VIR Vulnerability Intelligence Relay

CVEs from 2022

8,004 normalized CVEs published or assigned in this year.

Total
8,004
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.1%
% with KEV
1.6%
% with exploit
1.6%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-35252 low 2.5 3y ago Low: curl security update redhatdebiansuse
CVE-2022-36227 low 2.5 3y ago Low: libarchive security update rockylinuxredhatsusedebian
CVE-2022-43552 low 2.5 3y ago Low: curl security update redhatdebiansuse
CVE-2022-1615 low 2.5 3y ago Low: samba security, bug fix, and enhancement update redhatsusedebian
CVE-2022-24736 low 2.5 4y ago Low: redis security and bug fix update redhatsuserockylinuxdebian
CVE-2022-1122 low 2.5 4y ago Low: openjpeg2 security update redhatsuserockylinuxdebian
CVE-2022-0897 low 2.5 4y ago Low: libvirt security, bug fix, and enhancement update redhatsuserockylinuxdebian
CVE-2022-23645 low 2.5 4y ago Low: swtpm security and bug fix update redhatrockylinuxdebian
CVE-2022-24735 low 2.5 4y ago Low: redis security and bug fix update redhatsuserockylinuxdebian
CVE-2022-2211 low 2.5 4y ago Low: virt-v2v security, bug fix, and enhancement update redhatsuserockylinuxdebian
CVE-2022-3358 low 2.5 4y ago Low: openssl security and bug fix update redhatsusedebianrust
CVE-2022-36537 unknown 1.5 4y ago ZK Framework vulnerable to malicious POST java
CVE-2022-33891 unknown 1.5 4y ago Apache Spark UI can allow impersonation if ACLs enabled susejavapython
CVE-2022-22963 unknown 1.5 4y ago Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression java
CVE-2022-22965 unknown 1.5 4y ago Remote Code Execution in Spring Framework debianjava
CVE-2022-22947 unknown 1.5 4y ago Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured java
CVE-2022-34000 unknown libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. debian
CVE-2022-4558 unknown A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail … debian
CVE-2022-4556 unknown A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the … debian
CVE-2022-37186 unknown In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a … debian
CVE-2022-41137 unknown 2y ago Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore java
CVE-2022-23553 unknown 2y ago Alpine allows URL access filter bypass java
CVE-2022-4963 unknown 2y ago SQL injection in Folio Spring Module Core java
CVE-2022-45135 unknown 3y ago Apache Cocoon SQL Injection vulnerability java
CVE-2022-2232 unknown 3y ago Keycloak vulnerable to LDAP Injection on UsernameForm Login java
CVE-2022-41678 unknown 3y ago Apache ActiveMQ Deserialization of Untrusted Data vulnerability debianjava
CVE-2022-46751 unknown 3y ago Apache Ivy External Entity Reference vulnerability susejava
CVE-2022-45048 unknown 3y ago Apache Ranger code execution vulnerability in policy expressions java
CVE-2022-45802 unknown 3y ago Apache StreamPark Path Traversal vulnerability java
CVE-2022-4361 unknown 3y ago Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC java
CVE-2022-47937 unknown 3y ago Apache Sling Commons JSON bundle vulnerable to Improper Input Validation java
CVE-2022-2712 unknown 3y ago Path Traversal In Eclipse GlassFish java
CVE-2022-25894 unknown 3y ago Remote Code Execution in com.bstek.uflo:uflo-core java
CVE-2022-47042 unknown 3y ago Arbitrary file write in net.mingsoft:ms-mcms java
CVE-2022-47105 unknown 3y ago Jeecg-boot is vulnerable to SQL injection java
CVE-2022-23532 unknown 3y ago org.neo4j.procedure:apoc Path Traversal Vulnerability java
CVE-2022-46769 unknown 3y ago Apache Sling App CMS vulnerable to reflected Cross-site Scripting java
CVE-2022-45875 unknown 3y ago Apache DolphinScheduler vulnerable to Improper Input Validation pythonjava
CVE-2022-4640 unknown 4y ago Mingsoft MCMS Cross-site Scripting vulnerability java
CVE-2022-25940 unknown 4y ago lite-server vulnerable to Denial of Service npmjava
CVE-2022-4565 unknown 4y ago HuTool vulnerable to Uncontrolled Resource Consumption java
CVE-2022-46363 unknown 4y ago Apache CXF vulnerable to Exposure of Sensitive Information java
CVE-2022-45685 unknown 4y ago Jettison Out-of-bounds Write vulnerability susedebianjava
CVE-2022-45688 unknown 4y ago json stack overflow vulnerability java
CVE-2022-3510 unknown 4y ago Protobuf Java vulnerable to Uncontrolled Resource Consumption susedebianjava
CVE-2022-46687 unknown 4y ago Cross-site Scripting in Jenkins Spring Config Plugin java
CVE-2022-46686 unknown 4y ago Jenkins Custom Build Properties Plugin vulnerable to Cross-site Scripting java
CVE-2022-44262 unknown 4y ago ff4j is vulnerable to Remote Code Execution (RCE) java
CVE-2022-45207 unknown 4y ago Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString java
