CVEs from 2022
Total
5,252
critical
critical 90
high
high 1,231
medium
medium 959
low
low 24
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-49179 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq Our test report a UAF: [ 2073.019181] ==========================================================… | |||
| CVE-2022-49175 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in device_pm_check_callbacks() The function device_pm_check_callbacks() can be called under the spin loc… | |||
| CVE-2022-26716 | medium | — | 5.5 | 4y ago | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing malicious… | |||
| CVE-2022-26710 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web … | |||
| CVE-2022-26709 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously… | |||
| CVE-2022-26700 | medium | — | 5.5 | 4y ago | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing malicious… | |||
| CVE-2022-22662 | medium | — | 5.5 | 4y ago | A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may … | |||
| CVE-2022-22629 | medium | — | 5.5 | 4y ago | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 1… | |||
| CVE-2022-22628 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously… | |||
| CVE-2022-49147 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, i… | |||
| CVE-2022-49145 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, … | |||
| CVE-2022-49142 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta … | |||
| CVE-2022-49123 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: [25393.301506] ath11k_pci 0000:01:00.0… | |||
| CVE-2022-49122 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and use… | |||
| CVE-2022-49093 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: skbuff: fix coalescing for page_pool fragment recycling Fix a use-after-free when using page_pool with page fragments. We encount… | |||
| CVE-2022-49090 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on store_cpu_topology() to call update_siblings_ma… | |||
| CVE-2022-49086 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate mem… | |||
| CVE-2022-49060 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() dev_name() was called with dev.parent as argument but without to NULL… | |||
| CVE-2022-49238 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 Commit b4a0f54156ac ("ath11k: move peer delete after vd… | |||
| CVE-2022-48921 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. This has been bisected to commit 4ef0c5c6b5ba ("k… | |||
| CVE-2022-48912 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been release… | |||
| CVE-2022-21698 | medium | — | 5.5 | 4y ago | RHSA-2022:7529: container-tools:3.0 security update (Moderate) | |||
| CVE-2022-49626 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: sfc: fix use after free when disabling sriov Use after free is detected by kfence when disabling sriov. What was read after being… | |||
| CVE-2022-1328 | medium | — | 5.5 | 4y ago | RHSA-2022:7640: mutt security update (Moderate) | |||
| CVE-2022-41105 | medium | 5.5 | 5.5 | 4y ago | Microsoft Excel Information Disclosure Vulnerability | |||
| CVE-2022-41104 | medium | 5.5 | 5.5 | 4y ago | Microsoft Excel Security Feature Bypass Vulnerability | |||
| CVE-2022-41103 | medium | 5.5 | 5.5 | 4y ago | Microsoft Word Information Disclosure Vulnerability | |||
| CVE-2022-41060 | medium | 5.5 | 5.5 | 4y ago | Microsoft Word Information Disclosure Vulnerability | |||
| CVE-2022-21682 | medium | — | 5.5 | 4y ago | RHSA-2022:7458: flatpak-builder security and bug fix update (Moderate) | |||
| CVE-2022-23960 | medium | — | 5.5 | 4y ago | Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buf… | |||
| CVE-2022-27950 | medium | — | 5.5 | 4y ago | In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. | |||
| CVE-2022-49616 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: rt7*-sdw: harden jack_detect_handler Realtek headset codec drivers typically check if the card is instantiated before proce… | |||
| CVE-2022-49674 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load (using raid_ctr), dm-raid allocates an array rs->devs… | |||
| CVE-2022-2938 | medium | — | 5.5 | 4y ago | A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corr… | |||
| CVE-2022-21824 | medium | — | 5.5 | 4y ago | RHSA-2022:9073: nodejs:16 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49281 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their o… | |||
| CVE-2022-50095 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to… | |||
| CVE-2022-33099 | medium | — | 5.5 | 4y ago | Moderate: lua security update | |||
| CVE-2022-37434 | medium | — | 5.5 | 4y ago | Moderate: rsync security and bug fix update | |||
| CVE-2022-21253 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21297 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21378 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21344 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21301 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49611 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comme… | |||
| CVE-2022-21374 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21256 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21351 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21362 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21379 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21358 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21367 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49610 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPEC_CTRL val… | |||
| CVE-2022-21348 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21302 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21254 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21352 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21339 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21342 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21270 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21370 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21368 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21245 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21372 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21304 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21278 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21303 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21265 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21264 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21249 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21600 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-33068 | medium | — | 5.5 | 4y ago | RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21628 | medium | — | 5.5 | 4y ago | RHSA-2023:0128: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-41032 | medium | — | 5.5 | 4y ago | RHSA-2022:7826: dotnet7.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-2509 | medium | — | 5.5 | 4y ago | Moderate: gnutls and nettle security, bug fix, and enhancement update | |||
| CVE-2022-3102 | medium | — | 5.5 | 4y ago | jwcrypto token substitution can lead to authentication bypass | |||
| CVE-2022-33987 | medium | — | 5.5 | 4y ago | RHSA-2022:6449: nodejs:16 security and bug fix update (Moderate) | |||
| CVE-2022-34903 | medium | — | 5.5 | 4y ago | RHSA-2022:6463: gnupg2 security update (Moderate) | |||
| CVE-2022-21440 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21412 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21415 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21417 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21438 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21423 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21427 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21452 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-49063 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap The CI testing bots triggered the following splat: [ 718.203054] BUG: K… | |||
| CVE-2022-21414 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21435 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21413 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-32215 | medium | — | 5.5 | 4y ago | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). | |||
| CVE-2022-21437 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21478 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21454 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21569 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21605 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-31212 | medium | — | 5.5 | 4y ago | Moderate: dbus-broker security update | |||
| CVE-2022-21635 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21525 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-21527 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) |