VIR Vulnerability Intelligence Relay

CVEs from 2022

6,002 normalized CVEs published or assigned in this year.

Total
6,002
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-39316 medium 5.5 3y ago Moderate: freerdp security update redhatsusedebian
CVE-2022-46340 medium 5.5 3y ago Moderate: xorg-x11-server-Xwayland security update redhatsusedebian
CVE-2022-39253 medium 5.5 3y ago Moderate: git security and bug fix update redhatsusedebian
CVE-2022-30784 medium 5.5 3y ago Moderate: libguestfs-winsupport security update archrockylinuxredhatsuse+1
CVE-2022-40023 medium 5.5 3y ago Moderate: python-mako security update rockylinuxredhatsusedebian+1
CVE-2022-41877 medium 5.5 3y ago Moderate: freerdp security update redhatsusedebian
CVE-2022-1922 medium 5.5 3y ago Moderate: gstreamer1-plugins-good security update redhatsusedebian
CVE-2022-46343 medium 5.5 3y ago Moderate: xorg-x11-server-Xwayland security update redhatsusedebian
CVE-2022-1923 medium 5.5 3y ago Moderate: gstreamer1-plugins-good security update redhatsusedebian
CVE-2022-34303 medium 5.5 3y ago Moderate: fwupd security and bug fix update redhatsuse
CVE-2022-41861 medium 5.5 3y ago Moderate: freeradius security and bug fix update redhatsusedebian
CVE-2022-2122 medium 5.5 3y ago Moderate: gstreamer1-plugins-good security update redhatdebiansuse
CVE-2022-37454 medium 5.5 3y ago Moderate: php security update rockylinuxredhatsusedebian+2
CVE-2022-2625 medium 5.5 3y ago Moderate: postgresql security update redhatrockylinuxsusedebian
CVE-2022-41862 medium 5.5 3y ago Moderate: postgresql security update redhatrockylinuxsusedebian
CVE-2022-4899 medium 5.5 3y ago Moderate: mysql security update redhatrockylinuxsusedebian+1
CVE-2022-31631 medium 5.5 3y ago Moderate: php security update rockylinuxredhatsusedebian
CVE-2022-36760 medium 5.5 3y ago Moderate: httpd security and bug fix update archdebianredhatrockylinux+1
CVE-2022-45873 medium 5.5 3y ago Moderate: systemd security update redhatsuserockylinuxdebian
CVE-2022-31630 medium 5.5 3y ago Moderate: php security update rockylinuxredhatsusedebian
CVE-2022-40897 medium 5.5 3y ago Moderate: python-setuptools security update redhatrockylinuxsusedebian+1
CVE-2022-31629 medium 5.5 3y ago Moderate: php security update rockylinuxredhatdebian
CVE-2022-4415 medium 5.5 3y ago Moderate: systemd security update redhatrockylinuxsusedebian
CVE-2022-48303 medium 5.5 3y ago Moderate: tar security update redhatrockylinuxsusedebian
CVE-2022-47024 medium 5.5 3y ago Moderate: vim security update archredhatsuserockylinux+1
CVE-2022-31628 medium 5.5 3y ago Moderate: php security update rockylinuxredhatsusedebian
CVE-2022-45061 medium 5.5 3y ago Moderate: python39:3.9 and python39-devel:3.9 security update rockylinuxredhatsusedebian
CVE-2022-37436 medium 5.5 3y ago Moderate: httpd security and bug fix update archdebianredhatrockylinux+1
CVE-2022-4203 medium 5.5 3y ago Moderate: openssl security and bug fix update redhatsuserockylinuxdebian+1
CVE-2022-3821 medium 5.5 3y ago Moderate: systemd security update redhatsuserockylinuxdebian
CVE-2022-27664 medium 5.5 3y ago Moderate: git-lfs security and bug fix update rockylinuxredhatsusedebian+1
CVE-2022-2880 medium 5.5 3y ago Moderate: git-lfs security and bug fix update redhatrockylinuxsusedebian+1
CVE-2022-3140 medium 5.5 3y ago Moderate: libreoffice security update archredhatrockylinuxdebian
CVE-2022-43680 medium 5.5 3y ago In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. redhatdebianrockylinuxsuse
CVE-2022-2520 medium 5.5 3y ago Moderate: libtiff security update archredhatalmalinuxrockylinux+2
CVE-2022-41717 medium 5.5 3y ago Moderate: container-tools:4.0 security and bug fix update rockylinuxredhatsusedebian+1
CVE-2022-2521 medium 5.5 3y ago Moderate: libtiff security update archredhatalmalinuxrockylinux+2
CVE-2022-40303 medium 5.5 3y ago Moderate: libxml2 security update redhatrockylinuxsusedebian
CVE-2022-26305 medium 5.5 3y ago Moderate: libreoffice security update archredhatrockylinuxsuse+1
CVE-2022-2056 medium 5.5 3y ago Moderate: libtiff security update archredhatrockylinuxsuse+1
CVE-2022-3715 medium 5.5 3y ago Moderate: bash security update redhatdebianrockylinux
CVE-2022-2058 medium 5.5 3y ago Moderate: libtiff security update archredhatalmalinuxrockylinux+2
CVE-2022-2879 medium 5.5 3y ago Moderate: Image Builder security, bug fix, and enhancement update redhatrockylinuxsusedebian+1
CVE-2022-26306 medium 5.5 3y ago Moderate: libreoffice security update archredhatrockylinuxsuse+1
CVE-2022-32221 medium 5.5 3y ago Moderate: curl security update redhatdebiansuserockylinux
CVE-2022-31197 medium 5.5 3y ago PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names redhatsusedebianrockylinux+1
CVE-2022-42012 medium 5.5 3y ago Moderate: dbus security update archredhatdebianrockylinux+1
CVE-2022-2953 medium 5.5 3y ago Moderate: libtiff security update archredhatalmalinuxrockylinux+2
CVE-2022-2057 medium 5.5 3y ago Moderate: libtiff security update archredhatrockylinuxsuse+1
CVE-2022-41715 medium 5.5 3y ago Moderate: git-lfs security and bug fix update redhatalmalinuxrockylinuxsuse+2
CVE-2022-42010 medium 5.5 3y ago Moderate: dbus security update archredhatdebianrockylinux+1
CVE-2022-42011 medium 5.5 3y ago Moderate: dbus security update archredhatdebianrockylinux+1
CVE-2022-2519 medium 5.5 3y ago Moderate: libtiff security update archredhatalmalinuxrockylinux+2
CVE-2022-26307 medium 5.5 3y ago Moderate: libreoffice security update archredhatrockylinuxsuse+1
CVE-2022-40304 medium 5.5 3y ago Moderate: libxml2 security update redhatrockylinuxsusedebian
CVE-2022-2869 medium 5.5 3y ago Moderate: libtiff security update archrockylinuxsusedebian
CVE-2022-2867 medium 5.5 3y ago Moderate: libtiff security update archrockylinuxsusedebian
CVE-2022-4144 medium 5.5 3y ago Moderate: virt:rhel and virt-devel:rhel security and bug fix update rockylinuxsusedebian
CVE-2022-2868 medium 5.5 3y ago Moderate: libtiff security update archrockylinuxsusedebian
CVE-2022-43548 medium 5.5 4y ago Moderate: nodejs:16 security, bug fix, and enhancement update redhatrockylinuxsusedebian
CVE-2022-3517 medium 5.5 4y ago Moderate: nodejs:16 security, bug fix, and enhancement update redhatrockylinuxdebiannpm
CVE-2022-45442 medium 5.5 4y ago Moderate: pcs security update redhatrockylinuxsusedebian+1
CVE-2022-24999 medium 5.5 4y ago Moderate: nodejs:14 security, bug fix, and enhancement update rockylinuxdebiannpm
CVE-2022-49708 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on ext4_mb_use_inode_pa Hulk Robot reported a BUG_ON: =============================================================… redhatsusedebian
CVE-2022-3108 medium 5.5 4y ago An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). redhatsusedebian
CVE-2022-3107 medium 5.5 4y ago An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null p… redhatsusedebian
CVE-2022-49698 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user context, ie. local_out… redhatsusedebian
CVE-2022-49306 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: host: Stop setting the ACPI companion It is no longer needed. The sysdev pointer is now used when assigning the ACPI c… redhatsusedebian
CVE-2022-49697 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix request_sock leak in sk lookup helpers A customer reported a request_socket leak in a Calico cloud environment. We found… redhatsusedebian
CVE-2022-49292 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INT_MAX overflow at vmalloc() allocation that … redhatsusedebian
CVE-2022-29581 medium 5.5 4y ago Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; ver… redhatalmalinuxrockylinuxsuse+1