CVE-2022-41934 unknown 4y ago Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui java
CVE-2022-41932 unknown 4y ago Creation of new database tables through login form on PostgreSQL java
CVE-2022-41931 unknown 4y ago Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui java
CVE-2022-41929 unknown 4y ago Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore java
CVE-2022-45470 unknown 4y ago Cross-site Scripting in Apache Hama java
CVE-2022-45146 unknown 4y ago Garbage collection issue in BC-FJA in Java 13 and later susejava
CVE-2022-43183 unknown 4y ago XXL-JOB vulnerable to Server-Side Request Forgery (SSRF) java
CVE-2022-45391 unknown 4y ago Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally java
CVE-2022-45400 unknown 4y ago XXE vulnerability in Jenkins JAPEX Plugin java
CVE-2022-45386 unknown 4y ago XML External Entity Reference in Jenkins Violations Plugin java
CVE-2022-45397 unknown 4y ago XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin java
CVE-2022-45381 unknown 4y ago Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin java
CVE-2022-45380 unknown 4y ago Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion java
CVE-2022-40308 unknown 4y ago Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user java
CVE-2022-42126 unknown 4y ago Missing permissions check in Liferay Portal java
CVE-2022-42127 unknown 4y ago Incorrect Default Permissions in Liferay Portal java
CVE-2022-42110 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module java
CVE-2022-45378 unknown 4y ago Apache SOAP contains unauthenticated RPCRouterServlet java
CVE-2022-44244 unknown 4y ago Lin CMS vulnerable to Improper Authentication pythonjava
CVE-2022-31777 unknown 4y ago Apache Spark vulnerable to Log Injection javapython
CVE-2022-31690 unknown 4y ago spring-security-oauth2-client vulnerable to Privilege Escalation java
CVE-2022-39944 unknown 4y ago Apache Linkis subject to Remote Code Execution via deserialization java
CVE-2022-34870 unknown 4y ago Apache Geode vulnerable to Cross-Site Scripting java
CVE-2022-39259 unknown 4y ago Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack java
CVE-2022-31684 unknown 4y ago Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens java
CVE-2022-43429 unknown 4y ago Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure java
CVE-2022-43423 unknown 4y ago Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin java
CVE-2022-43421 unknown 4y ago Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value java
CVE-2022-43413 unknown 4y ago Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins java
CVE-2022-43412 unknown 4y ago Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin java
CVE-2022-43414 unknown 4y ago Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure java
CVE-2022-43409 unknown 4y ago Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin java
CVE-2022-43406 unknown 4y ago Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin java
CVE-2022-43401 unknown 4y ago Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin java
CVE-2022-43405 unknown 4y ago Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin java
CVE-2022-43404 unknown 4y ago Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin java
CVE-2022-43415 unknown 4y ago XXE vulnerability in Jenkins REPO Plugin java
CVE-2022-43422 unknown 4y ago Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin java
CVE-2022-43417 unknown 4y ago Missing permission checks in Jenkins Katalon Plugin allow capturing credentials java
CVE-2022-43435 unknown 4y ago Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin java
CVE-2022-43419 unknown 4y ago API keys stored in plain text by Jenkins Katalon Plugin java
CVE-2022-42112 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module java
CVE-2022-42116 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module java
CVE-2022-39198 unknown 4y ago Hessian Lite for Apache Dubbo deserialization vulnerability java
CVE-2022-42466 unknown 4y ago Apache Isis Cross-site Scripting vulnerability java
CVE-2022-40664 unknown 4y ago Apache Shiro Authentication Bypass vulnerability debianjava
CVE-2022-41853 unknown 4y ago HyperSQL DataBase vulnerable to remote code execution when processing untrusted input susedebianjava
CVE-2022-39246 unknown 4y ago matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions java
CVE-2022-39261 unknown 4y ago Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a us… debianphp
CVE-2022-36944 unknown 4y ago Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization susedebianjava
CVE-2022-24280 unknown 4y ago Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint java