CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-21625 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-50049 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcm_add_paths(), it doesn't check … | |||
| CVE-2022-21637 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-50003 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t… | |||
| CVE-2022-50050 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string ov… | |||
| CVE-2022-50052 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflo… | |||
| CVE-2022-49739 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range whe… | |||
| CVE-2022-49981 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidraw_release() Free the buffered reports before deleting the list entry. BUG: memory leak unre… | |||
| CVE-2022-50111 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6359: Fix refcount leak bug In mt6359_parse_dt() and mt6359_accdet_parse_dt(), we should call of_node_put() for the refer… | |||
| CVE-2022-42721 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21599 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-39410 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-50154 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() of_get_child_by_name() returns a node pointer with refcount … | |||
| CVE-2022-49647 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading css_sets for migration Each cset (css_set) is pinned by its tasks. When we're … | |||
| CVE-2022-42852 | high | — | 8.0 | 3y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processi… | |||
| CVE-2022-50070 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ip… | |||
| CVE-2022-50100 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue task on CPU excluded from cpus_mask The following warning was triggered on a large machine early in bo… | |||
| CVE-2022-50039 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() Commit 09f012e64e4b ("stmmac: intel: Fix cloc… | |||
| CVE-2022-49345 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport __init-annotated xfrm4_protocol_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text s… | |||
| CVE-2022-50122 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe of_parse_phandle() returns a node pointer with refcou… | |||
| CVE-2022-49072 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: gpio: Restrict usage of GPIO chip irq members before initialization GPIO chip irq members are exposed before they could be comple… | |||
| CVE-2022-50726 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5_cmd_cleanup_async_ctx should return only after all its call… | |||
| CVE-2022-49116 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use memset avoid memory leaks Use memset to initialize structs to prevent memory leaks in l2cap_ecred_connect | |||
| CVE-2022-49223 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cxl/port: Hold port reference until decoder release KASAN + DEBUG_KOBJECT_RELEASE reports a potential use-after-free in cxl_decod… | |||
| CVE-2022-49612 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fix boundary conditions in interpolation The functions power_supply_temp2resist_simple and power_supply_ocv2… | |||
| CVE-2022-49114 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When the refer… | |||
| CVE-2022-21594 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-49984 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submittin… | |||
| CVE-2022-28388 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-41674 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49994 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem The vmemmap pages is marked by kmemleak when allocated from m… | |||
| CVE-2022-49993 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, wherein a configuration o… | |||
| CVE-2022-50285 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages The h->*_huge_pages counters are protected by the hugetlb_lo… | |||
| CVE-2022-39189 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-47929 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-25881 | high | — | 8.0 | 3y ago | RHSA-2023:1743: nodejs:14 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-49323 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() It will cause null-ptr-deref when using 'res', if platform… | |||
| CVE-2022-49983 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set the DMA mask for the udmabuf device (v2) If the DMA mask is not set explicitly, the following warning occurs when th… | |||
| CVE-2022-49980 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free Read in usb_udc_uevent() The syzbot fuzzer found a race between uevent callbacks and gadget drive… | |||
| CVE-2022-50006 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: NFSv4.2 fix problems with __nfs42_ssc_open A destination server while doing a COPY shouldn't accept using the passed in filehandl… | |||
| CVE-2022-50022 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drivers:md:fix a potential use-after-free bug In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and may cause s… | |||
| CVE-2022-49580 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. While reading sysctl_fib_multipath_use_neigh, it can be changed conc… | |||
| CVE-2022-49967 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl, WRITE_ONCE() i… | |||
| CVE-2022-36879 | high | — | 8.0 | 3y ago | An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. | |||
| CVE-2022-49911 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: enforce documented limit to prevent allocating huge memory Daniel Xu reported that the hash:net,iface type of t… | |||
| CVE-2022-49986 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as i… | |||
| CVE-2022-50002 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY Only set MLX5_LAG_FLAG_NDEVS_READY if both netdevices are registered. Doi… | |||
