CVEs from 2022
Total
6,002
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-0185 | high | — | 9.5 | 2y ago | A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivil… | |
| CVE-2022-48503 | high | — | 9.5 | 3y ago | Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be… | |
| CVE-2022-42856 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2022-0847 | high | — | 9.5 | 4y ago | A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus … | |
| CVE-2022-1096 | high | — | 9.5 | 4y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |
| CVE-2022-26486 | high | — | 9.5 | 4y ago | Important: thunderbird security update | |
| CVE-2022-2586 | medium | — | 7.0 | 4y ago | It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. | |
| CVE-2022-32893 | medium | — | 7.0 | 4y ago | Moderate: webkit2gtk3 security update | |
| CVE-2022-22620 | medium | — | 7.0 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |
| CVE-2022-24816 | unknown | — | 1.5 | 3y ago | Improper Control of Generation of Code ('Code Injection') in jai-ext | |
| CVE-2022-36537 | unknown | — | 1.5 | 4y ago | ZK Framework vulnerable to malicious POST | |
| CVE-2022-33891 | unknown | — | 1.5 | 4y ago | Apache Spark UI can allow impersonation if ACLs enabled | |
| CVE-2022-22963 | unknown | — | 1.5 | 4y ago | Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression | |
| CVE-2022-22965 | unknown | — | 1.5 | 4y ago | Remote Code Execution in Spring Framework | |
| CVE-2022-22947 | unknown | — | 1.5 | 4y ago | Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured |