VIR Vulnerability Intelligence Relay

CVEs from 2022

5,373 normalized CVEs published or assigned in this year.

Total
5,373
critical
critical 88
high
high 1,220
medium
medium 938
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-4772 unknown 4y ago Widoco Path Traversal vulnerability
CVE-2022-4725 unknown 4y ago AWS SDK is vulnerable to server-side request forgery (SSRF)
CVE-2022-36437 unknown 4y ago Hazelcast connection caching
CVE-2022-45347 unknown 4y ago Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability
CVE-2022-4640 unknown 4y ago Mingsoft MCMS Cross-site Scripting vulnerability
CVE-2022-40145 unknown 4y ago Apache Karaf vulnerable to potential code injection
CVE-2022-46870 unknown 4y ago Apache Zeppelin Cross-site Scripting vulnerability
CVE-2022-25940 unknown 4y ago lite-server vulnerable to Denial of Service
CVE-2022-47500 unknown 4y ago Apache Helix UI vulnerable to Open Redirect
CVE-2022-4565 unknown 4y ago HuTool vulnerable to Uncontrolled Resource Consumption
CVE-2022-4520 unknown 4y ago WSO2 carbon-registry Cross-site Scripting vulnerability
CVE-2022-4521 unknown 4y ago WSO2 carbon-registry vulnerable to Cross-site Scripting
CVE-2022-32531 unknown 4y ago Apache Bookkeeper vulnerable to Improper Certificate Validation
CVE-2022-4493 unknown 4y ago SCIFIO vulnerable to Path Traversal
CVE-2022-34271 unknown 4y ago Apache Atlas: zip path traversal in import functionality
CVE-2022-3782 unknown 4y ago Keycloak vulnerable to path traversal via double URL encoding
CVE-2022-3916 unknown 4y ago Keycloak vulnerable to session takeover with OIDC offline refreshtokens
CVE-2022-46364 unknown 4y ago Apache CXF Server-Side Request Forgery vulnerability
CVE-2022-45693 unknown 4y ago Jettison Out-of-bounds Write vulnerability
CVE-2022-46363 unknown 4y ago Apache CXF vulnerable to Exposure of Sensitive Information
CVE-2022-45688 unknown 4y ago json stack overflow vulnerability
CVE-2022-45685 unknown 4y ago Jettison Out-of-bounds Write vulnerability
CVE-2022-45689 unknown 4y ago hutool-json vulnerable to memory exhaustion
CVE-2022-45690 unknown 4y ago hutool-json stack overflow vulnerability
CVE-2022-41915 unknown 4y ago Netty vulnerable to HTTP Response splitting from assigning header value iterator
CVE-2022-41881 unknown 4y ago HAProxyMessageDecoder Stack Exhaustion DoS
CVE-2022-3509 unknown 4y ago Protobuf Java vulnerable to Uncontrolled Resource Consumption
CVE-2022-3510 unknown 4y ago Protobuf Java vulnerable to Uncontrolled Resource Consumption
CVE-2022-46687 unknown 4y ago Cross-site Scripting in Jenkins Spring Config Plugin
CVE-2022-46686 unknown 4y ago Jenkins Custom Build Properties Plugin vulnerable to Cross-site Scripting
CVE-2022-46688 unknown 4y ago Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery
CVE-2022-46682 unknown 4y ago Jenkins Plot Plugin XML External Entity Reference vulnerability
CVE-2022-46685 unknown 4y ago Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information
CVE-2022-46684 unknown 4y ago Stored XSS vulnerability in Jenkins Checkmarx Plugin
CVE-2022-46683 unknown 4y ago Jenkins Google Login Plugin Open Redirect vulnerability
CVE-2022-46166 unknown 4y ago Spring Boot Admins integrated notifier support allows arbitrary code execution
CVE-2022-4375 unknown 4y ago Mingsoft MCMS vulnerable to SQL Injection
CVE-2022-23496 unknown 4y ago Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
CVE-2022-4350 unknown 4y ago Mingsoft MCMS vulnerable to Cross-site Scripting
CVE-2022-4348 unknown 4y ago RuoYi-Cloud Cross-site Scripting vulnerability
CVE-2022-23491 unknown 4y ago Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates fro…
CVE-2022-4147 unknown 4y ago Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed
CVE-2022-44900 unknown 4y ago A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z fil…
CVE-2022-45046 unknown 4y ago camel-ldap component allows LDAP Injection when using the filter option
CVE-2022-43484 unknown 4y ago TERASOLUNA Server Framework vulnerable to ClassLoader manipulation
CVE-2022-46146 unknown 4y ago Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypa…
CVE-2022-46366 unknown 4y ago Apache Tapestry allows deserialization of untrusted data
CVE-2022-44262 unknown 4y ago ff4j is vulnerable to Remote Code Execution (RCE)
CVE-2022-41965 unknown 4y ago Authenticated OpenRedirect Vulnerability
