CVEs from 2022
Total
5,250
critical
critical 90
high
high 1,231
medium
medium 959
low
low 24
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-1962 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-28131 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-30630 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-24921 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-28327 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-30633 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-30632 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-29526 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-1705 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-24675 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-1650 | medium | — | 5.5 | 4y ago | RHSA-2022:6057: .NET Core 3.1 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-2514 | medium | — | 5.5 | 4y ago | The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim. | |||
| CVE-2022-2097 | medium | — | 5.5 | 4y ago | RHSA-2022:5818: openssl security update (Moderate) | |||
| CVE-2022-1621 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-1420 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-1586 | medium | — | 5.5 | 4y ago | RHSA-2022:5809: pcre2 security update (Moderate) | |||
| CVE-2022-1629 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-0943 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-26280 | medium | — | 5.5 | 4y ago | Moderate: libarchive security update | |||
| CVE-2022-49044 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tag_size is less than digest size It is possible to set up dm-integrity in such a way th… | |||
| CVE-2022-0554 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-26353 | medium | — | 5.5 | 4y ago | A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memo… | |||
| CVE-2022-25313 | medium | — | 5.5 | 4y ago | Moderate: expat security update | |||
| CVE-2022-26354 | medium | — | 5.5 | 4y ago | A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected … | |||
| CVE-2022-27776 | medium | — | 5.5 | 4y ago | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | |||
| CVE-2022-1154 | medium | — | 5.5 | 4y ago | RHSA-2022:1552: vim security update (Moderate) | |||
| CVE-2022-29824 | medium | — | 5.5 | 4y ago | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation … | |||
| CVE-2022-25314 | medium | — | 5.5 | 4y ago | Moderate: expat security update | |||
| CVE-2022-1587 | medium | — | 5.5 | 4y ago | An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regula… | |||
| CVE-2022-1215 | medium | — | 5.5 | 4y ago | Moderate: libinput security update | |||
| CVE-2022-30184 | medium | — | 5.5 | 4y ago | RHSA-2022:5061: .NET Core 3.1 security and bugfix update (Moderate) | |||
| CVE-2022-30552 | medium | 5.5 | 5.5 | 4y ago | Das U-Boot 2022.01 has a Buffer Overflow. | |||
| CVE-2022-1708 | medium | — | 5.5 | 4y ago | RHSA-2022:7529: container-tools:3.0 security update (Moderate) | |||
| CVE-2022-23772 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-23806 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-21443 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-23303 | medium | — | 5.5 | 4y ago | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an inc… | |||
| CVE-2022-21434 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21496 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-22822 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22825 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-0413 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-22827 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22823 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22826 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22824 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-25762 | medium | — | 5.5 | 4y ago | If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible tha… | |||
| CVE-2022-28265 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28264 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28263 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28261 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28259 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28258 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28255 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28253 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28251 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28245 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-29107 | medium | 5.5 | 5.5 | 4y ago | Microsoft Office Security Feature Bypass Vulnerability | |||
| CVE-2022-21658 | medium | — | 5.5 | 4y ago | RHSA-2022:1894: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-27650 | medium | — | 5.5 | 4y ago | A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with… | |||
| CVE-2022-0485 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22637 | medium | — | 5.5 | 4y ago | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause un… | |||
| CVE-2022-22594 | medium | — | 5.5 | 4y ago | A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A webs… | |||
| CVE-2022-22592 | medium | — | 5.5 | 4y ago | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted w… | |||
| CVE-2022-22590 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously… | |||
| CVE-2022-22589 | medium | — | 5.5 | 4y ago | A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously … | |||
| CVE-2022-1117 | medium | — | 5.5 | 4y ago | RHSA-2022:1898: fapolicyd security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-1343 | medium | — | 5.5 | 4y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-1473 | medium | — | 5.5 | 4y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-27385 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-31624 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-31621 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-28346 | medium | — | 5.5 | 4y ago | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via … | |||
| CVE-2022-28347 | medium | — | 5.5 | 4y ago | A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion… | |||
| CVE-2022-24795 | medium | — | 5.5 | 4y ago | RHSA-2022:7524: yajl security update (Moderate) | |||
| CVE-2022-24801 | medium | — | 5.5 | 4y ago | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed se… | |||
| CVE-2022-23308 | medium | — | 5.5 | 4y ago | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | |||
| CVE-2022-23219 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2022-23218 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2022-0261 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0359 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0361 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0392 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0318 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0358 | medium | — | 5.5 | 4y ago | A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories sh… | |||
| CVE-2022-24511 | medium | 5.5 | 5.5 | 4y ago | Microsoft Office Word Tampering Vulnerability | |||
| CVE-2022-24462 | medium | 5.5 | 5.5 | 4y ago | Microsoft Word Security Feature Bypass Vulnerability | |||
| CVE-2022-21716 | medium | — | 5.5 | 4y ago | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the pe… | |||
| CVE-2022-0613 | medium | — | 5.5 | 4y ago | RHBA-2022:1386: .NET Core 3.1 on RHEL 8 bugfix update (Moderate) | |||
| CVE-2022-23633 | medium | — | 5.5 | 4y ago | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `Action… | |||
| CVE-2022-23634 | medium | — | 5.5 | 4y ago | Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the resp… | |||
| CVE-2022-21712 | medium | — | 5.5 | 4y ago | twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in … | |||
| CVE-2022-22818 | medium | — | 5.5 | 4y ago | The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. | |||
| CVE-2022-23833 | medium | — | 5.5 | 4y ago | An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsin… | |||
| CVE-2022-21248 | medium | — | 5.5 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21365 | medium | — | 5.5 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-23837 | medium | — | 5.5 | 4y ago | In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to… | |||
| CVE-2022-0235 | medium | — | 5.5 | 4y ago | RHSA-2023:0050: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-20166 | medium | — | 5.5 | 5y ago | In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges nee… | |||
| CVE-2022-50970 | medium | 5.4 | 5.4 | 26d ago | WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can cra… |