CVEs from 2022
Total
8,251
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.1%
% with KEV
1.6%
% with exploit
1.6%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-28805 | low | — | 2.5 | 3y ago | Low: lua security update | |
| CVE-2022-1615 | low | — | 2.5 | 3y ago | Low: samba security, bug fix, and enhancement update | |
| CVE-2022-35252 | low | — | 2.5 | 3y ago | Low: curl security update | |
| CVE-2022-43552 | low | — | 2.5 | 3y ago | Low: curl security update | |
| CVE-2022-1122 | low | — | 2.5 | 4y ago | Low: openjpeg2 security update | |
| CVE-2022-0897 | low | — | 2.5 | 4y ago | Low: libvirt security, bug fix, and enhancement update | |
| CVE-2022-23645 | low | — | 2.5 | 4y ago | Low: swtpm security and bug fix update | |
| CVE-2022-2211 | low | — | 2.5 | 4y ago | Low: virt-v2v security, bug fix, and enhancement update | |
| CVE-2022-24735 | low | — | 2.5 | 4y ago | Low: redis security and bug fix update | |
| CVE-2022-24736 | low | — | 2.5 | 4y ago | Low: redis security and bug fix update | |
| CVE-2022-3358 | low | — | 2.5 | 4y ago | Low: openssl security and bug fix update | |
| CVE-2022-34000 | unknown | — | — | — | libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | |
| CVE-2022-4558 | unknown | — | — | — | A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail … | |
| CVE-2022-4556 | unknown | — | — | — | A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the … | |
| CVE-2022-46751 | unknown | — | — | 3y ago | Apache Ivy External Entity Reference vulnerability | |
| CVE-2022-41929 | unknown | — | — | 4y ago | Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore | |
| CVE-2022-45380 | unknown | — | — | 4y ago | Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion | |
| CVE-2022-43412 | unknown | — | — | 4y ago | Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin | |
| CVE-2022-43404 | unknown | — | — | 4y ago | Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin | |
| CVE-2022-39261 | unknown | — | — | 4y ago | Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a us… | |
| CVE-2022-40955 | unknown | — | — | 4y ago | Apache InLong vulnerable to Deserialization of Untrusted Data | |
| CVE-2022-36100 | unknown | — | — | 4y ago | XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection | |
| CVE-2022-40634 | unknown | — | — | 4y ago | CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources | |
| CVE-2022-38664 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Job Configuration History Plugin | |
| CVE-2022-27166 | unknown | — | — | 4y ago | Apache JSPWiki XSS due to crafted request on XHRHtml2Markup.jsp | |
| CVE-2022-31183 | unknown | — | — | 4y ago | fs2-io skips mTLS client verification | |
| CVE-2022-34803 | unknown | — | — | 4y ago | Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability | |
| CVE-2022-34181 | unknown | — | — | 4y ago | Agent-to-controller security bypass in Jenkins xUnit Plugin | |
| CVE-2022-34177 | unknown | — | — | 4y ago | Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin | |
| CVE-2022-31268 | unknown | — | — | 4y ago | Path traversal in Gitblit | |
| CVE-2022-0272 | unknown | — | — | 4y ago | XML External Entity Reference in detekt | |
| CVE-2022-23974 | unknown | — | — | 4y ago | Logic error in Apache Pinot | |
| CVE-2022-25179 | unknown | — | — | 4y ago | Link Following in Jenkins Pipeline Multibranch Plugin | |
| CVE-2022-25193 | unknown | — | — | 4y ago | Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization | |
| CVE-2022-25212 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials | |
| CVE-2022-23614 | unknown | — | — | 4y ago | Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In… | |
| CVE-2022-23621 | unknown | — | — | 4y ago | Missing authorization in xwiki-platform |