CVE-2022-46149 unknown 4y ago Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementatio…
CVE-2022-21126 unknown 4y ago HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
CVE-2022-41954 unknown 4y ago Temporary File Information Disclosure vulnerability in MPXJ
CVE-2022-45921 unknown 4y ago FusionAuth vulnerable to directory traversal attack
CVE-2022-45907 unknown 4y ago In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
CVE-2022-45210 unknown 4y ago Jeecg-boot vulnerable to SQL Injection
CVE-2022-45206 unknown 4y ago Jeecg-boot vulnerable to SQL Injection
CVE-2022-45207 unknown 4y ago Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString
CVE-2022-26885 unknown 4y ago Apache Dolphin Scheduler has insufficiently protected credentials
CVE-2022-45462 unknown 4y ago Command injection in Apache DolphinScheduler Alert Plugins
CVE-2022-4116 unknown 4y ago Code injection in quarkus dev ui config editor
CVE-2022-41937 unknown 4y ago Missing Authorization in Filter Stream Converter Application of XWiki-platform
CVE-2022-41936 unknown 4y ago Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server
CVE-2022-41935 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
CVE-2022-41934 unknown 4y ago Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
CVE-2022-41933 unknown 4y ago Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
CVE-2022-41932 unknown 4y ago Creation of new database tables through login form on PostgreSQL
CVE-2022-41931 unknown 4y ago Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui
CVE-2022-41930 unknown 4y ago Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
CVE-2022-41929 unknown 4y ago Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-41928 unknown 4y ago Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
CVE-2022-41927 unknown 4y ago Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
CVE-2022-45470 unknown 4y ago Cross-site Scripting in Apache Hama
CVE-2022-45146 unknown 4y ago Garbage collection issue in BC-FJA in Java 13 and later
CVE-2022-4065 unknown 4y ago TestNG is vulnerable to Path Traversal
CVE-2022-43183 unknown 4y ago XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
CVE-2022-45388 unknown 4y ago Jenkins Config Rotator Plugin vulnerable to path traversal
CVE-2022-45400 unknown 4y ago XXE vulnerability in Jenkins JAPEX Plugin
CVE-2022-45397 unknown 4y ago XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin
CVE-2022-45386 unknown 4y ago XML External Entity Reference in Jenkins Violations Plugin
CVE-2022-45391 unknown 4y ago Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally
CVE-2022-45392 unknown 4y ago Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin
CVE-2022-45396 unknown 4y ago XXE vulnerability on agents in Jenkins SourceMonitor Plugin
CVE-2022-45393 unknown 4y ago Cross-Site Request Forgery in Jenkins Delete log Plugin
CVE-2022-45390 unknown 4y ago Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs
CVE-2022-45399 unknown 4y ago Jenkins Cluster Statistics Plugin Missing Authorization vulnerability
CVE-2022-45389 unknown 4y ago Missing Authorization in Jenkins XP-Dev Plugin
CVE-2022-45385 unknown 4y ago Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin
CVE-2022-45394 unknown 4y ago Missing permission check in Jenkins Delete log Plugin
CVE-2022-45387 unknown 4y ago Jenkins BART Plugin vulnerable to cross-site scripting (XSS)
CVE-2022-45384 unknown 4y ago Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
CVE-2022-45395 unknown 4y ago XML External Entity Reference in Jenkins CCCC Plugin
CVE-2022-45401 unknown 4y ago Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
CVE-2022-45383 unknown 4y ago Incorrect permission checks in Jenkins Support Core Plugin
CVE-2022-45379 unknown 4y ago Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
CVE-2022-45382 unknown 4y ago Cross-site Scripting in Jenkins Naginator Plugin
CVE-2022-38666 unknown 4y ago SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
CVE-2022-45381 unknown 4y ago Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
CVE-2022-45380 unknown 4y ago Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
CVE-2022-40308 unknown 4y ago Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
CVE-2022-40309 unknown 4y ago Apache Archiva subject to arbitrary directory deletion by users.