VIR Vulnerability Intelligence Relay

CVEs from 2022

5,373 normalized CVEs published or assigned in this year.

Total
5,373
critical
critical 88
high
high 1,219
medium
medium 945
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-46686 unknown 4y ago Jenkins Custom Build Properties Plugin vulnerable to Cross-site Scripting
CVE-2022-46688 unknown 4y ago Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery
CVE-2022-46684 unknown 4y ago Stored XSS vulnerability in Jenkins Checkmarx Plugin
CVE-2022-46687 unknown 4y ago Cross-site Scripting in Jenkins Spring Config Plugin
CVE-2022-46682 unknown 4y ago Jenkins Plot Plugin XML External Entity Reference vulnerability
CVE-2022-46685 unknown 4y ago Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information
CVE-2022-46683 unknown 4y ago Jenkins Google Login Plugin Open Redirect vulnerability
CVE-2022-46166 unknown 4y ago Spring Boot Admins integrated notifier support allows arbitrary code execution
CVE-2022-4375 unknown 4y ago Mingsoft MCMS vulnerable to SQL Injection
CVE-2022-23496 unknown 4y ago Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
CVE-2022-4350 unknown 4y ago Mingsoft MCMS vulnerable to Cross-site Scripting
CVE-2022-4348 unknown 4y ago RuoYi-Cloud Cross-site Scripting vulnerability
CVE-2022-23491 unknown 4y ago Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates fro…
CVE-2022-4147 unknown 4y ago Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed
CVE-2022-44900 unknown 4y ago A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z fil…
CVE-2022-45046 unknown 4y ago camel-ldap component allows LDAP Injection when using the filter option
CVE-2022-43484 unknown 4y ago TERASOLUNA Server Framework vulnerable to ClassLoader manipulation
CVE-2022-46146 unknown 4y ago Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypa…
CVE-2022-46366 unknown 4y ago Apache Tapestry allows deserialization of untrusted data
CVE-2022-44262 unknown 4y ago ff4j is vulnerable to Remote Code Execution (RCE)
CVE-2022-41965 unknown 4y ago Authenticated OpenRedirect Vulnerability
CVE-2022-46149 unknown 4y ago Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementatio…
CVE-2022-21126 unknown 4y ago HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
CVE-2022-41954 unknown 4y ago Temporary File Information Disclosure vulnerability in MPXJ
CVE-2022-45921 unknown 4y ago FusionAuth vulnerable to directory traversal attack
CVE-2022-45907 unknown 4y ago In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
CVE-2022-45210 unknown 4y ago Jeecg-boot vulnerable to SQL Injection
CVE-2022-45207 unknown 4y ago Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString
CVE-2022-45206 unknown 4y ago Jeecg-boot vulnerable to SQL Injection
CVE-2022-26885 unknown 4y ago Apache Dolphin Scheduler has insufficiently protected credentials
CVE-2022-45462 unknown 4y ago Command injection in Apache DolphinScheduler Alert Plugins
CVE-2022-4116 unknown 4y ago Code injection in quarkus dev ui config editor
CVE-2022-41937 unknown 4y ago Missing Authorization in Filter Stream Converter Application of XWiki-platform
CVE-2022-41936 unknown 4y ago Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server
CVE-2022-41935 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
CVE-2022-41934 unknown 4y ago Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
CVE-2022-41933 unknown 4y ago Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
CVE-2022-41932 unknown 4y ago Creation of new database tables through login form on PostgreSQL
CVE-2022-41931 unknown 4y ago Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui
CVE-2022-41930 unknown 4y ago Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
CVE-2022-41929 unknown 4y ago Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-41928 unknown 4y ago Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
CVE-2022-41927 unknown 4y ago Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
CVE-2022-45470 unknown 4y ago Cross-site Scripting in Apache Hama
CVE-2022-45146 unknown 4y ago Garbage collection issue in BC-FJA in Java 13 and later
CVE-2022-4065 unknown 4y ago TestNG is vulnerable to Path Traversal
CVE-2022-43183 unknown 4y ago XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
CVE-2022-45400 unknown 4y ago XXE vulnerability in Jenkins JAPEX Plugin
