CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36351 | high | — | 8.0 | 3y ago | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||
| CVE-2022-50658 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fix memory leak in error path If for some reason the speedbin length is incorrect, then there is a memory leak in … | |||
| CVE-2022-40964 | high | — | 8.0 | 3y ago | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||
| CVE-2022-50825 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: wusb3801: fix fwnode refcount leak in wusb3801_probe() I got the following report while doing fault injection test: … | |||
| CVE-2022-50429 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() We should add the of_node_put() when breaking out of for_each_ch… | |||
| CVE-2022-50718 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix pci device refcount leak As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount … | |||
| CVE-2022-50520 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of pci_get_class() says, it returns a pci_device wi… | |||
| CVE-2022-50823 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: clk: tegra: Fix refcount leak in tegra114_clock_init of_find_matching_node() returns a node pointer with refcount incremented, we… | |||
| CVE-2022-50295 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd() Syzkaller produced the below call trace: BUG: KASAN: null-p… | |||
| CVE-2022-50527 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix size validation for non-exclusive domains (v4) Fix amdgpu_bo_validate_size() to check whether the TTM domain mana… | |||
| CVE-2022-49321 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: xprtrdma: treat all calls not a bcall when bc_serv is NULL When a rdma server returns a fault format reply, nfs v3 client may tre… | |||
| CVE-2022-49344 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s lock h… | |||
| CVE-2022-50004 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix metadata dst->dev xmit null pointer dereference When we try to transmit an skb with metadata_dst attached (i.e.… | |||
| CVE-2022-50724 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix resource leak in regulator_register() I got some resource leak reports while doing fault injection test: … | |||
| CVE-2022-50578 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in __class_register() If class_add_groups() returns error, the 'cp->subsys' need be unregister, a… | |||
| CVE-2022-50820 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: perf/arm_dmc620: Fix hotplug callback leak in dmc620_pmu_init() dmc620_pmu_init() won't remove the callback added by cpuhp_setup_… | |||
| CVE-2022-50361 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init() Fault injection test reports this issue: kernel BUG at… | |||
| CVE-2022-50464 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() As comment of pci_get_device() says, it returns a pci_device… | |||
| CVE-2022-49811 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe() iterator to … | |||
| CVE-2022-50444 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: clk: tegra20: Fix refcount leak in tegra20_clock_init of_find_matching_node() returns a node pointer with refcount incremented, w… | |||
| CVE-2022-50639 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: io-wq: Fix memory leak in worker creation If the CPU mask allocation for a node fails, then the memory allocated for the 'io_wqe'… | |||
| CVE-2022-50667 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() If the copy of the description string from userspace fails, then the page … | |||
| CVE-2022-50460 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_flock() If not flock, before return -ENOLCK, should free the xid, otherwise, the xid will be leaked. | |||
| CVE-2022-49028 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethr… | |||
| CVE-2022-38457 | high | — | 8.0 | 3y ago | A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. … | |||
| CVE-2022-50704 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switching USB config from rndis to other config, if th… | |||
| CVE-2022-40284 | high | — | 8.0 | 3y ago | RHSA-2023:5264: virt:rhel and virt-devel:rhel security and bug fix update (Important) | |||
| CVE-2022-32081 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32084 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32091 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32089 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-38791 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-47015 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32082 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-25883 | high | — | 8.0 | 3y ago | RHSA-2023:5362: nodejs:18 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-50661 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copy_seccomp() to no failure path. Our syzbot instance reported memory leaks in do_seccomp() [0], similar to the re… | |||
| CVE-2022-41804 | high | — | 8.0 | 3y ago | RHEA-2023:4995: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2022-40982 | high | — | 8.0 | 3y ago | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable in… | |||
| CVE-2022-45869 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-32885 | high | — | 8.0 | 3y ago | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lea… | |||
| CVE-2022-40609 | high | — | 8.0 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2022-37967 | high | — | 8.0 | 3y ago | RHEA-2023:3850: krb5 bug fix update (Important) | |||
| CVE-2022-25147 | high | — | 8.0 | 3y ago | RHSA-2023:3109: apr-util security update (Important) | |||
| CVE-2022-25265 | high | — | 8.0 | 3y ago | In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execu… | |||
| CVE-2022-41218 | high | — | 8.0 | 3y ago | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. | |||
| CVE-2022-50130 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: core: set smem_len before fb_deferred_io_init call The fbtft_framebuffer_alloc() calls fb_deferred_io_init() befo… | |||
| CVE-2022-3524 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-3619 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49739 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range whe… | |||
| CVE-2022-48695 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use-after-free warning Fix the following use-after-free warning which is observed during controller reset: re… | |||
| CVE-2022-28388 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49903 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6_route_net_exit_late() During the initialization of ip6_route_net_init_late(), if file ipv6_route or rt6_… | |||
| CVE-2022-3028 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49990 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork() failure The pointers for guarded storage and runtime instrumentation control blo… | |||
| CVE-2022-49572 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. While reading sysctl_tcp_slow_start_after_idle, it can be changed co… | |||
| CVE-2022-49401 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm/page_owner: use strscpy() instead of strlcpy() current->comm[] is not a string (no guarantee for a zero byte in it). strlcpy(… | |||
| CVE-2022-50243 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctp_auth_asoc_init_active_key When it returns an error from sctp_auth_asoc_init_active_key(… | |||
| CVE-2022-50113 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type() We should call of_node_put() for the reference before its re… | |||
| CVE-2022-49962 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference in remove if xHC has only one roothub The remove path in xhci platform driver tries to remove … | |||
| CVE-2022-50086 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: block: don't allow the same type rq_qos add more than once In our test of iocost, we encountered some list add/del corruptions of… | |||
| CVE-2022-39189 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-50041 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ice: Fix call trace with null VSI during VF reset During stress test with attaching and detaching VF from KVM and simultaneously … | |||
| CVE-2022-36879 | high | — | 8.0 | 3y ago | An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. | |||
| CVE-2022-49967 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl, WRITE_ONCE() i… | |||
| CVE-2022-50211 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10_remove_disk when running the lvm test lvconvert-raid-reshape.sh. W… | |||
| CVE-2022-3522 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-50058 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: vdpa_sim_blk: set number of address spaces and virtqueue groups Commit bda324fd037a ("vdpasim: control virtqueue support") added … | |||
| CVE-2022-36280 | high | — | 8.0 | 3y ago | An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. … | |||
| CVE-2022-25881 | high | — | 8.0 | 3y ago | RHSA-2023:1743: nodejs:14 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-50206 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insn_emulation sysctls emulation_proc_handler() changes table->data for proc_dointvec_min… | |||
| CVE-2022-48934 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_… | |||
| CVE-2022-49980 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free Read in usb_udc_uevent() The syzbot fuzzer found a race between uevent callbacks and gadget drive… | |||
| CVE-2022-50221 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fix out-of-bounds access Clip memory range to screen-buffer size to avoid out-of-bounds access in fbdev deferred I… | |||
| CVE-2022-50215 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently s… | |||
| CVE-2022-49688 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employ… | |||
| CVE-2022-42896 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-50226 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be pass… | |||
| CVE-2022-46692 | high | — | 8.0 | 3y ago | A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPad… | |||
| CVE-2022-49136 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an error if HCI_UNREGISTER f… | |||
| CVE-2022-50229 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: Fix a UAF bug on the error path of probing When the driver fails in snd_card_register() at probe time, it will fre… | |||
| CVE-2022-49983 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set the DMA mask for the udmabuf device (v2) If the DMA mask is not set explicitly, the following warning occurs when th… | |||
| CVE-2022-50093 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) KASAN reports: [ 4.668325][ T0] BUG: KASAN: wild-memory-ac… | |||
| CVE-2022-4129 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-50302 | high | — | 8.0 | 3y ago | RHSA-2023:2458: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-49969 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock [Why] After ODM clock off, optc underflow bit will be kept there … | |||
| CVE-2022-49971 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in smu_v13_0_4_init_smc_table… | |||
| CVE-2022-50100 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue task on CPU excluded from cpus_mask The following warning was triggered on a large machine early in bo… | |||
| CVE-2022-50088 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory leak in damon_reclaim_init() damon_reclaim_init() allocates a memory chunk for ctx with da… | |||
| CVE-2022-50580 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code review in tg_with_in_bps_limit() that… | |||
| CVE-2022-50129 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srpt_port from regular members into pointers. Allocate … | |||
| CVE-2022-50120 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init of_parse_phandle() returns a node pointer with refcount increment… | |||
| CVE-2022-50196 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: Fix refcount leak in of_get_ocmem of_parse_phandle() returns a node pointer with refcount incremented, we shoul… | |||
| CVE-2022-50224 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the … | |||
| CVE-2022-50068 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix dummy res NULL ptr deref bug Check the bo->resource value before accessing the resource mem_type. v2: Fix commit de… | |||
| CVE-2022-49111 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE… | |||
| CVE-2022-49920 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: netlink notifier might race to release objects commit release path is invoked via call_rcu and it runs lock… | |||
| CVE-2022-49951 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call to devi… | |||
| CVE-2022-50189 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix file pointer leak Currently if a fscanf fails then an early return leaks an open file pointer. Fix thi… | |||
| CVE-2022-21594 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-49970 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purge_effective_progs Syzkaller reported a triggered kernel BUG as follows: ------------[ cut h… |