CVEs from 2022
Total
5,732
critical
critical 88
high
high 1,220
medium
medium 938
low
low 24
% Critical
1.5%
% with KEV
2.3%
% with exploit
3.1%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-25236 | high | — | 8.0 | 4y ago | RHSA-2022:7811: mingw-expat security update (Important) | |||
| CVE-2022-26384 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-26381 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-26383 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-26386 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-26387 | high | — | 8.0 | 4y ago | RHSA-2022:0845: thunderbird security update (Important) | |||
| CVE-2022-24713 | high | — | 8.0 | 4y ago | RHSA-2022:1301: thunderbird security update (Important) | |||
| CVE-2022-24407 | high | — | 8.0 | 4y ago | RHSA-2022:0658: cyrus-sasl security update (Important) | |||
| CVE-2022-22764 | high | — | 8.0 | 4y ago | RHSA-2022:0535: thunderbird security update (Important) | |||
| CVE-2022-22761 | high | — | 8.0 | 4y ago | RHSA-2022:0535: thunderbird security update (Important) | |||
| CVE-2022-22760 | high | — | 8.0 | 4y ago | RHSA-2022:0535: thunderbird security update (Important) | |||
| CVE-2022-22759 | high | — | 8.0 | 4y ago | RHSA-2022:0535: thunderbird security update (Important) | |||
| CVE-2022-22763 | high | — | 8.0 | 4y ago | RHSA-2022:0535: thunderbird security update (Important) | |||
| CVE-2022-22754 | high | — | 8.0 | 4y ago | RHSA-2022:0535: thunderbird security update (Important) | |||
| CVE-2022-22756 | high | — | 8.0 | 4y ago | RHSA-2022:0535: thunderbird security update (Important) | |||
| CVE-2022-219862 | high | — | 8.0 | 4y ago | RHSA-2022:0496: .NET 6.0 security and bugfix update (Important) | |||
| CVE-2022-23959 | high | — | 8.0 | 4y ago | RHSA-2022:0418: varnish:6 security update (Important) | |||
| CVE-2022-23094 | high | — | 8.0 | 4y ago | RHSA-2022:0199: libreswan security update (Important) | |||
| CVE-2022-22815 | high | — | 8.0 | 4y ago | RHSA-2022:0643: python-pillow security update (Important) | |||
| CVE-2022-22816 | high | — | 8.0 | 4y ago | RHSA-2022:0643: python-pillow security update (Important) | |||
| CVE-2022-22817 | high | — | 8.0 | 4y ago | RHSA-2022:0643: python-pillow security update (Important) | |||
| CVE-2022-22741 | high | — | 8.0 | 4y ago | RHSA-2022:0130: firefox security update (Important) | |||
| CVE-2022-22745 | high | — | 8.0 | 4y ago | RHSA-2022:0130: firefox security update (Important) | |||
| CVE-2022-22738 | high | — | 8.0 | 4y ago | RHSA-2022:0130: firefox security update (Important) | |||
| CVE-2022-22737 | high | — | 8.0 | 4y ago | RHSA-2022:0130: firefox security update (Important) | |||
| CVE-2022-22739 | high | — | 8.0 | 4y ago | RHSA-2022:0130: firefox security update (Important) | |||
| CVE-2022-22743 | high | — | 8.0 | 4y ago | RHSA-2022:0130: firefox security update (Important) | |||
| CVE-2022-22740 | high | — | 8.0 | 4y ago | RHSA-2022:0130: firefox security update (Important) | |||
| CVE-2022-22748 | high | — | 8.0 | 4y ago | RHSA-2022:0130: firefox security update (Important) | |||
| CVE-2022-22742 | high | — | 8.0 | 4y ago | RHSA-2022:0130: firefox security update (Important) | |||
| CVE-2022-22747 | high | — | 8.0 | 4y ago | After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability a… | |||
| CVE-2022-22751 | high | — | 8.0 | 4y ago | RHSA-2022:0130: firefox security update (Important) | |||
| CVE-2022-21589 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2022-26861 | high | 7.9 | 7.9 | 4y ago | Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitra… | |||
| CVE-2022-26522 | high | 7.8 | 7.8 | 23d ago | The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service… | |||
| CVE-2022-34227 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-34224 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-44696 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-44695 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-44694 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-44702 | high | 7.8 | 7.8 | 4y ago | Windows Terminal Remote Code Execution Vulnerability | |||
| CVE-2022-41089 | high | 7.8 | 7.8 | 4y ago | .NET Remote Code Execution Vulnerability | |||
| CVE-2022-41107 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Graphics Remote Code Execution Vulnerability | |||
| CVE-2022-41063 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-41061 | high | 7.8 | 7.8 | 4y ago | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2022-34219 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-34220 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-34221 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vu… | |||
| CVE-2022-34216 | high | 7.8 | 7.8 | 4y ago | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code … | |||
| CVE-2022-30790 | high | 7.8 | 7.8 | 4y ago | Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. | |||
| CVE-2022-28838 | high | 7.8 | 7.8 | 4y ago | Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code… | |||
| CVE-2022-28243 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28242 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exec… | |||
| CVE-2022-28240 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exec… | |||
| CVE-2022-28239 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28234 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a heap-based buffer overflow vulnerability due to insecure handling of … | |||
| CVE-2022-28232 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the collab object … | |||
| CVE-2022-28231 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by an out-of-bounds read vulnerability when processing a doc object, which… | |||
| CVE-2022-27801 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that c… | |||
| CVE-2022-27800 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that c… | |||
| CVE-2022-27799 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event… | |||
| CVE-2022-27794 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by the use of a variable that has not been initialized when processing of … | |||
| CVE-2022-27792 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary co… | |||
| CVE-2022-27791 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a stack-based buffer overflow vulnerability due to insecure processing … | |||
| CVE-2022-27789 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event… | |||
| CVE-2022-24104 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exe… | |||
| CVE-2022-24102 | high | 7.8 | 7.8 | 4y ago | Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exe… | |||
| CVE-2022-29109 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-26926 | high | 7.8 | 7.8 | 4y ago | Windows Address Book Remote Code Execution Vulnerability | |||
| CVE-2022-26901 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-24473 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-24510 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-24509 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-24461 | high | 7.8 | 7.8 | 4y ago | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-24501 | high | 7.8 | 7.8 | 4y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-24457 | high | 7.8 | 7.8 | 4y ago | HEIF Image Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-24451 | high | 7.8 | 7.8 | 4y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-23282 | high | 7.8 | 7.8 | 4y ago | Paint 3D Remote Code Execution Vulnerability | |||
| CVE-2022-22709 | high | 7.8 | 7.8 | 4y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2022-21841 | high | 7.8 | 7.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-20920 | high | 7.7 | 7.7 | 4y ago | A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is du… | |||
| CVE-2022-34363 | high | 7.5 | 7.5 | 8d ago | Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp | |||
| CVE-2022-31231 | high | 7.5 | 7.5 | 8d ago | Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, le… | |||
| CVE-2022-50992 | high | 7.5 | 7.5 | 1mo ago | Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers t… | |||
| CVE-2022-40696 | high | 7.5 | 7.5 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2. | |||
| CVE-2022-45354 | high | 7.5 | 7.5 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | |||
| CVE-2022-44589 | high | 7.5 | 7.5 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | … | |||
| CVE-2022-36399 | high | 7.5 | 7.5 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordP… | |||
| CVE-2022-47597 | high | 7.5 | 7.5 | 3y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker – Popup for opt-ins, lead gen, & more.This issue affects Popup Maker – Popup for opt-ins, lead gen,… | |||
| CVE-2022-45835 | high | 7.5 | 7.5 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. | |||
| CVE-2022-31474 | high | 7.5 | 7.5 | 3y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | |||
| CVE-2022-48363 | high | 7.5 | 7.5 | 3y ago | In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an… | |||
| CVE-2022-45788 | high | 7.5 | 7.5 | 3y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malici… | |||
| CVE-2022-43945 | high | 7.5 | 7.5 | 3y ago | RHSA-2023:0854: kernel-rt security and bug fix update (Important) | |||
| CVE-2022-3693 | high | 7.5 | 7.5 | 3y ago | Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal. This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | |||
| CVE-2022-2265 | high | 7.5 | 7.5 | 4y ago | The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.… | |||
| CVE-2022-38013 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:6539: .NET 6.0 security and bugfix update (Moderate) | |||
| CVE-2022-26860 | high | 7.5 | 7.5 | 4y ago | Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arb… | |||
| CVE-2022-34169 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important) | |||
| CVE-2022-27775 | high | 7.5 | 7.5 | 4y ago | Low: curl security update |