CVEs from 2022
Total
8,004
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.1%
% with KEV
1.6%
% with exploit
1.6%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-3621 | high | — | 8.0 | — | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipu… | |
| CVE-2022-0635 | high | — | 8.0 | — | Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | |
| CVE-2022-47942 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed S… | |
| CVE-2022-47941 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak. | |
| CVE-2022-1423 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-3544 | high | — | 8.0 | — | A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulat… | |
| CVE-2022-0907 | high | — | 8.0 | — | Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the… | |
| CVE-2022-47946 | high | — | 8.0 | — | An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. fini… | |
| CVE-2022-31783 | high | — | 8.0 | — | Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. | |
| CVE-2022-26981 | high | — | 8.0 | — | Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). | |
| CVE-2022-34494 | high | — | 8.0 | — | rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | |
| CVE-2022-1416 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-47943 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case. | |
| CVE-2022-42329 | high | — | 8.0 | — | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-… | |
| CVE-2022-32278 | high | — | 8.0 | — | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | |
| CVE-2022-1426 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-47939 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT. | |
| CVE-2022-3543 | high | — | 8.0 | — | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the comp… | |
| CVE-2022-1124 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-3586 | high | — | 8.0 | — | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (… | |
| CVE-2022-2031 | high | — | 8.0 | — | A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has bee… | |
| CVE-2022-1637 | high | — | 8.0 | — | Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2022-20796 | high | — | 8.0 | — | On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.10… | |
| CVE-2022-20803 | high | — | 8.0 | — | A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affect… | |
| CVE-2022-2318 | high | — | 8.0 | — | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | |
| CVE-2022-31748 | high | — | 8.0 | — | Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of… | |
| CVE-2022-0667 | high | — | 8.0 | — | When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | |
| CVE-2022-28287 | high | — | 8.0 | — | In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. | |
| CVE-2022-31743 | high | — | 8.0 | — | Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controll… | |
| CVE-2022-1640 | high | — | 8.0 | — | Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a cra… | |
| CVE-2022-1972 | high | — | 8.0 | — | multiple issues in linux-lts | |
| CVE-2022-1635 | high | — | 8.0 | — | Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruptio… | |
| CVE-2022-1975 | high | — | 8.0 | — | There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. | |
| CVE-2022-29918 | high | — | 8.0 | — | Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presum… | |
| CVE-2022-1974 | high | — | 8.0 | — | A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN… | |
| CVE-2022-0812 | high | — | 8.0 | — | An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. | |
| CVE-2022-31745 | high | — | 8.0 | — | If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. | |
| CVE-2022-3635 | high | — | 8.0 | — | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The mani… | |
| CVE-2022-26490 | high | — | 8.0 | — | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | |
| CVE-2022-1428 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-1431 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-2978 | high | — | 8.0 | — | A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user co… | |
| CVE-2022-1636 | high | — | 8.0 | — | Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-1734 | high | — | 8.0 | — | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware dow… | |
| CVE-2022-29582 | high | — | 8.0 | — | In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; howe… | |
| CVE-2022-47938 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT. | |
| CVE-2022-4130 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2022-32296 | high | — | 8.0 | — | The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RF… | |
| CVE-2022-4382 | high | — | 8.0 | — | A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. | |
| CVE-2022-40307 | high | — | 8.0 | — | An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | |
| CVE-2022-26385 | high | — | 8.0 | — | In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability af… | |
| CVE-2022-1638 | high | — | 8.0 | — | Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-32744 | high | — | 8.0 | — | A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabl… | |
| CVE-2022-1510 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-20771 | high | — | 8.0 | — | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiV… | |
| CVE-2022-1633 | high | — | 8.0 | — | Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corr… | |
| CVE-2022-1634 | high | — | 8.0 | — | Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via… | |
| CVE-2022-39842 | high | — | 8.0 | — | An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer over… | |
| CVE-2022-3606 | high | — | 8.0 | — | A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipula… | |
| CVE-2022-49846 | high | — | 8.0 | 11mo ago | Important: kernel-rt security update | |
| CVE-2022-49043 | high | — | 8.0 | 1y ago | Important: libxml2 security update | |
| CVE-2022-24834 | high | — | 8.0 | 1y ago | Important: redis security update | |
| CVE-2022-36021 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2022-35977 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2022-48804 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48619 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48754 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48760 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48836 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48757 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48747 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-48743 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-36765 | high | — | 8.0 | 2y ago | Important: edk2 security update | |
| CVE-2022-0480 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2022-50447 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix crash on hci_create_cis_sync When attempting to connect multiple ISO sockets without using DEFER_SETUP m… | |
| CVE-2022-50845 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4_xattr_inode_create() on an error path There is issue as follows when do setxattr with inject fault: … | |
| CVE-2022-49322 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix sleeping function called from invalid context on RT kernel When setting bootparams="trace_event=initcall:initcall_st… | |
| CVE-2022-50777 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe of_phy_find_device() return device node with refcount incremented… | |
| CVE-2022-49721 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handle PLTs. Sometimes it is necessary to use a PLT entry to call an ftrace trampoline. This is handl… | |
| CVE-2022-50116 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user pack… | |
| CVE-2022-49350 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: mdio: unexport __init-annotated mdio_bus_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section… | |
| CVE-2022-36763 | high | — | 8.0 | 2y ago | Important: edk2 security update | |
| CVE-2022-50879 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: objtool: Fix SEGFAULT find_insn() will return NULL in case of failure. Check insn in order to avoid a kernel Oops for NULL pointe… | |
| CVE-2022-50277 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL… | |
| CVE-2022-49940 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() A null pointer dereference can happen when attempting to acces… | |
| CVE-2022-48947 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventua… | |
| CVE-2022-36764 | high | — | 8.0 | 2y ago | Important: edk2 security update | |
| CVE-2022-50313 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: erofs: fix order >= MAX_ORDER warning due to crafted negative i_size As syzbot reported [1], the root cause is that i_size field … | |
| CVE-2022-50736 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work requ… | |
| CVE-2022-50080 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in register_shm_helper() With special lengths supplied by user space, register_shm_helper() has an intege… | |
| CVE-2022-50485 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode There are many places that will get unhappy (and crash) when ext4_ig… | |
| CVE-2022-48632 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2022-50202 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task at misc_open() [1], for there is… | |
| CVE-2022-50637 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom-hw: Fix memory leak in qcom_cpufreq_hw_read_lut() If "cpu_dev" fails to get opp table in qcom_cpufreq_hw_read_lut()… | |
| CVE-2022-50782 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search caused by bad quota inode We got a issue as fllows: ========================================… | |
| CVE-2022-50780 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed When the ops_init() interface is invoked to initialize the net,… | |
| CVE-2022-50286 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline When converting files with inline data to extents, dela… | |
| CVE-2022-50638 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search caused by bad boot loader inode We got a issue as fllows: ==================================… | |
| CVE-2022-49754 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix a buffer overflow in mgmt_mesh_add() Smatch Warning: net/bluetooth/mgmt_util.c:375 mgmt_mesh_add() error: __memcpy… | |
| CVE-2022-49011 | high | — | 8.0 | 2y ago | Important: kernel-rt security update |