CVEs from 2022
Total
5,367
critical
critical 88
high
high 1,220
medium
medium 938
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-45381 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin | |||
| CVE-2022-38666 | unknown | — | — | 4y ago | SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin | |||
| CVE-2022-45379 | unknown | — | — | 4y ago | Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions | |||
| CVE-2022-45380 | unknown | — | — | 4y ago | Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion | |||
| CVE-2022-40309 | unknown | — | — | 4y ago | Apache Archiva subject to arbitrary directory deletion by users. | |||
| CVE-2022-40308 | unknown | — | — | 4y ago | Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user | |||
| CVE-2022-42124 | unknown | — | — | 4y ago | Inefficient Regular Expression Complexity in Liferay Portal | |||
| CVE-2022-42121 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module | |||
| CVE-2022-42125 | unknown | — | — | 4y ago | Path Traversal in Liferay Portal | |||
| CVE-2022-42131 | unknown | — | — | 4y ago | Improper Certificate Validation in Liferay Portal | |||
| CVE-2022-42128 | unknown | — | — | 4y ago | Incorrect Default Permissions in Liferay Portal | |||
| CVE-2022-42127 | unknown | — | — | 4y ago | Incorrect Default Permissions in Liferay Portal | |||
| CVE-2022-42110 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module | |||
| CVE-2022-42111 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module | |||
| CVE-2022-42132 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL | |||
| CVE-2022-42123 | unknown | — | — | 4y ago | Path Traversal in Liferay Portal | |||
| CVE-2022-42130 | unknown | — | — | 4y ago | Incorrect Default Permissions in Liferay Portal | |||
| CVE-2022-42122 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module | |||
| CVE-2022-42126 | unknown | — | — | 4y ago | Missing permissions check in Liferay Portal | |||
| CVE-2022-42119 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module | |||
| CVE-2022-42129 | unknown | — | — | 4y ago | Authorization Bypass in Liferay Portal | |||
| CVE-2022-42118 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module | |||
| CVE-2022-42120 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module | |||
| CVE-2022-45136 | unknown | — | — | 4y ago | Apache Jena vulnerable to Deserialization of Untrusted Data | |||
| CVE-2022-45378 | unknown | — | — | 4y ago | Apache SOAP contains unauthenticated RPCRouterServlet | |||
| CVE-2022-3952 | unknown | — | — | 4y ago | ManyDesigns Portofino subject to creation of insecure temporary file | |||
| CVE-2022-41854 | unknown | — | — | 4y ago | Snakeyaml vulnerable to Stack overflow leading to denial of service | |||
| CVE-2022-36022 | unknown | — | — | 4y ago | Use of unclaimed s3 bucket in tests and examples | |||
| CVE-2022-44244 | unknown | — | — | 4y ago | Lin CMS vulnerable to Improper Authentication | |||
| CVE-2022-45129 | unknown | — | — | 4y ago | Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF | |||
| CVE-2022-39368 | unknown | — | — | 4y ago | Failing DTLS handshakes may cause throttling to block processing of records | |||
| CVE-2022-37866 | unknown | — | — | 4y ago | Apache Ivy vulnerable to path traversal | |||
| CVE-2022-37865 | unknown | — | — | 4y ago | Apache Ivy does not verify target path when extracting the archive | |||
| CVE-2022-39387 | unknown | — | — | 4y ago | XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider | |||
| CVE-2022-32287 | unknown | — | — | 4y ago | Apache UIMA Path Traversal vulnerability | |||
| CVE-2022-43670 | unknown | — | — | 4y ago | Apache Sling App CMS vulnerable to Cross-site Scripting | |||
| CVE-2022-34662 | unknown | — | — | 4y ago | Apache DolphinScheduler vulnerable to Path Traversal | |||
| CVE-2022-31777 | unknown | — | — | 4y ago | Apache Spark vulnerable to Log Injection | |||
| CVE-2022-31690 | unknown | — | — | 4y ago | spring-security-oauth2-client vulnerable to Privilege Escalation | |||
| CVE-2022-31692 | unknown | — | — | 4y ago | Spring Security authorization rules can be bypassed via forward or include dispatcher types | |||
| CVE-2022-42252 | unknown | — | — | 4y ago | If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default f… | |||
| CVE-2022-26884 | unknown | — | — | 4y ago | Apache DolphinScheduler vulnerable to Path Traversal | |||
| CVE-2022-43766 | unknown | — | — | 4y ago | Apache IoTDB subject to ReDOS with Java 8 | |||
| CVE-2022-42468 | unknown | — | — | 4y ago | Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL | |||
| CVE-2022-39944 | unknown | — | — | 4y ago | Apache Linkis subject to Remote Code Execution via deserialization | |||
| CVE-2022-42890 | unknown | — | — | 4y ago | Untrusted code execution in Apache XML Graphics Batik | |||
| CVE-2022-41704 | unknown | — | — | 4y ago | Apache XML Graphics Batik vulnerable to code execution via SVG. | |||
| CVE-2022-34870 | unknown | — | — | 4y ago | Apache Geode vulnerable to Cross-Site Scripting | |||
| CVE-2022-40084 | unknown | — | — | 4y ago | OpenCRX vulnerable to password enumeration via error messages in password reset | |||
| CVE-2022-39259 | unknown | — | — | 4y ago | Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack | |||
