VIR Vulnerability Intelligence Relay

CVEs from 2022

5,370 normalized CVEs published or assigned in this year.

Total
5,370
critical
critical 88
high
high 1,219
medium
medium 945
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-29161 unknown 4y ago Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
CVE-2022-29002 unknown 4y ago Cross-Site Request Forgery in XXL-Job
CVE-2022-31267 unknown 4y ago Unescaped control characters in Gitblit
CVE-2022-31268 unknown 4y ago Path traversal in Gitblit
CVE-2022-24434 unknown 4y ago Crash in HeaderParser in dicer
CVE-2022-22978 unknown 4y ago Authorization bypass in Spring Security
CVE-2022-22976 unknown 4y ago Integer overflow in BCrypt class in Spring Security
CVE-2022-1782 unknown 4y ago Cross-site Scripting in com.erudika:para-core
CVE-2022-26650 unknown 4y ago Regular expression denial of service in Apache ShenYu
CVE-2022-30972 unknown 4y ago Cross Site Request Forgery in Jenkins Storable Configs Plugin
CVE-2022-30970 unknown 4y ago Cross-site Scripting in Jenkins Autocomplete Parameter Plugin
CVE-2022-30969 unknown 4y ago Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin
CVE-2022-30971 unknown 4y ago XML External Entity Reference in Jenkins Storable Configs Plugin
CVE-2022-30960 unknown 4y ago Cross-site Scripting in Jenkins Application Detector Plugin
CVE-2022-30964 unknown 4y ago Cross-site Scripting in Jenkins Multiselect parameter Plugin
CVE-2022-30965 unknown 4y ago Stored Cross-site Scripting vulnerabilities in Jenkins promoted Builds (Simple) plugin providing additional parameter types
CVE-2022-30962 unknown 4y ago Cross-site Scripting in Jenkins Global Variable String Parameter Plugin
CVE-2022-30967 unknown 4y ago Cross site scripting in Jenkins Selection tasks Plugin
CVE-2022-30961 unknown 4y ago Cross-site Scripting in Jenkins Autocomplete Parameter Plugin
CVE-2022-30966 unknown 4y ago Cross-site Scripting in Jenkins Random String Parameter Plugin
CVE-2022-30954 unknown 4y ago Missing permission check in Jenkins Blue Ocean Plugin
CVE-2022-30963 unknown 4y ago Cross-site Scripting in Jenkins JDK Parameter Plugin
CVE-2022-30968 unknown 4y ago Cross-site Scripting in Jenkins vboxwrapper Plugin
CVE-2022-30955 unknown 4y ago Missing permission check in Jenkins GitLab Plugin
CVE-2022-30956 unknown 4y ago Cross-site Scripting in Jenkins Rundeck Plugin
CVE-2022-30951 unknown 4y ago Missing Authorization in Jenkins WMI Windows Agents plugin
CVE-2022-30957 unknown 4y ago Missing permission check in Jenkins SSH Plugin
CVE-2022-30952 unknown 4y ago Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin
CVE-2022-30953 unknown 4y ago Cross Site Request Forgery in Jenkins Blue Ocean Plugin
CVE-2022-30959 unknown 4y ago Missing Authorization in Jenkins SSH plugin
CVE-2022-30958 unknown 4y ago Cross Site Request Forgery in Jenkins SSH Plugin
CVE-2022-30949 unknown 4y ago Path traversal in Jenkins REPO Plugin
CVE-2022-30947 unknown 4y ago Path traversal in Jenkins Git Mercurial and Repo Plugins
CVE-2022-30945 unknown 4y ago Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
CVE-2022-30950 unknown 4y ago Buffer overflow in Jenkins WMI Windows Agents plugin
CVE-2022-30948 unknown 4y ago Path traversal in Jenkins Mercurial Plugin
CVE-2022-30946 unknown 4y ago CSRF vulnerability in Jenkins Script Security Plugin
CVE-2022-30126 unknown 4y ago Regular expression denial of service in apache tika
CVE-2022-25169 unknown 4y ago Apache Tika vulnerable to uncontrolled memory consumption
CVE-2022-22971 unknown 4y ago Allocation of Resources Without Limits or Throttling in Spring Framework
CVE-2022-22970 unknown 4y ago Denial of service in Spring Framework
CVE-2022-28890 unknown 4y ago XML External Entity Reference in apache jena
CVE-2022-28111 unknown 4y ago MyBatis PageHelper vulnerable to time-blind SQL injection via orderBy parameter
CVE-2022-25767 unknown 4y ago Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
CVE-2022-25842 unknown 4y ago Path Traversal in com.alibaba.oneagent:one-java-agent-plugin
CVE-2022-29265 unknown 4y ago Multiple components in Apache NiFi do not restrict XML External Entity references
CVE-2022-24897 unknown 4y ago Arbitrary filesystem write access from velocity.
CVE-2022-24898 unknown 4y ago Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml
CVE-2022-24891 unknown 4y ago Cross-site Scripting in org.owasp.esapi:esapi
CVE-2022-23457 unknown 4y ago Path traversal in the OWASP Enterprise Security API
CVE-2022-24881 unknown 4y ago ballcat-codegen template engine remote code execution injection
CVE-2022-1466 unknown 4y ago Improper authorization in Keycloak
CVE-2022-1245 unknown 4y ago Keycloak vulnerable to privilege escalation on Token Exchange feature
CVE-2022-29546 unknown 4y ago OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
CVE-2022-28820 unknown 4y ago Page Compare Reflected Cross-site Scripting (XSS) vulnerability
CVE-2022-26596 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via web content template names
CVE-2022-26597 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via the site name
CVE-2022-29577 unknown 4y ago Cross-site Scripting in OWASP AntiSamy
CVE-2022-28367 unknown 4y ago Cross-site Scripting in OWASP AntiSamy
CVE-2022-28366 unknown 4y ago Denial of service in HtmlUnit-Neko
CVE-2022-27340 unknown 4y ago Cross Site Request Forgery in Mingsoft MCMS
CVE-2022-24847 unknown 4y ago Improper Input Validation in GeoServer
CVE-2022-24828 unknown 4y ago Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control …
CVE-2022-0272 unknown 4y ago XML External Entity Reference in detekt
CVE-2022-22969 unknown 4y ago Denial of service in Spring Security OAuth2
CVE-2022-26593 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category
CVE-2022-26595 unknown 4y ago Liferay Portal and Liferay DXP fails to check permissions to view sites/groups
CVE-2022-28108 unknown 4y ago Selenium Server (Grid) CSRF
CVE-2022-26594 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via form field
CVE-2022-22968 unknown 4y ago Improper handling of case sensitivity in Spring Framework
CVE-2022-29039 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin
CVE-2022-29038 unknown 4y ago Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin
CVE-2022-29037 unknown 4y ago Stored XSS in Jenkins CVS Plugin
CVE-2022-29036 unknown 4y ago Cross-site Scripting in Jenkins Credentials Plugin
CVE-2022-29041 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin
CVE-2022-29040 unknown 4y ago Stored XSS vulnerability in Jenkins Git Parameter Plugin
CVE-2022-29043 unknown 4y ago Stored Cross-site Scripting in Jenkins Mask Passwords Plugin
CVE-2022-29042 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Job Generator Plugin
CVE-2022-29047 unknown 4y ago Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
CVE-2022-29046 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin
CVE-2022-29050 unknown 4y ago CSRF vulnerability in Jenkins Publish Over FTP Plugin
CVE-2022-29045 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin
CVE-2022-29051 unknown 4y ago Missing permission checks in Jenkins Publish Over FTP Plugin
CVE-2022-29048 unknown 4y ago CSRF vulnerability in Jenkins Subversion Plugin
CVE-2022-29044 unknown 4y ago Stored Cross-site Scripting in Jenkins Node and Label parameter Plugin
CVE-2022-29049 unknown 4y ago Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
CVE-2022-29052 unknown 4y ago Private key stored in plain text by Jenkins Google Compute Engine Plugin
CVE-2022-23437 unknown 4y ago Infinite Loop in Apache Xerces Java
CVE-2022-24839 unknown 4y ago org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption
CVE-2022-24827 unknown 4y ago SQL Injection in elide-datastore-aggregation
CVE-2022-24820 unknown 4y ago Unauthenticated user can list hidden document from multiple velocity templates in XWiki
CVE-2022-24821 unknown 4y ago Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx
CVE-2022-24819 unknown 4y ago Unauthenticated user can retrieve the list of users through uorgsuggest.vm
CVE-2022-26612 unknown 4y ago Path traversal in Hadoop
CVE-2022-26585 unknown 4y ago SQL injection in net.mingsoft:ms-mcms
CVE-2022-23974 unknown 4y ago Logic error in Apache Pinot
CVE-2022-22950 unknown 4y ago Allocation of Resources Without Limits or Throttling in Spring Framework
CVE-2022-25598 unknown 4y ago Uncontrolled Resource Consumption in Apache DolphinScheduler
CVE-2022-23059 unknown 4y ago Cross site scripting in Shopizer
CVE-2022-27820 unknown 4y ago Improper Certificate Validation in OWASP ZAP