CVEs from 2022
Total
5,746
critical
critical 88
high
high 1,220
medium
medium 938
low
low 24
% Critical
1.5%
% with KEV
2.3%
% with exploit
2.5%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-1012 | high | — | 8.0 | 4y ago | RHSA-2022:5834: kernel-rt security and bug fix update (Important) | |||
| CVE-2022-32250 | high | — | 8.0 | 4y ago | RHSA-2022:5839: kpatch-patch security update (Important) | |||
| CVE-2022-1966 | high | — | 8.0 | 4y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-28734 | high | — | 8.0 | 4y ago | RHSA-2022:5095: grub2, mokutil, shim, and shim-unsigned-x64 security update (Important) | |||
| CVE-2022-28737 | high | — | 8.0 | 4y ago | RHSA-2022:5095: grub2, mokutil, shim, and shim-unsigned-x64 security update (Important) | |||
| CVE-2022-28733 | high | — | 8.0 | 4y ago | RHSA-2022:5095: grub2, mokutil, shim, and shim-unsigned-x64 security update (Important) | |||
| CVE-2022-28735 | high | — | 8.0 | 4y ago | RHSA-2022:5095: grub2, mokutil, shim, and shim-unsigned-x64 security update (Important) | |||
| CVE-2022-28736 | high | — | 8.0 | 4y ago | RHSA-2022:5095: grub2, mokutil, shim, and shim-unsigned-x64 security update (Important) | |||
| CVE-2022-26691 | high | — | 8.0 | 4y ago | RHSA-2022:5056: cups security and bug fix update (Important) | |||
| CVE-2022-32209 | high | — | 8.0 | 4y ago | # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifi… | |||
| CVE-2022-1834 | high | — | 8.0 | 4y ago | RHSA-2022:4887: thunderbird security update (Important) | |||
| CVE-2022-31742 | high | — | 8.0 | 4y ago | RHSA-2022:4887: thunderbird security update (Important) | |||
| CVE-2022-31740 | high | — | 8.0 | 4y ago | RHSA-2022:4887: thunderbird security update (Important) | |||
| CVE-2022-31738 | high | — | 8.0 | 4y ago | RHSA-2022:4887: thunderbird security update (Important) | |||
| CVE-2022-31737 | high | — | 8.0 | 4y ago | RHSA-2022:4887: thunderbird security update (Important) | |||
| CVE-2022-31736 | high | — | 8.0 | 4y ago | RHSA-2022:4887: thunderbird security update (Important) | |||
| CVE-2022-31747 | high | — | 8.0 | 4y ago | RHSA-2022:4887: thunderbird security update (Important) | |||
| CVE-2022-31741 | high | — | 8.0 | 4y ago | RHSA-2022:4887: thunderbird security update (Important) | |||
| CVE-2022-24903 | high | — | 8.0 | 4y ago | RHSA-2022:4799: rsyslog security update (Important) | |||
| CVE-2022-1552 | high | — | 8.0 | 4y ago | RHSA-2022:4855: postgresql:13 security update (Important) | |||
| CVE-2022-29599 | high | — | 8.0 | 4y ago | RHSA-2022:4798: maven:3.5 security update (Important) | |||
| CVE-2022-29917 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-29911 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-29912 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-29914 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-1520 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-24070 | high | — | 8.0 | 4y ago | RHSA-2022:4941: subversion:1.14 security update (Important) | |||
| CVE-2022-29916 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-29913 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-29909 | high | — | 8.0 | 4y ago | RHSA-2022:1730: thunderbird security update (Important) | |||
| CVE-2022-21449 | high | — | 8.0 | 4y ago | RHSA-2022:1445: java-17-openjdk security and bug fix update (Important) | |||
| CVE-2022-21426 | high | — | 8.0 | 4y ago | RHSA-2022:1491: java-1.8.0-openjdk security update (Important) | |||
| CVE-2022-25235 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-25315 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-23852 | high | — | 8.0 | 4y ago | RHSA-2022:0951: expat security update (Important) | |||
| CVE-2022-1271 | high | — | 8.0 | 4y ago | RHSA-2022:4991: xz security update (Important) | |||
| CVE-2022-23990 | high | — | 8.0 | 4y ago | RHSA-2025:21776: expat security update (Important) | |||
| CVE-2022-0001 | high | — | 8.0 | 4y ago | RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-0286 | high | — | 8.0 | 4y ago | RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-1011 | high | — | 8.0 | 4y ago | RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-0002 | high | — | 8.0 | 4y ago | RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-0322 | high | — | 8.0 | 4y ago | RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-3106 | high | — | 8.0 | 4y ago | RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-48904 | high | — | 8.0 | 4y ago | RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-0850 | high | — | 8.0 | 4y ago | RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-3105 | high | — | 8.0 | 4y ago | RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-48771 | high | — | 8.0 | 4y ago | RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-29970 | high | — | 8.0 | 4y ago | RHSA-2022:4661: pcs security update (Important) | |||
| CVE-2022-1227 | high | — | 8.0 | 4y ago | RHSA-2022:2143: container-tools:3.0 security update (Important) | |||
