VIR Vulnerability Intelligence Relay

CVEs from 2022

5,377 normalized CVEs published or assigned in this year.

Total
5,377
critical
critical 94
high
high 1,232
medium
medium 950
low
low 24
% Critical
1.7%
% with KEV
2.4%
% with exploit
3.3%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-25842 unknown 4y ago Path Traversal in com.alibaba.oneagent:one-java-agent-plugin
CVE-2022-29265 unknown 4y ago Multiple components in Apache NiFi do not restrict XML External Entity references
CVE-2022-24897 unknown 4y ago Arbitrary filesystem write access from velocity.
CVE-2022-24898 unknown 4y ago Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml
CVE-2022-24891 unknown 4y ago Cross-site Scripting in org.owasp.esapi:esapi
CVE-2022-23457 unknown 4y ago Path traversal in the OWASP Enterprise Security API
CVE-2022-24881 unknown 4y ago ballcat-codegen template engine remote code execution injection
CVE-2022-1466 unknown 4y ago Improper authorization in Keycloak
CVE-2022-1245 unknown 4y ago Keycloak vulnerable to privilege escalation on Token Exchange feature
CVE-2022-29546 unknown 4y ago OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
CVE-2022-28820 unknown 4y ago Page Compare Reflected Cross-site Scripting (XSS) vulnerability
CVE-2022-26596 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via web content template names
CVE-2022-26597 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via the site name
CVE-2022-28367 unknown 4y ago Cross-site Scripting in OWASP AntiSamy
CVE-2022-28366 unknown 4y ago Denial of service in HtmlUnit-Neko
CVE-2022-29577 unknown 4y ago Cross-site Scripting in OWASP AntiSamy
CVE-2022-27340 unknown 4y ago Cross Site Request Forgery in Mingsoft MCMS
CVE-2022-24847 unknown 4y ago Improper Input Validation in GeoServer
CVE-2022-24828 unknown 4y ago Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control …
CVE-2022-0272 unknown 4y ago XML External Entity Reference in detekt
CVE-2022-22969 unknown 4y ago Denial of service in Spring Security OAuth2
CVE-2022-26593 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category
CVE-2022-26595 unknown 4y ago Liferay Portal and Liferay DXP fails to check permissions to view sites/groups
CVE-2022-28108 unknown 4y ago Selenium Server (Grid) CSRF
CVE-2022-26594 unknown 4y ago Liferay Portal and Liferay DXP allows arbitrary injection via form field
CVE-2022-22968 unknown 4y ago Improper handling of case sensitivity in Spring Framework
CVE-2022-29039 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin
CVE-2022-29038 unknown 4y ago Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin
CVE-2022-29037 unknown 4y ago Stored XSS in Jenkins CVS Plugin
CVE-2022-29036 unknown 4y ago Cross-site Scripting in Jenkins Credentials Plugin
CVE-2022-29041 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin
CVE-2022-29046 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin
CVE-2022-29047 unknown 4y ago Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
CVE-2022-29043 unknown 4y ago Stored Cross-site Scripting in Jenkins Mask Passwords Plugin
CVE-2022-29040 unknown 4y ago Stored XSS vulnerability in Jenkins Git Parameter Plugin
CVE-2022-29042 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Job Generator Plugin
CVE-2022-29051 unknown 4y ago Missing permission checks in Jenkins Publish Over FTP Plugin
CVE-2022-29044 unknown 4y ago Stored Cross-site Scripting in Jenkins Node and Label parameter Plugin
CVE-2022-29048 unknown 4y ago CSRF vulnerability in Jenkins Subversion Plugin
CVE-2022-29045 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin
CVE-2022-29049 unknown 4y ago Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
CVE-2022-29050 unknown 4y ago CSRF vulnerability in Jenkins Publish Over FTP Plugin
CVE-2022-29052 unknown 4y ago Private key stored in plain text by Jenkins Google Compute Engine Plugin
CVE-2022-23437 unknown 4y ago Infinite Loop in Apache Xerces Java
CVE-2022-24839 unknown 4y ago org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption
CVE-2022-24827 unknown 4y ago SQL Injection in elide-datastore-aggregation
CVE-2022-24820 unknown 4y ago Unauthenticated user can list hidden document from multiple velocity templates in XWiki
CVE-2022-24821 unknown 4y ago Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx
CVE-2022-24819 unknown 4y ago Unauthenticated user can retrieve the list of users through uorgsuggest.vm
CVE-2022-26612 unknown 4y ago Path traversal in Hadoop
CVE-2022-26585 unknown 4y ago SQL injection in net.mingsoft:ms-mcms
CVE-2022-23974 unknown 4y ago Logic error in Apache Pinot
CVE-2022-22950 unknown 4y ago Allocation of Resources Without Limits or Throttling in Spring Framework
CVE-2022-25598 unknown 4y ago Uncontrolled Resource Consumption in Apache DolphinScheduler
CVE-2022-23059 unknown 4y ago Cross site scripting in Shopizer
CVE-2022-27820 unknown 4y ago Improper Certificate Validation in OWASP ZAP
CVE-2022-24775 unknown 4y ago guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values…
CVE-2022-27200 unknown 4y ago Duplicate Advisory: Stored Cross-site Scripting vulnerability in Jenkins Folder-based Authorization Strategy Plugin
CVE-2022-27196 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin
CVE-2022-27201 unknown 4y ago Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
CVE-2022-27195 unknown 4y ago Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
CVE-2022-27197 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Dashboard View Plugin
CVE-2022-27199 unknown 4y ago Missing permission checks in AWS Credentials Plugin
CVE-2022-27203 unknown 4y ago Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin
CVE-2022-27198 unknown 4y ago CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin
CVE-2022-27202 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin
CVE-2022-27204 unknown 4y ago CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF
CVE-2022-27217 unknown 4y ago Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin
CVE-2022-27205 unknown 4y ago CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
CVE-2022-27216 unknown 4y ago Passwords stored in plain text by Jenkins dbCharts Plugin
CVE-2022-27206 unknown 4y ago Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
CVE-2022-27207 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin
CVE-2022-27214 unknown 4y ago CSRF vulnerability in Jenkins Release Helper Plugin
CVE-2022-27210 unknown 4y ago CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials
CVE-2022-27212 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin
CVE-2022-27218 unknown 4y ago Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin
CVE-2022-27208 unknown 4y ago Arbitrary file read vulnerability in Jenkins kubernetes-cd Plugin
CVE-2022-27215 unknown 4y ago Missing permission checks in Jenkins Release Helper Plugin
CVE-2022-27213 unknown 4y ago Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin
CVE-2022-27211 unknown 4y ago CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials
CVE-2022-24721 unknown 4y ago Improper Authorization in org.cometd.oort
CVE-2022-26520 unknown 4y ago Path traversal in org.postgresql:postgresql
CVE-2022-26652 unknown 4y ago NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
CVE-2022-25312 unknown 4y ago Improper Restriction of XML External Entity Reference in Any23
CVE-2022-0839 unknown 4y ago Improper Restriction of XML External Entity Reference in Liquibase
CVE-2022-26336 unknown 4y ago Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad
CVE-2022-25146 unknown 4y ago Liferay Portal and Liferay DXP fails to check origin of event messages
CVE-2022-23899 unknown 4y ago SQL injection in net.mingsoft:ms-mcms
CVE-2022-23898 unknown 4y ago SQL injection in net.mingsoft:ms-mcms
CVE-2022-23708 unknown 4y ago Elasticsearch privilege escalation
CVE-2022-0265 unknown 4y ago XML External Entity Reference in Hazelcast
CVE-2022-23640 unknown 4y ago Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
CVE-2022-24948 unknown 4y ago Cross-site Scripting in Apache JSPWiki
CVE-2022-24947 unknown 4y ago Cross Site Request Forgery in Apache JSPWiki
CVE-2022-24329 unknown 4y ago Improper Locking in JetBrains Kotlin
CVE-2022-24613 unknown 4y ago Improper Handling of Exceptional Conditions inn metadata-extractor
CVE-2022-24614 unknown 4y ago Allocation of Resources Without Limits or Throttling in metadata-extractor
CVE-2022-24615 unknown 4y ago Uncaught Exception in zip4j
CVE-2022-23848 unknown 4y ago Command injection in Alluxio
CVE-2022-0672 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in LemMinX