CVEs from 2022
Total
5,731
critical
critical 88
high
high 1,220
medium
medium 938
low
low 24
% Critical
1.5%
% with KEV
2.3%
% with exploit
3.1%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48923 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have a… | |||
| CVE-2022-48933 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The tran… | |||
| CVE-2022-48937 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: io_uring: add a schedule point in io_add_buffers() Looping ~65535 times doing kmalloc() calls can trigger soft lockups, especiall… | |||
| CVE-2022-48935 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases via nf_tables_… | |||
| CVE-2022-48938 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a f… | |||
| CVE-2022-48941 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced … | |||
| CVE-2022-49388 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_create_volume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'eba_tbl' in ubi_cr… | |||
| CVE-2022-48960 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after … | |||
| CVE-2022-48961 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix unbalanced fwnode reference count in mdio_device_release() There is warning report about of_node refcount leak whi… | |||
| CVE-2022-49402 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ftrace: Clean up hash direct_functions on register failures We see the following GPF when register_ftrace_direct fails: [ ] gene… | |||
| CVE-2022-48962 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, aft… | |||
| CVE-2022-48963 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_mux_init() When failed to alloc ipc_mux->ul_adb.pp_qlt in ipc_mux_init(), ipc_mux is not … | |||
| CVE-2022-48964 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ravb: Fix potential use-after-free in ravb_rx_gbeth() The skb is delivered to napi_gro_receive() which may free it, after calling… | |||
| CVE-2022-48965 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gpio/rockchip: fix refcount leak in rockchip_gpiolib_register() The node returned by of_get_parent() with refcount incremented, o… | |||
| CVE-2022-48966 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if… | |||
| CVE-2022-49407 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plock_op" and a fo… | |||
| CVE-2022-48967 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detec… | |||
| CVE-2022-48968 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential memory leak in otx2_init_tc() In otx2_init_tc(), if rhashtable_init() failed, it does not free tc->tc… | |||
| CVE-2022-48971 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix not cleanup led when bt_init fails bt_init() calls bt_leds_init() to register led, but if it fails later, bt_leds_… | |||
| CVE-2022-49003 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvme: fix SRCU protection of nvme_ns_head list Walking the nvme_ns_head siblings list is protected by the head's srcu in nvme_ns_… | |||
| CVE-2022-49007 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() Syzbot reported a null-ptr-deref bug: NILFS (loop0): s… | |||
| CVE-2022-49004 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel pag… | |||
| CVE-2022-49005 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Fix bounds check for _sx controls For _sx controls the semantics of the max field is not the usual one, max is the num… | |||
| CVE-2022-49008 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down In can327_feed_frame_to_netdev(), it did n… | |||
| CVE-2022-49009 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to… | |||
| CVE-2022-49012 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: afs: Fix server->active leak in afs_put_server The atomic_read was accidentally replaced with atomic_inc_return, which prevents t… | |||
| CVE-2022-49013 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sctp: fix memory leak in sctp_stream_outq_migrate() When sctp_stream_outq_migrate() is called to release stream out resources, th… | |||
| CVE-2022-49015 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netif_rx() which may free it, after calling this, dereferencing sk… | |||
| CVE-2022-49016 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: mdiobus: fix unbalanced node reference count I got the following report while doing device(mscc-miim) load test with CONFIG_… | |||
| CVE-2022-49488 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected There is a possibility for mdp5_get_global_state … | |||
| CVE-2022-49017 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipc_msg_validate As the call trace shows, the original skb was freed in tipc_msg_validate(), and der… | |||
| CVE-2022-49018 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sleep in atomic at close time Matt reported a splat at msk close time: BUG: sleeping function called from invalid… | |||
| CVE-2022-49053 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not take refcount … | |||
| CVE-2022-49055 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmalloc_array() As the kmalloc_array() may return null, the 'event_waiters[i].wait… | |||
| CVE-2022-49059 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flush_workqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The… | |||
| CVE-2022-26846 | unknown | — | — | — | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | |||
| CVE-2022-26847 | unknown | — | — | — | SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | |||
| CVE-2022-28959 | unknown | — | — | — | Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML. | |||
| CVE-2022-28960 | unknown | — | — | — | A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. | |||
| CVE-2022-28961 | unknown | — | — | — | Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. | |||
| CVE-2022-37155 | unknown | — | — | — | RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter. | |||
| CVE-2022-49061 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link When using a fixed-link, the altr_tse_pcs driver crashes… | |||
| CVE-2022-49082 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() The function mpt3sas_transport_port_remove() called in _scsih_… | |||
| CVE-2022-49062 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr Use the actual length of volume coherency data when setti… | |||
| CVE-2022-49064 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cachefiles: unmark inode in use in error path Unmark inode in use if error encountered. If the in-use flag leakage occurs in cach… | |||
| CVE-2022-49065 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix the svc_deferred_event trace class Fix a NULL deref crash that occurs when an svc_rqst is deferred while the sunrpc t… | |||
| CVE-2022-49088 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe This node pointer is returned by of_find_compatible_node() with refcount incremen… | |||
| CVE-2022-49089 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition The documentation of the function rvt_error_qp says both … | |||
| CVE-2022-0213 | unknown | — | — | — | vim is vulnerable to Heap-based Buffer Overflow | |||
| CVE-2022-49091 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/imx: Fix memory leak in imx_pd_connector_get_modes Avoid leaking the display mode variable if of_get_drm_display_mode fails. … | |||
| CVE-2022-0156 | unknown | — | — | — | vim is vulnerable to Use After Free | |||
| CVE-2022-0128 | unknown | — | — | — | vim is vulnerable to Out-of-bounds Read | |||
| CVE-2022-0319 | unknown | — | — | — | Out-of-bounds Read in vim/vim prior to 8.2. | |||
| CVE-2022-0158 | unknown | — | — | — | vim is vulnerable to Heap-based Buffer Overflow | |||
| CVE-2022-49094 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decrypt_internal The memory size of tls_ctx->rx.iv for AES128-CCM is 12 setting in tls_set… | |||
| CVE-2022-0351 | unknown | — | — | — | Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-0368 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-0393 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-0407 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-49126 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix memory leaks Fix memory leaks related to operational reply queue's memory segments which are not getting freed … | |||
| CVE-2022-49115 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix misused goto label Fix a misused goto label jump since that can result in a memory leak. | |||
| CVE-2022-2264 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2284 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2286 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2287 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2288 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2522 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. | |||
| CVE-2022-2816 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. | |||
| CVE-2022-2344 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. | |||
| CVE-2022-2289 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-49117 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mips: ralink: fix a refcount leak in ill_acc_of_setup() of_node_put(np) needs to be called when pdev == NULL. | |||
| CVE-2022-2304 | unknown | — | — | — | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-2343 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. | |||
| CVE-2022-49118 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Free irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver… | |||
| CVE-2022-2345 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0046. | |||
| CVE-2022-2571 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. | |||
| CVE-2022-2845 | unknown | — | — | — | Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. | |||
| CVE-2022-2580 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. | |||
| CVE-2022-2581 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. | |||
| CVE-2022-49119 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() In pm8001_chip_fw_flash_update_build(), if pm8001_chip_fw_flas… | |||
| CVE-2022-2598 | unknown | — | — | — | Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. | |||
| CVE-2022-49120 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix task leak in pm8001_send_abort_all() In pm8001_send_abort_all(), make sure to free the allocated sas task if pm… | |||
| CVE-2022-2817 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.0213. | |||
| CVE-2022-2819 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. | |||
| CVE-2022-49133 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: svm range restore work deadlock when process exit kfd_process_notifier_release flush svm_range_restore_work which cal… | |||
| CVE-2022-49134 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Guard against invalid local ports When processing events generated by the device's firmware, the driver protects… | |||
| CVE-2022-49135 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak [why] Resource release is needed on the error handling path to prevent memory leak. [how] Fix t… | |||
| CVE-2022-49138 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multiple … | |||
| CVE-2022-49137 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj This issue takes place in an error path in amdgpu_cs_fence_to_hand… | |||
| CVE-2022-49729 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred Similar to the handling of play_deferred in commit 19cfe912c37b ("Bluetoot… | |||
| CVE-2022-49139 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt This event is just specified for SCO and eSCO link types. On the rece… | |||
| CVE-2022-49733 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL… | |||
| CVE-2022-49141 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: fix possible NULL pointer dereference As the possible failure of the allocation, kzalloc() may return NULL point… | |||
| CVE-2022-49144 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak of uid in files registration When there are no files for __io_sqe_files_scm() to process in the range, … | |||
| CVE-2022-49146 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: virtio: use virtio_device_ready() in virtio_device_restore() After waking up a suspended VM, the kernel prints the following trac… | |||
| CVE-2022-49169 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: use spin_lock to avoid hang [14696.634553] task:cat state:D stack: 0 pid:1613738 ppid:1613735 flags:0x000000… | |||
| CVE-2022-49170 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg->alloc_type As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi… | |||
| CVE-2022-49172 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: parisc: Fix non-access data TLB cache flush faults When a page is not present, we get non-access data TLB faults from the fdc and… | |||
| CVE-2022-49171 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ext4: don't BUG if someone dirty pages without asking ext4 first [un]pin_user_pages_remote is dirtying pages without properly war… | |||
| CVE-2022-49174 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit In case of flex_bg feature (which is by default enabled), extents for a… |