| CVE-2022-22577 | high | — | 8.0 | 4y ago | An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | |||
| CVE-2022-25636 | high | — | 8.0 | 4y ago | RHSA-2022:1555: kernel-rt security and bug fix update (Important) | |||
| CVE-2022-27777 | high | — | 8.0 | 4y ago | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | |||
| CVE-2022-25648 | high | — | 8.0 | 4y ago | The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git … | |||
| CVE-2022-1197 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-24836 | high | — | 8.0 | 4y ago | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encod… | |||
| CVE-2022-28289 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-28286 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-1097 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-28281 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-28282 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-28285 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-1196 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-27649 | high | — | 8.0 | 4y ago | RHSA-2022:1762: container-tools:rhel8 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-27651 | high | — | 8.0 | 4y ago | RHSA-2022:1762: container-tools:rhel8 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-28142 | high | — | 8.0 | 4y ago | SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin | |||
| CVE-2022-28133 | high | — | 8.0 | 4y ago | Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin | |||
| CVE-2022-28146 | high | — | 8.0 | 4y ago | Arbitrary file read vulnerability in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28155 | high | — | 8.0 | 4y ago | XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin | |||
| CVE-2022-28139 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins RocketChat Notifier Plugin | |||
| CVE-2022-28140 | high | — | 8.0 | 4y ago | XXE vulnerability in Jenkins Flaky Test Handler Plugin | |||
| CVE-2022-28136 | high | — | 8.0 | 4y ago | CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin | |||
| CVE-2022-28141 | high | — | 8.0 | 4y ago | Password stored in plain text by Jenkins Proxmox Plugin | |||
| CVE-2022-28138 | high | — | 8.0 | 4y ago | CSRF vulnerability in Jenkins RocketChat Notifier Plugin | |||
| CVE-2022-28134 | high | — | 8.0 | 4y ago | Missing permission checks in Jekins Bitbucket Server Integration Plugin | |||
| CVE-2022-28135 | high | — | 8.0 | 4y ago | Plaintext storage in Jenkins instant-messaging Plugin | |||
| CVE-2022-28137 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins JiraTestResultReporter Plugin | |||
| CVE-2022-28144 | high | — | 8.0 | 4y ago | Missing permission checks in Jenkins Proxmox Plugin | |||
| CVE-2022-28156 | high | — | 8.0 | 4y ago | Path traversal in Jenkins Phoenix AutoTest Plugin | |||
| CVE-2022-28143 | high | — | 8.0 | 4y ago | CSRF vulnerability in Proxmox Plugin | |||
| CVE-2022-28145 | high | — | 8.0 | 4y ago | Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28153 | high | — | 8.0 | 4y ago | Cross-site Scripting in Jenkins SiteMonitor Plugin | |||
| CVE-2022-28152 | high | — | 8.0 | 4y ago | CSRF vulnerability in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28147 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28154 | high | — | 8.0 | 4y ago | enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability | |||
| CVE-2022-28151 | high | — | 8.0 | 4y ago | Missing permission check in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28148 | high | — | 8.0 | 4y ago | Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin | |||
| CVE-2022-28149 | high | — | 8.0 | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28150 | high | — | 8.0 | 4y ago | Cross site request forgery in Jenkins Job and Node ownership Plugin | |||
| CVE-2022-28157 | high | — | 8.0 | 4y ago | Path traversal in Jenkins Pipeline Phoenix AutoTest Plugin | |||
| CVE-2022-28159 | high | — | 8.0 | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin | |||
| CVE-2022-28158 | high | — | 8.0 | 4y ago | Missing permission Jenkins Pipeline Phoenix AutoTest Plugin | |||
| CVE-2022-28160 | high | — | 8.0 | 4y ago | Arbitrary file read vulnerability in Jenkins Tests Selector Plugin | |||
| CVE-2022-24790 | high | — | 8.0 | 4y ago | Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the … | |||
| CVE-2022-0759 | high | — | 8.0 | 4y ago | A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not conf… | |||
| CVE-2022-22720 | high | — | 8.0 | 4y ago | RHSA-2022:1049: httpd:2.4 security update (Important) | |||
| CVE-2022-24761 | high | — | 8.0 | 4y ago | Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the… | |||
| CVE-2022-0566 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-0330 | high | — | 8.0 | 4y ago | RHSA-2022:0849: kpatch-patch security update (Important) | |||
| CVE-2022-0516 | high | — | 8.0 | 4y ago | RHSA-2022:0825: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-0435 | high | — | 8.0 | 4y ago | RHSA-2022:0849: kpatch-patch security update (Important) |