CVE-2022-45385 unknown 4y ago Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin
CVE-2022-45395 unknown 4y ago XML External Entity Reference in Jenkins CCCC Plugin
CVE-2022-45384 unknown 4y ago Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
CVE-2022-45393 unknown 4y ago Cross-Site Request Forgery in Jenkins Delete log Plugin
CVE-2022-45394 unknown 4y ago Missing permission check in Jenkins Delete log Plugin
CVE-2022-45401 unknown 4y ago Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
CVE-2022-45397 unknown 4y ago XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin
CVE-2022-45387 unknown 4y ago Jenkins BART Plugin vulnerable to cross-site scripting (XSS)
CVE-2022-45391 unknown 4y ago Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally
CVE-2022-45390 unknown 4y ago Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs
CVE-2022-45389 unknown 4y ago Missing Authorization in Jenkins XP-Dev Plugin
CVE-2022-45399 unknown 4y ago Jenkins Cluster Statistics Plugin Missing Authorization vulnerability
CVE-2022-45396 unknown 4y ago XXE vulnerability on agents in Jenkins SourceMonitor Plugin
CVE-2022-45392 unknown 4y ago Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin
CVE-2022-45388 unknown 4y ago Jenkins Config Rotator Plugin vulnerable to path traversal
CVE-2022-45386 unknown 4y ago XML External Entity Reference in Jenkins Violations Plugin
CVE-2022-45382 unknown 4y ago Cross-site Scripting in Jenkins Naginator Plugin
CVE-2022-45380 unknown 4y ago Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
CVE-2022-45379 unknown 4y ago Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
CVE-2022-38666 unknown 4y ago SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
CVE-2022-45381 unknown 4y ago Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
CVE-2022-45383 unknown 4y ago Incorrect permission checks in Jenkins Support Core Plugin
CVE-2022-40308 unknown 4y ago Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
CVE-2022-40309 unknown 4y ago Apache Archiva subject to arbitrary directory deletion by users.
CVE-2022-42127 unknown 4y ago Incorrect Default Permissions in Liferay Portal
CVE-2022-42126 unknown 4y ago Missing permissions check in Liferay Portal
CVE-2022-42125 unknown 4y ago Path Traversal in Liferay Portal
CVE-2022-42121 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module
CVE-2022-42129 unknown 4y ago Authorization Bypass in Liferay Portal
CVE-2022-42120 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module
CVE-2022-42118 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module
CVE-2022-42119 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module
CVE-2022-42122 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module
CVE-2022-42123 unknown 4y ago Path Traversal in Liferay Portal
CVE-2022-42124 unknown 4y ago Inefficient Regular Expression Complexity in Liferay Portal
CVE-2022-42111 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module
CVE-2022-42110 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module
CVE-2022-42132 unknown 4y ago Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL
CVE-2022-42131 unknown 4y ago Improper Certificate Validation in Liferay Portal
CVE-2022-42128 unknown 4y ago Incorrect Default Permissions in Liferay Portal
CVE-2022-42130 unknown 4y ago Incorrect Default Permissions in Liferay Portal
CVE-2022-45136 unknown 4y ago Apache Jena vulnerable to Deserialization of Untrusted Data
CVE-2022-45378 unknown 4y ago Apache SOAP contains unauthenticated RPCRouterServlet
CVE-2022-41854 unknown 4y ago Snakeyaml vulnerable to Stack overflow leading to denial of service
CVE-2022-3952 unknown 4y ago ManyDesigns Portofino subject to creation of insecure temporary file
CVE-2022-36022 unknown 4y ago Use of unclaimed s3 bucket in tests and examples
CVE-2022-44244 unknown 4y ago Lin CMS vulnerable to Improper Authentication
CVE-2022-45129 unknown 4y ago Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF
CVE-2022-39368 unknown 4y ago Failing DTLS handshakes may cause throttling to block processing of records
CVE-2022-37866 unknown 4y ago Apache Ivy vulnerable to path traversal
CVE-2022-37865 unknown 4y ago Apache Ivy does not verify target path when extracting the archive
CVE-2022-39387 unknown 4y ago XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider