VIR Vulnerability Intelligence Relay

CVEs from 2022

5,370 normalized CVEs published or assigned in this year.

Total
5,370
critical
critical 88
high
high 1,219
medium
medium 945
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-22969 unknown 4y ago Denial of service in Spring Security OAuth2
CVE-2022-26593 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category
CVE-2022-26595 unknown 4y ago Liferay Portal and Liferay DXP fails to check permissions to view sites/groups
CVE-2022-28108 unknown 4y ago Selenium Server (Grid) CSRF
CVE-2022-26594 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via form field
CVE-2022-22968 unknown 4y ago Improper handling of case sensitivity in Spring Framework
CVE-2022-29039 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin
CVE-2022-29037 unknown 4y ago Stored XSS in Jenkins CVS Plugin
CVE-2022-29038 unknown 4y ago Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin
CVE-2022-29036 unknown 4y ago Cross-site Scripting in Jenkins Credentials Plugin
CVE-2022-29043 unknown 4y ago Stored Cross-site Scripting in Jenkins Mask Passwords Plugin
CVE-2022-29042 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Job Generator Plugin
CVE-2022-29046 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin
CVE-2022-29040 unknown 4y ago Stored XSS vulnerability in Jenkins Git Parameter Plugin
CVE-2022-29041 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin
CVE-2022-29047 unknown 4y ago Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
CVE-2022-29049 unknown 4y ago Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
CVE-2022-29051 unknown 4y ago Missing permission checks in Jenkins Publish Over FTP Plugin
CVE-2022-29048 unknown 4y ago CSRF vulnerability in Jenkins Subversion Plugin
CVE-2022-29045 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin
CVE-2022-29044 unknown 4y ago Stored Cross-site Scripting in Jenkins Node and Label parameter Plugin
CVE-2022-29050 unknown 4y ago CSRF vulnerability in Jenkins Publish Over FTP Plugin
CVE-2022-29052 unknown 4y ago Private key stored in plain text by Jenkins Google Compute Engine Plugin
CVE-2022-23437 unknown 4y ago Infinite Loop in Apache Xerces Java
CVE-2022-24839 unknown 4y ago org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption
CVE-2022-24827 unknown 4y ago SQL Injection in elide-datastore-aggregation
CVE-2022-24820 unknown 4y ago Unauthenticated user can list hidden document from multiple velocity templates in XWiki
CVE-2022-24821 unknown 4y ago Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx
CVE-2022-24819 unknown 4y ago Unauthenticated user can retrieve the list of users through uorgsuggest.vm
CVE-2022-26612 unknown 4y ago Path traversal in Hadoop
CVE-2022-26585 unknown 4y ago SQL injection in net.mingsoft:ms-mcms
CVE-2022-23974 unknown 4y ago Logic error in Apache Pinot
CVE-2022-22950 unknown 4y ago Allocation of Resources Without Limits or Throttling in Spring Framework
CVE-2022-25598 unknown 4y ago Uncontrolled Resource Consumption in Apache DolphinScheduler
CVE-2022-23059 unknown 4y ago Cross site scripting in Shopizer
CVE-2022-27820 unknown 4y ago Improper Certificate Validation in OWASP ZAP
CVE-2022-24775 unknown 4y ago guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values…
CVE-2022-27200 unknown 4y ago Duplicate Advisory: Stored Cross-site Scripting vulnerability in Jenkins Folder-based Authorization Strategy Plugin
CVE-2022-27201 unknown 4y ago Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
CVE-2022-27197 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Dashboard View Plugin
CVE-2022-27195 unknown 4y ago Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
CVE-2022-27196 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin
CVE-2022-27198 unknown 4y ago CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin
CVE-2022-27204 unknown 4y ago CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF
CVE-2022-27199 unknown 4y ago Missing permission checks in AWS Credentials Plugin
CVE-2022-27202 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin
CVE-2022-27203 unknown 4y ago Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin
CVE-2022-27210 unknown 4y ago CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials
CVE-2022-27207 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin
CVE-2022-27216 unknown 4y ago Passwords stored in plain text by Jenkins dbCharts Plugin
CVE-2022-27214 unknown 4y ago CSRF vulnerability in Jenkins Release Helper Plugin
CVE-2022-27212 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin
CVE-2022-27206 unknown 4y ago Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
CVE-2022-27217 unknown 4y ago Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin
CVE-2022-27205 unknown 4y ago CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
CVE-2022-27215 unknown 4y ago Missing permission checks in Jenkins Release Helper Plugin
CVE-2022-27211 unknown 4y ago CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials
CVE-2022-27218 unknown 4y ago Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin
CVE-2022-27208 unknown 4y ago Arbitrary file read vulnerability in Jenkins kubernetes-cd Plugin
CVE-2022-27213 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin
CVE-2022-24721 unknown 4y ago Improper Authorization in org.cometd.oort
CVE-2022-26520 unknown 4y ago Path traversal in org.postgresql:postgresql
CVE-2022-26652 unknown 4y ago NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
CVE-2022-25312 unknown 4y ago Improper Restriction of XML External Entity Reference in Any23
CVE-2022-0839 unknown 4y ago Improper Restriction of XML External Entity Reference in Liquibase
CVE-2022-26336 unknown 4y ago Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad
CVE-2022-25146 unknown 4y ago Liferay Portal and Liferay DXP fails to check origin of event messages
CVE-2022-23899 unknown 4y ago SQL injection in net.mingsoft:ms-mcms
CVE-2022-23898 unknown 4y ago SQL injection in net.mingsoft:ms-mcms
CVE-2022-0265 unknown 4y ago XML External Entity Reference in Hazelcast
CVE-2022-23708 unknown 4y ago Elasticsearch privilege escalation
CVE-2022-23640 unknown 4y ago Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
CVE-2022-24948 unknown 4y ago Cross-site Scripting in Apache JSPWiki
CVE-2022-24947 unknown 4y ago Cross Site Request Forgery in Apache JSPWiki
CVE-2022-24329 unknown 4y ago Improper Locking in JetBrains Kotlin
CVE-2022-24614 unknown 4y ago Allocation of Resources Without Limits or Throttling in metadata-extractor
CVE-2022-24613 unknown 4y ago Improper Handling of Exceptional Conditions inn metadata-extractor
CVE-2022-24615 unknown 4y ago Uncaught Exception in zip4j
CVE-2022-23848 unknown 4y ago Command injection in Alluxio
CVE-2022-0671 unknown 4y ago Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
CVE-2022-0672 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in LemMinX
CVE-2022-0673 unknown 4y ago Path Traversal in LemMinX
CVE-2022-22880 unknown 4y ago SQL Injection in Jeecg-boot
CVE-2022-22885 unknown 4y ago Improper Certificate Validation in Hutool
CVE-2022-22881 unknown 4y ago SQL Injection in Jeecg-boot
CVE-2022-25173 unknown 4y ago Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin
CVE-2022-25175 unknown 4y ago Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection
CVE-2022-25174 unknown 4y ago Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin
CVE-2022-25177 unknown 4y ago Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin
CVE-2022-25176 unknown 4y ago Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin
CVE-2022-25179 unknown 4y ago Link Following in Jenkins Pipeline Multibranch Plugin
CVE-2022-25178 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin
CVE-2022-25180 unknown 4y ago Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
CVE-2022-25181 unknown 4y ago Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
CVE-2022-25183 unknown 4y ago Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
CVE-2022-25182 unknown 4y ago Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
CVE-2022-25185 unknown 4y ago Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin
CVE-2022-25184 unknown 4y ago Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
CVE-2022-25186 unknown 4y ago Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
CVE-2022-25187 unknown 4y ago Jenkins Support Core Plugin stores sensitive data in plain text