CVEs from 2022
Total
5,250
critical
critical 90
high
high 1,231
medium
medium 959
low
low 24
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-49536 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces … | |||
| CVE-2022-49537 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processo… | |||
| CVE-2022-49538 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_rep… | |||
| CVE-2022-22844 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-1354 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |||
| CVE-2022-1355 | medium | — | 5.5 | 4y ago | RHSA-2022:7585: libtiff security update (Moderate) | |||
| CVE-2022-30698 | medium | — | 5.5 | 4y ago | RHSA-2022:7622: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49465 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: blk-throttle: Set BIO_THROTTLED when bio has been throttled 1.In current process, all bio will set the BIO_THROTTLED flag after _… | |||
| CVE-2022-48735 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix UAF of leds class devs at unbinding The LED class devices that are created by HD-audio codec drivers are registere… | |||
| CVE-2022-48738 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() We don't currently validate that the values being set are within th… | |||
| CVE-2022-48765 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC The below warning is splatting during guest reboot. ------------[ cu… | |||
| CVE-2022-49584 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero It is possible to disable VFs while the PF driver is proces… | |||
| CVE-2022-32189 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-2319 | medium | — | 5.5 | 4y ago | A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. | |||
| CVE-2022-49697 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix request_sock leak in sk lookup helpers A customer reported a request_socket leak in a Calico cloud environment. We found… | |||
| CVE-2022-49698 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user context, ie. local_out… | |||
| CVE-2022-27337 | medium | — | 5.5 | 4y ago | A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||
| CVE-2022-49708 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on ext4_mb_use_inode_pa Hulk Robot reported a BUG_ON: =============================================================… | |||
| CVE-2022-50212 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table When doing lookups for chains on the same batch by using it… | |||
| CVE-2022-30067 | medium | — | 5.5 | 4y ago | Moderate: gimp security and enhancement update | |||
| CVE-2022-25309 | medium | — | 5.5 | 4y ago | RHSA-2022:7514: fribidi security update (Moderate) | |||
| CVE-2022-27191 | medium | — | 5.5 | 4y ago | RHSA-2022:7469: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-49235 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. … | |||
| CVE-2022-49238 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 Commit b4a0f54156ac ("ath11k: move peer delete after vd… | |||
| CVE-2022-49264 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard … | |||
| CVE-2022-25255 | medium | — | 5.5 | 4y ago | In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | |||
| CVE-2022-2989 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-49297 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for m… | |||
| CVE-2022-31625 | medium | — | 5.5 | 4y ago | RHSA-2022:7624: php:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-50084 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and ru… | |||
| CVE-2022-21703 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-48921 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. This has been bisected to commit 4ef0c5c6b5ba ("k… | |||
| CVE-2022-0934 | medium | — | 5.5 | 4y ago | RHSA-2022:7633: dnsmasq security and bug fix update (Moderate) | |||
| CVE-2022-0996 | medium | — | 5.5 | 4y ago | RHSA-2022:5823: 389-ds:1.4 security update (Moderate) | |||
| CVE-2022-2850 | medium | — | 5.5 | 4y ago | RHSA-2022:7133: 389-ds:1.4 security update (Moderate) | |||
| CVE-2022-50092 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN… | |||
| CVE-2022-21713 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21673 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-25308 | medium | — | 5.5 | 4y ago | RHSA-2022:7514: fribidi security update (Moderate) | |||
| CVE-2022-48905 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. | |||
| CVE-2022-48918 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses a… | |||
| CVE-2022-48912 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been release… | |||
| CVE-2022-50085 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert… | |||
| CVE-2022-0918 | medium | — | 5.5 | 4y ago | RHSA-2022:5823: 389-ds:1.4 security update (Moderate) | |||
| CVE-2022-29162 | medium | — | 5.5 | 4y ago | RHSA-2022:7469: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-23816 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21499 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21125 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49291 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against t… | |||
| CVE-2022-30550 | medium | — | 5.5 | 4y ago | An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and m… | |||
| CVE-2022-21166 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-50187 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: fix netdev open race Make sure to allocate resources needed before registering the device. This specifically avoids havi… | |||
| CVE-2022-49626 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: sfc: fix use after free when disabling sriov Use after free is detected by kfence when disabling sriov. What was read after being… | |||
| CVE-2022-48936 | medium | — | 5.5 | 4y ago | RHSA-2024:8870: kernel-rt security update (Moderate) | |||
| CVE-2022-23825 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21123 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-22624 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web … | |||
| CVE-2022-49160 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash during module load unload test During purex packet handling the driver was incorrectly freeing a pre-all… | |||
| CVE-2022-50115 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes We have sanity checks for byte controls and i… | |||
| CVE-2022-36946 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-29900 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-28893 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-29901 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-28390 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-2639 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-26373 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-24448 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-50179 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem wa… | |||
| CVE-2022-49229 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ptp: unregister virtual clocks when unregistering physical clock. When unregistering a physical clock which has some virtual cloc… | |||
| CVE-2022-26125 | medium | — | 5.5 | 4y ago | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. | |||
| CVE-2022-1706 | medium | — | 5.5 | 4y ago | Moderate: ignition security, bug fix, and enhancement update | |||
| CVE-2022-32746 | medium | — | 5.5 | 4y ago | RHSA-2022:7730: libldb security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-1348 | medium | — | 5.5 | 4y ago | Moderate: logrotate security update | |||
| CVE-2022-49060 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() dev_name() was called with dev.parent as argument but without to NULL… | |||
| CVE-2022-49290 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 ("mac80211: mesh: Free ie data when leaving mesh") fix… | |||
| CVE-2022-49066 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with act_mirred, skb_headlen… | |||
| CVE-2022-39190 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49086 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate mem… | |||
| CVE-2022-49090 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on store_cpu_topology() to call update_siblings_ma… | |||
| CVE-2022-49093 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: skbuff: fix coalescing for page_pool fragment recycling Fix a use-after-free when using page_pool with page fragments. We encount… | |||
| CVE-2022-49098 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix potential crash on module unload The vmbus driver relies on the panic notifier infrastructure to perform … | |||
| CVE-2022-49107 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error Reset the last_readdir at the same time, and add a comm… | |||
| CVE-2022-49109 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in ceph_get_snapdir() The ceph_get_inode() will search for or insert a new inode into the hash … | |||
| CVE-2022-49122 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and use… | |||
| CVE-2022-49123 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: [25393.301506] ath11k_pci 0000:01:00.0… | |||
| CVE-2022-49129 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the reset_work has already been schedu… | |||
| CVE-2022-49130 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: mhi: use mhi_sync_power_up() If amss.bin was missing ath11k would crash during 'rmmod ath11k_pci'. The reason for that wa… | |||
| CVE-2022-21702 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49142 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta … | |||
| CVE-2022-49145 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, … | |||
| CVE-2022-49147 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, i… | |||
| CVE-2022-49152 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_S… | |||
| CVE-2022-49153 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 (s… | |||
| CVE-2022-49156 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer (fc_remote_port_delete) which can put the thread… | |||
| CVE-2022-49158 | medium | 5.5 | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel trigg… | |||
| CVE-2022-32990 | medium | — | 5.5 | 4y ago | Moderate: gimp security and enhancement update | |||
| CVE-2022-30699 | medium | — | 5.5 | 4y ago | RHSA-2022:7622: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-20368 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49412 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bfq: Avoid merging queues with different parents It can happen that the parent of a bfqq changes between the moment we decide two… | |||
| CVE-2022-2309 | medium | — | 5.5 | 4y ago | NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earli… |