VIR Vulnerability Intelligence Relay

CVEs from 2022

5,370 normalized CVEs published or assigned in this year.

Total
5,370
critical
critical 88
high
high 1,219
medium
medium 945
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-34176 unknown 4y ago Cross-site Scripting in Jenkins JUnit Plugin
CVE-2022-34188 unknown 4y ago Cross-site Scripting in Jenkins Hidden Parameter Plugin
CVE-2022-34183 unknown 4y ago Cross-site Scripting in Jenkins Agent Server Parameter Plugin
CVE-2022-34197 unknown 4y ago Cross-site Scripting in Jenkins Sauce OnDemand Plugin
CVE-2022-22980 unknown 4y ago SpEL Injection in Spring Data MongoDB
CVE-2022-32549 unknown 4y ago Log Injection in Apache Sling Commons Log and Apache Sling API
CVE-2022-22979 unknown 4y ago Denial of Service in Spring Cloud Function
CVE-2022-26850 unknown 4y ago Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils
CVE-2022-31044 unknown 4y ago Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0
CVE-2022-32210 unknown 4y ago `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and i…
CVE-2022-31053 unknown 4y ago Signature forgery in Biscuit
CVE-2022-33140 unknown 4y ago Code injection in Apache NiFi and NiFi Registry
CVE-2022-25167 unknown 4y ago Remote Code Execution in Apache Flume
CVE-2022-25845 unknown 4y ago Unsafe deserialization in com.alibaba:fastjson
CVE-2022-24969 unknown 4y ago Server-side request forgery in Apache Dubbo
CVE-2022-23712 unknown 4y ago Improper Check for Unusual or Exceptional Conditions in Elasticsearch
CVE-2022-29631 unknown 4y ago Server-Side Request Forgery in Jodd HTTP
CVE-2022-29770 unknown 4y ago Cross site scripting in XXL-job
CVE-2022-31023 unknown 4y ago Dev error stack trace leaking into prod in Play Framework
CVE-2022-31018 unknown 4y ago Denial of service binding form from JSON in Play Framework
CVE-2022-30506 unknown 4y ago Code injection in MCMS
CVE-2022-29648 unknown 4y ago Cross site scripting in Jfinal
CVE-2022-29647 unknown 4y ago Cross Site Request Forgery in Mingsoft MCMS
CVE-2022-29258 unknown 4y ago Cross-site Scripting in Filter Stream Converter Application in XWiki Platform
CVE-2022-29253 unknown 4y ago Path Traversal in XWiki Platform
CVE-2022-30973 unknown 4y ago Regular expression denial of service in apache tika
CVE-2022-23082 unknown 4y ago Path traversal in CureKit
CVE-2022-30500 unknown 4y ago SQL injection in jflyfox jfinal
CVE-2022-29405 unknown 4y ago Missing Authorization in Apache Archiva
CVE-2022-29252 unknown 4y ago Cross-site Scripting in wiki manager join wiki page
CVE-2022-29251 unknown 4y ago Cross-site Scripting in the Flamingo theme manager
CVE-2022-29567 unknown 4y ago Possible information disclosure inside TreeGrid component with default data provider
CVE-2022-29249 unknown 4y ago Reversible One-Way Hash in io.github.javaezlib:JavaEZ
CVE-2022-29237 unknown 4y ago Limited Authentication Bypass for Media Files
CVE-2022-1848 unknown 4y ago Business Logic Errors in Para
CVE-2022-29173 unknown 4y ago go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, …
CVE-2022-29161 unknown 4y ago Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
CVE-2022-29002 unknown 4y ago Cross-Site Request Forgery in XXL-Job
CVE-2022-31268 unknown 4y ago Path traversal in Gitblit
CVE-2022-31267 unknown 4y ago Unescaped control characters in Gitblit
CVE-2022-24434 unknown 4y ago Crash in HeaderParser in dicer
CVE-2022-22978 unknown 4y ago Authorization bypass in Spring Security
CVE-2022-22976 unknown 4y ago Integer overflow in BCrypt class in Spring Security
CVE-2022-1782 unknown 4y ago Cross-site Scripting in com.erudika:para-core
CVE-2022-26650 unknown 4y ago Regular expression denial of service in Apache ShenYu
CVE-2022-30970 unknown 4y ago Cross-site Scripting in Jenkins Autocomplete Parameter Plugin
CVE-2022-30972 unknown 4y ago Cross Site Request Forgery in Jenkins Storable Configs Plugin
CVE-2022-30969 unknown 4y ago Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin
CVE-2022-30971 unknown 4y ago XML External Entity Reference in Jenkins Storable Configs Plugin
CVE-2022-30967 unknown 4y ago Cross site scripting in Jenkins Selection tasks Plugin
CVE-2022-30964 unknown 4y ago Cross-site Scripting in Jenkins Multiselect parameter Plugin