| CVE-2022-49022 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration Fix possible out-of-bound access in ieee80211_get_rate_dura… | |||
| CVE-2022-49362 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix potential use-after-free in nfsd_file_put() nfsd_file_put_noref() can free @nf, so don't dereference @nf immediately up… | |||
| CVE-2022-4128 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49236 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btf_try_get_module and load_module While working on code to populate kfunc BTF ID sets for modul… | |||
| CVE-2022-49992 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: only reference swap pfn page if type match Yu Zhao reported a bug after the commit "mm/swap: Add swp_offset_pfn() to… | |||
| CVE-2022-50385 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfs_d_automount() When mounting from a NFSv4 referral, path->dentry can end up being a negative dentry, so de… | |||
| CVE-2022-50467 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID An error case exit from lpfc_cmpl_ct_cmd_gft_id() resu… | |||
| CVE-2022-3623 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-3625 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-3707 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-3628 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-39188 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-42720 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-3028 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-3524 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21505 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-3640 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49594 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. While reading sysctl_tcp_mtu_probe_floor, it can be changed concurrently.… | |||
| CVE-2022-32886 | high | — | 8.0 | 3y ago | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitra… | |||
| CVE-2022-49585 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. While reading sysctl_tcp_fastopen_blackhole_timeout, it can be … | |||
| CVE-2022-50032 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will return a node pointer with refcoun… | |||
| CVE-2022-50839 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential buffer head reference count leak As in 'jbd2_fc_wait_bufs' if buffer isn't uptodate, will return -EIO without… | |||
| CVE-2022-49726 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .… | |||
| CVE-2022-42722 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49646 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue fo… | |||
| CVE-2022-49603 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_update_priority. While reading sysctl_ip_fwd_update_priority, it can be changed concurren… | |||
| CVE-2022-49644 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() If drm_connector_init fails, intel_connector_free will be … | |||
| CVE-2022-49639 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add R… | |||
| CVE-2022-49641 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race… | |||
| CVE-2022-49634 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in proc_dou8vec_minmax(). A sysctl variable is accessed concurrently, and there is always a chance of data… | |||
| CVE-2022-50496 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy() Dm_cache also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefor… | |||
| CVE-2022-50534 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: dm thin: Use last transaction's pmd->root when commit failed Recently we found a softlock up problem in dm thin pool btree lookup… | |||
| CVE-2022-49637 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_sync_mem. While reading sysctl_fib_sync_mem, it can be changed concurrently. So, we need … | |||
| CVE-2022-50021 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: block range must be validated before use in ext4_mb_clear_bb() Block range to free is validated in ext4_free_blocks() using… | |||
| CVE-2022-49971 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in smu_v13_0_4_init_smc_table… | |||
| CVE-2022-1462 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-3566 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-50427 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should … | |||
| CVE-2022-50459 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Fix a NULL pointer crash that occurs when we are freeing t… | |||
| CVE-2022-50615 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() pci_get_device() will increase the reference count for t… | |||
| CVE-2022-32888 | high | — | 8.0 | 3y ago | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6… | |||
| CVE-2022-49853 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: macvlan: fix memory leaks of macvlan_common_newlink kmemleak reports memory leaks in macvlan_common_newlink, as follows: i… | |||
| CVE-2022-1789 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49848 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-combo: fix NULL-deref on runtime resume Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS… | |||
| CVE-2022-2196 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49688 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employ… | |||
| CVE-2022-3567 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-4129 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49602 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_fwmark_reflect. While reading sysctl_fwmark_reflect, it can be changed concurrently. Thus, we n… | |||
| CVE-2022-43750 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-49862 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header This is a follow-up for commit 974cb0e3e7c9 ("tipc:… | |||
| CVE-2022-33743 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-50020 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to an unaligned cluster boun… |