CVE-2022-28893 medium 5.5 4y ago The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. redhatalmalinuxrockylinuxsuse+1
CVE-2022-49695 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: igb: fix a use-after-free issue in igb_clean_tx_ring Fix the following use-after-free bug in igb_clean_tx_ring routine when the N… redhatsusedebian
CVE-2022-49152 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_S… redhatsusedebian
CVE-2022-28390 medium 5.5 4y ago ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. redhatalmalinuxarchrockylinux+2
CVE-2022-49691 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: erspan: do not assume transport header is always set Rewrite tests in ip6erspan_tunnel_xmit() and erspan_fb_xmit() to not assume … redhatsusedebian
CVE-2022-49291 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against t… redhatsusedebian
CVE-2022-2639 medium 5.5 4y ago An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_… redhatalmalinuxrockylinuxsuse+1
CVE-2022-26373 medium 5.5 4y ago Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. almalinuxredhatrockylinuxsuse+1
CVE-2022-49147 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, i… redhatsusedebian
CVE-2022-24448 medium 5.5 4y ago An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. … redhatalmalinuxrockylinuxsuse+1
CVE-2022-49673 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5_add_disks There's a KASAN warning in raid5_add_disk when running the LVM testsuite. The warni… redhatsusedebian
CVE-2022-49290 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 ("mac80211: mesh: Free ie data when leaving mesh") fix… redhatsusedebian
CVE-2022-26377 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchsuse+1
CVE-2022-29404 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchrockylinux+1
CVE-2022-21499 medium 5.5 4y ago KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that t… archalmalinuxredhatrockylinux+2
CVE-2022-49671 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix memory leak in ib_cm_insert_listen cm_alloc_id_priv() allocates resource for the cm_id_priv. When cm_init_listen() f… redhatsusedebian
CVE-2022-21166 medium 5.5 4y ago Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. redhatalmalinuxsuserockylinux+1
CVE-2022-21125 medium 5.5 4y ago Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. almalinuxredhatsuserockylinux+1
CVE-2022-49288 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation chan… redhatsusedebian
CVE-2022-49669 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race on unaccepted mptcp sockets When the listener socket owning the relevant request is closed, it frees the unaccept… redhatsusedebian
CVE-2022-20572 medium 5.5 4y ago In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution pri… redhatsusedebian
CVE-2022-49145 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, … redhatsusedebian
CVE-2022-21123 medium 5.5 4y ago Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. almalinuxredhatsuserockylinux+1
CVE-2022-20368 medium 5.5 4y ago Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel almalinuxredhatrockylinuxsuse+1
CVE-2022-49664 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipc_node_create Shuang Li reported a NULL pointer dereference crash: [] BUG: kernel NULL … redhatsusedebian
CVE-2022-49142 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta … redhatsusedebian
CVE-2022-48921 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. This has been bisected to commit 4ef0c5c6b5ba ("k… redhatsusedebian
CVE-2022-1998 medium 5.5 4y ago A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this … redhatalmalinuxsusedebian
CVE-2022-1852 medium 5.5 4y ago A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing a… almalinuxredhatrockylinuxsuse+1