CVE-2022-30960 unknown 4y ago Cross-site Scripting in Jenkins Application Detector Plugin
CVE-2022-30961 unknown 4y ago Cross-site Scripting in Jenkins Autocomplete Parameter Plugin
CVE-2022-30968 unknown 4y ago Cross-site Scripting in Jenkins vboxwrapper Plugin
CVE-2022-30963 unknown 4y ago Cross-site Scripting in Jenkins JDK Parameter Plugin
CVE-2022-30965 unknown 4y ago Stored Cross-site Scripting vulnerabilities in Jenkins promoted Builds (Simple) plugin providing additional parameter types
CVE-2022-30954 unknown 4y ago Missing permission check in Jenkins Blue Ocean Plugin
CVE-2022-30962 unknown 4y ago Cross-site Scripting in Jenkins Global Variable String Parameter Plugin
CVE-2022-30966 unknown 4y ago Cross-site Scripting in Jenkins Random String Parameter Plugin
CVE-2022-30953 unknown 4y ago Cross Site Request Forgery in Jenkins Blue Ocean Plugin
CVE-2022-30952 unknown 4y ago Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin
CVE-2022-30949 unknown 4y ago Path traversal in Jenkins REPO Plugin
CVE-2022-30951 unknown 4y ago Missing Authorization in Jenkins WMI Windows Agents plugin
CVE-2022-30956 unknown 4y ago Cross-site Scripting in Jenkins Rundeck Plugin
CVE-2022-30958 unknown 4y ago Cross Site Request Forgery in Jenkins SSH Plugin
CVE-2022-30955 unknown 4y ago Missing permission check in Jenkins GitLab Plugin
CVE-2022-30957 unknown 4y ago Missing permission check in Jenkins SSH Plugin
CVE-2022-30959 unknown 4y ago Missing Authorization in Jenkins SSH plugin
CVE-2022-30950 unknown 4y ago Buffer overflow in Jenkins WMI Windows Agents plugin
CVE-2022-30947 unknown 4y ago Path traversal in Jenkins Git Mercurial and Repo Plugins
CVE-2022-30948 unknown 4y ago Path traversal in Jenkins Mercurial Plugin
CVE-2022-30946 unknown 4y ago CSRF vulnerability in Jenkins Script Security Plugin
CVE-2022-30945 unknown 4y ago Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
CVE-2022-30126 unknown 4y ago Regular expression denial of service in apache tika
CVE-2022-25169 unknown 4y ago Apache Tika vulnerable to uncontrolled memory consumption
CVE-2022-22971 unknown 4y ago Allocation of Resources Without Limits or Throttling in Spring Framework
CVE-2022-22970 unknown 4y ago Denial of service in Spring Framework
CVE-2022-28890 unknown 4y ago XML External Entity Reference in apache jena
CVE-2022-28111 unknown 4y ago MyBatis PageHelper vulnerable to time-blind SQL injection via orderBy parameter
CVE-2022-25767 unknown 4y ago Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
CVE-2022-25842 unknown 4y ago Path Traversal in com.alibaba.oneagent:one-java-agent-plugin
CVE-2022-29265 unknown 4y ago Multiple components in Apache NiFi do not restrict XML External Entity references
CVE-2022-24897 unknown 4y ago Arbitrary filesystem write access from velocity.
CVE-2022-24898 unknown 4y ago Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml
CVE-2022-24891 unknown 4y ago Cross-site Scripting in org.owasp.esapi:esapi
CVE-2022-23457 unknown 4y ago Path traversal in the OWASP Enterprise Security API
CVE-2022-24881 unknown 4y ago ballcat-codegen template engine remote code execution injection
CVE-2022-1466 unknown 4y ago Improper authorization in Keycloak
CVE-2022-1245 unknown 4y ago Keycloak vulnerable to privilege escalation on Token Exchange feature
CVE-2022-29546 unknown 4y ago OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
CVE-2022-28820 unknown 4y ago Page Compare Reflected Cross-site Scripting (XSS) vulnerability
CVE-2022-26596 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via web content template names
CVE-2022-26597 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via the site name
CVE-2022-29577 unknown 4y ago Cross-site Scripting in OWASP AntiSamy
CVE-2022-28367 unknown 4y ago Cross-site Scripting in OWASP AntiSamy
CVE-2022-28366 unknown 4y ago Denial of service in HtmlUnit-Neko
CVE-2022-27340 unknown 4y ago Cross Site Request Forgery in Mingsoft MCMS
CVE-2022-24847 unknown 4y ago Improper Input Validation in GeoServer
CVE-2022-24828 unknown 4y ago Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control …
CVE-2022-0272 unknown 4y ago XML External Entity Reference in detekt