CVEs from 2022
Total
5,385
critical
critical 88
high
high 1,220
medium
medium 938
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-30629 | medium | — | 5.5 | 4y ago | RHSA-2023:2758: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-30631 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-28131 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-30632 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-24675 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-29526 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-28327 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-24921 | medium | — | 5.5 | 4y ago | RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-1705 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-30633 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-30630 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-30635 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-1962 | medium | — | 5.5 | 4y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2022-1650 | medium | — | 5.5 | 4y ago | RHSA-2022:6057: .NET Core 3.1 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-2514 | medium | — | 5.5 | 4y ago | The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim. | |||
| CVE-2022-2097 | medium | — | 5.5 | 4y ago | RHSA-2022:5818: openssl security update (Moderate) | |||
| CVE-2022-1420 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-26280 | medium | — | 5.5 | 4y ago | Moderate: libarchive security update | |||
| CVE-2022-1586 | medium | — | 5.5 | 4y ago | RHSA-2022:5809: pcre2 security update (Moderate) | |||
| CVE-2022-26354 | medium | — | 5.5 | 4y ago | RHSA-2022:5821: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-27776 | medium | — | 5.5 | 4y ago | RHSA-2022:5313: curl security update (Moderate) | |||
| CVE-2022-1621 | medium | — | 5.5 | 4y ago | RHSA-2022:5319: vim security update (Moderate) | |||
| CVE-2022-0554 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-49044 | medium | — | 5.5 | 4y ago | RHSA-2022:7683: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-0943 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-1629 | medium | — | 5.5 | 4y ago | RHSA-2022:5319: vim security update (Moderate) | |||
| CVE-2022-26353 | medium | — | 5.5 | 4y ago | RHSA-2022:5821: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-1587 | medium | — | 5.5 | 4y ago | An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regula… | |||
| CVE-2022-29824 | medium | — | 5.5 | 4y ago | RHSA-2022:5317: libxml2 security update (Moderate) | |||
| CVE-2022-1154 | medium | — | 5.5 | 4y ago | RHSA-2022:1552: vim security update (Moderate) | |||
| CVE-2022-1215 | medium | — | 5.5 | 4y ago | RHSA-2022:5331: libinput security update (Moderate) | |||
| CVE-2022-30184 | medium | — | 5.5 | 4y ago | RHSA-2022:5061: .NET Core 3.1 security and bugfix update (Moderate) | |||
| CVE-2022-30552 | medium | 5.5 | 5.5 | 4y ago | Das U-Boot 2022.01 has a Buffer Overflow. | |||
| CVE-2022-1708 | medium | — | 5.5 | 4y ago | RHSA-2022:7529: container-tools:3.0 security update (Moderate) | |||
| CVE-2022-23772 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-23806 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-0413 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-21496 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-22825 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22827 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22826 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22822 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22823 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-21443 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21434 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-22824 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-23303 | medium | — | 5.5 | 4y ago | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an inc… | |||
| CVE-2022-25762 | medium | — | 5.5 | 4y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-28265 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28264 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28263 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28261 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28259 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28258 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28255 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28253 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28251 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28245 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-29107 | medium | 5.5 | 5.5 | 4y ago | Microsoft Office Security Feature Bypass Vulnerability | |||
| CVE-2022-21658 | medium | — | 5.5 | 4y ago | RHSA-2022:1894: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-27650 | medium | — | 5.5 | 4y ago | RHSA-2022:1793: container-tools:3.0 security and bug fix update (Moderate) | |||
| CVE-2022-0485 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22589 | medium | — | 5.5 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22592 | medium | — | 5.5 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22594 | medium | — | 5.5 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22637 | medium | — | 5.5 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22590 | medium | — | 5.5 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-1117 | medium | — | 5.5 | 4y ago | RHSA-2022:1898: fapolicyd security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-1343 | medium | — | 5.5 | 4y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-1473 | medium | — | 5.5 | 4y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-27385 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-31621 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-31624 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-28347 | medium | — | 5.5 | 4y ago | A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion… | |||
| CVE-2022-28346 | medium | — | 5.5 | 4y ago | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via … | |||
| CVE-2022-24795 | medium | — | 5.5 | 4y ago | RHSA-2022:7524: yajl security update (Moderate) | |||
| CVE-2022-24801 | medium | — | 5.5 | 4y ago | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed se… | |||
| CVE-2022-23308 | medium | — | 5.5 | 4y ago | RHSA-2022:0899: libxml2 security update (Moderate) | |||
| CVE-2022-23218 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2022-23219 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2022-0392 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0359 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0261 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0361 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0318 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0358 | medium | — | 5.5 | 4y ago | RHSA-2022:0886: virt:rhel and virt-devel:rhel security update (Moderate) | |||
| CVE-2022-24511 | medium | 5.5 | 5.5 | 4y ago | Microsoft Office Word Tampering Vulnerability | |||
| CVE-2022-24462 | medium | 5.5 | 5.5 | 4y ago | Microsoft Word Security Feature Bypass Vulnerability | |||
| CVE-2022-21716 | medium | — | 5.5 | 4y ago | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the pe… | |||
| CVE-2022-0613 | medium | — | 5.5 | 4y ago | RHBA-2022:1386: .NET Core 3.1 on RHEL 8 bugfix update (Moderate) | |||
| CVE-2022-23633 | medium | — | 5.5 | 4y ago | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `Action… | |||
| CVE-2022-23634 | medium | — | 5.5 | 4y ago | Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the resp… | |||
| CVE-2022-21712 | medium | — | 5.5 | 4y ago | twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in … | |||
| CVE-2022-22818 | medium | — | 5.5 | 4y ago | The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. | |||
| CVE-2022-23833 | medium | — | 5.5 | 4y ago | An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsin… | |||
| CVE-2022-21248 | medium | — | 5.5 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21365 | medium | — | 5.5 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-23837 | medium | — | 5.5 | 4y ago | In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to… | |||
| CVE-2022-0235 | medium | — | 5.5 | 4y ago | RHSA-2023:0050: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-20166 | medium | — | 5.5 | 5y ago | RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate) |