| CVE-2022-31684 | unknown | — | — | 4y ago | Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens | |||
| CVE-2022-43412 | unknown | — | — | 4y ago | Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin | |||
| CVE-2022-43414 | unknown | — | — | 4y ago | Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure | |||
| CVE-2022-43423 | unknown | — | — | 4y ago | Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin | |||
| CVE-2022-43421 | unknown | — | — | 4y ago | Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value | |||
| CVE-2022-43429 | unknown | — | — | 4y ago | Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure | |||
| CVE-2022-43428 | unknown | — | — | 4y ago | Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin | |||
| CVE-2022-43425 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin | |||
| CVE-2022-43431 | unknown | — | — | 4y ago | Jenkins Compuware Strobe Measurement Plugin Missing Authorization vulnerability | |||
| CVE-2022-43407 | unknown | — | — | 4y ago | CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin | |||
| CVE-2022-43413 | unknown | — | — | 4y ago | Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins | |||
| CVE-2022-43409 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin | |||
| CVE-2022-43411 | unknown | — | — | 4y ago | Non-constant time webhook token comparison in Jenkins GitLab Plugin | |||
| CVE-2022-43433 | unknown | — | — | 4y ago | Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin | |||
| CVE-2022-43432 | unknown | — | — | 4y ago | Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin | |||
| CVE-2022-43424 | unknown | — | — | 4y ago | Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin | |||
| CVE-2022-43403 | unknown | — | — | 4y ago | Jenkins Script Security Plugin sandbox bypass vulnerability | |||
| CVE-2022-43404 | unknown | — | — | 4y ago | Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin | |||
| CVE-2022-43405 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin | |||
| CVE-2022-43401 | unknown | — | — | 4y ago | Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin | |||
| CVE-2022-43402 | unknown | — | — | 4y ago | Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution | |||
| CVE-2022-43406 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin | |||
| CVE-2022-43410 | unknown | — | — | 4y ago | Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin | |||
| CVE-2022-43415 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins REPO Plugin | |||
| CVE-2022-43416 | unknown | — | — | 4y ago | Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure | |||
| CVE-2022-43430 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin | |||
| CVE-2022-43418 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Katalon Plugin allows capturing credentials | |||
| CVE-2022-43417 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Katalon Plugin allow capturing credentials | |||
| CVE-2022-43434 | unknown | — | — | 4y ago | Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin | |||
| CVE-2022-43427 | unknown | — | — | 4y ago | Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins | |||
| CVE-2022-43422 | unknown | — | — | 4y ago | Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin | |||
| CVE-2022-43419 | unknown | — | — | 4y ago | API keys stored in plain text by Jenkins Katalon Plugin | |||
| CVE-2022-43420 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin | |||
| CVE-2022-43435 | unknown | — | — | 4y ago | Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin | |||
| CVE-2022-43426 | unknown | — | — | 4y ago | AWS secrets displayed without masking by Jenkins S3 Explorer Plugin | |||
| CVE-2022-43408 | unknown | — | — | 4y ago | Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins | |||
| CVE-2022-42117 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module | |||
| CVE-2022-42112 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module | |||
| CVE-2022-42116 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module | |||
| CVE-2022-42114 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via the Role Module | |||
| CVE-2022-42115 | unknown | — | — | 4y ago | Liferay Portal Vulnerable to XSS in the Object Module | |||
| CVE-2022-42113 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via the Document Library Module | |||
| CVE-2022-39198 | unknown | — | — | 4y ago | Hessian Lite for Apache Dubbo deserialization vulnerability | |||
| CVE-2022-42466 | unknown | — | — | 4y ago | Apache Isis Cross-site Scripting vulnerability | |||
| CVE-2022-42467 | unknown | — | — | 4y ago | Apache Isis webconsole module may directly query the database in prototype mode | |||
| CVE-2022-39312 | unknown | — | — | 4y ago | MySQL JDBC deserialization vulnerability | |||
| CVE-2022-42969 | unknown | — | — | 4y ago | Withdrawn Advisory: ReDoS in py library when used with subversion | |||
| CVE-2022-41828 | unknown | — | — | 4y ago | com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution | |||
| CVE-2022-41404 | unknown | — | — | 4y ago | org.ini4j allows attackers to cause a Denial of Service (DoS) | |||
| CVE-2022-40664 | unknown | — | — | 4y ago | Apache Shiro Authentication Bypass vulnerability |