CVEs from 2022
Total
8,277
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.1%
% with KEV
1.6%
% with exploit
1.6%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-21919 | unknown | — | 1.5 | 4y ago | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2022-22718 | unknown | — | 1.5 | 4y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation. | |
| CVE-2022-1364 | unknown | — | 1.5 | 4y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |
| CVE-2022-22960 | unknown | — | 1.5 | 4y ago | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. | |
| CVE-2022-22954 | unknown | — | 1.5 | 4y ago | VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection. | |
| CVE-2022-24521 | unknown | — | 1.5 | 4y ago | Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2022-23176 | unknown | — | 1.5 | 4y ago | WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. | |
| CVE-2022-22674 | unknown | — | 1.5 | 4y ago | macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. | |
| CVE-2022-22675 | unknown | — | 1.5 | 4y ago | macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. | |
| CVE-2022-22963 | unknown | — | 1.5 | 4y ago | When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code executio… | |
| CVE-2022-22965 | unknown | — | 1.5 | 4y ago | Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | |
| CVE-2022-26871 | unknown | — | 1.5 | 4y ago | An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution. | |
| CVE-2022-1040 | unknown | — | 1.5 | 4y ago | An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution. | |
| CVE-2022-0543 | unknown | — | 1.5 | 4y ago | Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | |
| CVE-2022-26143 | unknown | — | 1.5 | 4y ago | A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degr… | |
| CVE-2022-21999 | unknown | — | 1.5 | 4y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation. | |
| CVE-2022-26318 | unknown | — | 1.5 | 4y ago | On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code. | |
| CVE-2022-22947 | unknown | — | 1.5 | 4y ago | Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. | |
| CVE-2022-20699 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |
| CVE-2022-20708 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |
| CVE-2022-20700 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |
| CVE-2022-20703 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |
| CVE-2022-20701 | unknown | — | 1.5 | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | |
| CVE-2022-24682 | unknown | — | 1.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code. | |
| CVE-2022-0609 | unknown | — | 1.5 | 4y ago | Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |
| CVE-2022-23134 | unknown | — | 1.5 | 4y ago | Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend. | |
| CVE-2022-23131 | unknown | — | 1.5 | 4y ago | Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML. | |
| CVE-2022-24086 | unknown | — | 1.5 | 4y ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution. | |
| CVE-2022-21882 | unknown | — | 1.5 | 4y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2022-22587 | unknown | — | 1.5 | 4y ago | Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. | |
| CVE-2022-4510 | unknown | — | 1.0 | 3y ago | A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extract… |