CVEs from 2022
Total
8,004
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.1%
% with KEV
1.6%
% with exploit
1.6%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-1431 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-1510 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-47938 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT. | |
| CVE-2022-0907 | high | — | 8.0 | — | Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the… | |
| CVE-2022-39842 | high | — | 8.0 | — | An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer over… | |
| CVE-2022-20792 | high | — | 8.0 | — | A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an au… | |
| CVE-2022-1428 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-0667 | high | — | 8.0 | — | When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | |
| CVE-2022-3874 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2022-2031 | high | — | 8.0 | — | A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has bee… | |
| CVE-2022-20803 | high | — | 8.0 | — | A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affect… | |
| CVE-2022-1204 | high | — | 8.0 | — | A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | |
| CVE-2022-1015 | high | — | 8.0 | — | A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. | |
| CVE-2022-1516 | high | — | 8.0 | — | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and… | |
| CVE-2022-32296 | high | — | 8.0 | — | The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RF… | |
| CVE-2022-26490 | high | — | 8.0 | — | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | |
| CVE-2022-1433 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-1634 | high | — | 8.0 | — | Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via… | |
| CVE-2022-31783 | high | — | 8.0 | — | Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. | |
| CVE-2022-20770 | high | — | 8.0 | — | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus … | |
| CVE-2022-1199 | high | — | 8.0 | — | A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-aft… | |
| CVE-2022-1974 | high | — | 8.0 | — | A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN… | |
| CVE-2022-1423 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-3544 | high | — | 8.0 | — | A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulat… | |
| CVE-2022-3586 | high | — | 8.0 | — | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (… | |
| CVE-2022-28283 | high | — | 8.0 | — | The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerabil… | |
| CVE-2022-1633 | high | — | 8.0 | — | Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corr… | |
| CVE-2022-47941 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak. | |
| CVE-2022-1352 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-1406 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-26981 | high | — | 8.0 | — | Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). | |
| CVE-2022-1919 | high | — | 8.0 | — | Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-1460 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-41849 | high | — | 8.0 | — | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a… | |
| CVE-2022-29915 | high | — | 8.0 | — | The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100. | |
| CVE-2022-42329 | high | — | 8.0 | — | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-… | |
| CVE-2022-40768 | high | — | 8.0 | — | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | |
| CVE-2022-30294 | high | — | 8.0 | — | arbitrary code execution in wpewebkit | |
| CVE-2022-1413 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-34494 | high | — | 8.0 | — | rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | |
| CVE-2022-32278 | high | — | 8.0 | — | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | |
| CVE-2022-47939 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT. | |
| CVE-2022-3606 | high | — | 8.0 | — | A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipula… | |
| CVE-2022-28288 | high | — | 8.0 | — | Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98. Some of these bugs showed evidence of memory … | |
| CVE-2022-1641 | high | — | 8.0 | — | Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit h… | |
| CVE-2022-1639 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-31745 | high | — | 8.0 | — | If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. | |
| CVE-2022-1417 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-32745 | high | — | 8.0 | — | A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. | |
| CVE-2022-0843 | high | — | 8.0 | — | Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that w… | |
| CVE-2022-28287 | high | — | 8.0 | — | In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. | |
| CVE-2022-4130 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2022-3061 | high | — | 8.0 | — | Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a di… | |
| CVE-2022-3621 | high | — | 8.0 | — | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipu… | |
| CVE-2022-0812 | high | — | 8.0 | — | An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. | |
| CVE-2022-3643 | high | — | 8.0 | — | Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of pac… | |
| CVE-2022-28284 | high | — | 8.0 | — | SVG's <code><use></code> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other bro… | |
| CVE-2022-3977 | high | — | 8.0 | — | A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close hap… | |
| CVE-2022-1637 | high | — | 8.0 | — | Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2022-49846 | high | — | 8.0 | 11mo ago | Important: kernel-rt security update | |
| CVE-2022-49043 | high | — | 8.0 | 1y ago | Important: libxml2 security update | |
| CVE-2022-24834 | high | — | 8.0 | 1y ago | Important: redis security update | |
| CVE-2022-36021 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2022-35977 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2022-48804 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48619 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48836 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48754 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48760 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48747 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48757 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48743 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-36765 | high | — | 8.0 | 2y ago | Important: edk2 security update | |
| CVE-2022-49744 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork() without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller r… | |
| CVE-2022-48947 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventua… | |
| CVE-2022-50485 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode There are many places that will get unhappy (and crash) when ext4_ig… | |
| CVE-2022-50638 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search caused by bad boot loader inode We got a issue as fllows: ==================================… | |
| CVE-2022-48632 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-50202 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task at misc_open() [1], for there is… | |
| CVE-2022-36763 | high | — | 8.0 | 2y ago | Important: edk2 security update | |
| CVE-2022-50313 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: erofs: fix order >= MAX_ORDER warning due to crafted negative i_size As syzbot reported [1], the root cause is that i_size field … | |
| CVE-2022-49350 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: mdio: unexport __init-annotated mdio_bus_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section… | |
| CVE-2022-50642 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_typec: zero out stale pointers `cros_typec_get_switch_handles` allocates four pointers when obtaining ty… | |
| CVE-2022-50374 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure syzbot is reporting NULL pointer dereference at hci_uart_tty_clo… | |
| CVE-2022-50780 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed When the ops_init() interface is invoked to initialize the net,… | |
| CVE-2022-49754 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix a buffer overflow in mgmt_mesh_add() Smatch Warning: net/bluetooth/mgmt_util.c:375 mgmt_mesh_add() error: __memcpy… | |
| CVE-2022-50736 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work requ… | |
| CVE-2022-49322 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix sleeping function called from invalid context on RT kernel When setting bootparams="trace_event=initcall:initcall_st… | |
| CVE-2022-49721 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handle PLTs. Sometimes it is necessary to use a PLT entry to call an ftrace trampoline. This is handl… | |
| CVE-2022-50879 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: objtool: Fix SEGFAULT find_insn() will return NULL in case of failure. Check insn in order to avoid a kernel Oops for NULL pointe… | |
| CVE-2022-49011 | high | — | 8.0 | 2y ago | Important: kernel-rt security update | |
| CVE-2022-50447 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix crash on hci_create_cis_sync When attempting to connect multiple ISO sockets without using DEFER_SETUP m… | |
| CVE-2022-50286 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline When converting files with inline data to extents, dela… | |
| CVE-2022-0480 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2022-50845 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4_xattr_inode_create() on an error path There is issue as follows when do setxattr with inject fault: … | |
| CVE-2022-50637 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom-hw: Fix memory leak in qcom_cpufreq_hw_read_lut() If "cpu_dev" fails to get opp table in qcom_cpufreq_hw_read_lut()… | |
| CVE-2022-50116 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user pack… | |
| CVE-2022-50277 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL… | |
| CVE-2022-49940 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() A null pointer dereference can happen when attempting to acces… | |
| CVE-2022-50777 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe of_phy_find_device() return device node with refcount incremented… |