-2022-2521 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-42011 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-42010 | medium | — | 5.5 | 3y ago | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to cras… | |||
| CVE-2022-26306 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |||
| CVE-2022-2879 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2022-2880 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2022-41715 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2022-31197 | medium | — | 5.5 | 3y ago | Moderate: postgresql-jdbc security update | |||
| CVE-2022-2953 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-3715 | medium | — | 5.5 | 3y ago | Moderate: bash security update | |||
| CVE-2022-2520 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2057 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-50053 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavf_close in iavf_reset_task error handling. Doing so can lead to double call of napi… | |||
| CVE-2022-27664 | medium | — | 5.5 | 3y ago | Moderate: grafana-pcp security and enhancement update | |||
| CVE-2022-41717 | medium | — | 5.5 | 3y ago | Moderate: podman security and bug fix update | |||
| CVE-2022-32221 | medium | — | 5.5 | 3y ago | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same han… | |||
| CVE-2022-50054 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->v… | |||
| CVE-2022-2058 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2056 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2519 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-4144 | medium | — | 5.5 | 3y ago | An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, poten… | |||
| CVE-2022-2869 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2867 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-2868 | medium | — | 5.5 | 3y ago | RHSA-2023:0095: libtiff security update (Moderate) | |||
| CVE-2022-3517 | medium | — | 5.5 | 4y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2022-43548 | medium | — | 5.5 | 4y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2022-45442 | medium | — | 5.5 | 4y ago | RHSA-2023:0855: pcs security update (Moderate) | |||
| CVE-2022-24999 | medium | — | 5.5 | 4y ago | RHSA-2023:0050: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-32742 | medium | — | 5.5 | 4y ago | RHSA-2022:7111: samba security and bug fix update (Moderate) | |||
| CVE-2022-49107 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error Reset the last_readdir at the same time, and add a comm… | |||
| CVE-2022-21702 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-32891 | medium | — | 5.5 | 4y ago | The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | |||
| CVE-2022-30550 | medium | — | 5.5 | 4y ago | An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and m… |