CVEs from 2022
Total
6,001
critical
critical 88
high
high 1,239
medium
medium 887
low
low 24
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-2625 | medium | — | 5.5 | 3y ago | Moderate: postgresql security update | |
| CVE-2022-41862 | medium | — | 5.5 | 3y ago | Moderate: postgresql security update | |
| CVE-2022-4899 | medium | — | 5.5 | 3y ago | Moderate: mysql security update | |
| CVE-2022-48303 | medium | — | 5.5 | 3y ago | Moderate: tar security update | |
| CVE-2022-45061 | medium | — | 5.5 | 3y ago | Moderate: python39:3.9 and python39-devel:3.9 security update | |
| CVE-2022-45873 | medium | — | 5.5 | 3y ago | Moderate: systemd security update | |
| CVE-2022-40897 | medium | — | 5.5 | 3y ago | Moderate: python-setuptools security update | |
| CVE-2022-31631 | medium | — | 5.5 | 3y ago | Moderate: php:8.1 security update | |
| CVE-2022-31630 | medium | — | 5.5 | 3y ago | Moderate: php:8.1 security update | |
| CVE-2022-31629 | medium | — | 5.5 | 3y ago | Moderate: php:8.1 security update | |
| CVE-2022-31628 | medium | — | 5.5 | 3y ago | Moderate: php:8.1 security update | |
| CVE-2022-36760 | medium | — | 5.5 | 3y ago | Moderate: httpd security and bug fix update | |
| CVE-2022-37436 | medium | — | 5.5 | 3y ago | Moderate: httpd security and bug fix update | |
| CVE-2022-47024 | medium | — | 5.5 | 3y ago | Moderate: vim security update | |
| CVE-2022-4415 | medium | — | 5.5 | 3y ago | Moderate: systemd security update | |
| CVE-2022-4203 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |
| CVE-2022-4450 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |
| CVE-2022-4304 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |
| CVE-2022-40303 | medium | — | 5.5 | 3y ago | Moderate: libxml2 security update | |
| CVE-2022-3715 | medium | — | 5.5 | 3y ago | Moderate: bash security update | |
| CVE-2022-41717 | medium | — | 5.5 | 3y ago | Moderate: podman security and bug fix update | |
| CVE-2022-27664 | medium | — | 5.5 | 3y ago | Moderate: toolbox security and bug fix update | |
| CVE-2022-31197 | medium | — | 5.5 | 3y ago | Moderate: postgresql-jdbc security update | |
| CVE-2022-2879 | medium | — | 5.5 | 3y ago | Moderate: Image Builder security, bug fix, and enhancement update | |
| CVE-2022-41715 | medium | — | 5.5 | 3y ago | Moderate: golang-github-cpuguy83-md2man security, bug fix, and enhancement update | |
| CVE-2022-3821 | medium | — | 5.5 | 3y ago | Moderate: systemd security update | |
| CVE-2022-40304 | medium | — | 5.5 | 3y ago | Moderate: libxml2 security update | |
| CVE-2022-42010 | medium | — | 5.5 | 3y ago | Moderate: dbus security update | |
| CVE-2022-2519 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |
| CVE-2022-43680 | medium | — | 5.5 | 3y ago | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | |
| CVE-2022-2520 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |
| CVE-2022-42011 | medium | — | 5.5 | 3y ago | Moderate: dbus security update | |
| CVE-2022-2058 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |
| CVE-2022-2880 | medium | — | 5.5 | 3y ago | Moderate: git-lfs security and bug fix update | |
| CVE-2022-26306 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |
| CVE-2022-2057 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |
| CVE-2022-42012 | medium | — | 5.5 | 3y ago | Moderate: dbus security update | |
| CVE-2022-3140 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |
| CVE-2022-32221 | medium | — | 5.5 | 3y ago | Moderate: curl security update | |
| CVE-2022-2953 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |
| CVE-2022-2521 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |
| CVE-2022-2056 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |
| CVE-2022-26307 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |
| CVE-2022-26305 | medium | — | 5.5 | 3y ago | Moderate: libreoffice security update | |
| CVE-2022-4144 | medium | — | 5.5 | 3y ago | Moderate: virt:rhel and virt-devel:rhel security and bug fix update | |
| CVE-2022-2867 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |
| CVE-2022-2868 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |
| CVE-2022-2869 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |
| CVE-2022-43548 | medium | — | 5.5 | 4y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |
| CVE-2022-3517 | medium | — | 5.5 | 4y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |
| CVE-2022-45442 | medium | — | 5.5 | 4y ago | Moderate: pcs security update | |
| CVE-2022-24999 | medium | — | 5.5 | 4y ago | Moderate: nodejs:14 security, bug fix, and enhancement update | |
| CVE-2022-49409 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ==============================================================… | |
| CVE-2022-49433 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent use of lock before it is initialized If there is a failure during probe of hfi1 before the sdma_map_lock is in… | |
| CVE-2022-49325 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with code breaking the assumption that tp->snd_cwn… | |
| CVE-2022-49413 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback jus… | |
| CVE-2022-49291 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against t… | |
| CVE-2022-49340 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ip_gre: test csum_start instead of transport header GRE with TUNNEL_CSUM will apply local checksum offload on CHECKSUM_PARTIAL pa… | |
| CVE-2022-49306 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: host: Stop setting the ACPI companion It is no longer needed. The sysdev pointer is now used when assigning the ACPI c… | |
| CVE-2022-30293 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security and bug fix update | |
| CVE-2022-49290 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 ("mac80211: mesh: Free ie data when leaving mesh") fix… | |
| CVE-2022-49378 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: sfc: fix considering that all channels have TX queues Normally, all channels have RX and TX queues, but this is not true if modpa… | |
| CVE-2022-49264 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard … | |
| CVE-2022-49292 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INT_MAX overflow at vmalloc() allocation that … | |
| CVE-2022-48921 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. This has been bisected to commit 4ef0c5c6b5ba ("k… | |
| CVE-2022-49238 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 Commit b4a0f54156ac ("ath11k: move peer delete after vd… | |
| CVE-2022-49411 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgrou… | |
| CVE-2022-27191 | medium | — | 5.5 | 4y ago | Moderate: buildah security and bug fix update | |
| CVE-2022-49348 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state The EXT4_FC_REPLAY bit in sbi->s_mount_state is used to ind… | |
| CVE-2022-26700 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security and bug fix update | |
| CVE-2022-49605 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: igc: Reinstate IGC_REMOVED logic and implement it properly The initially merged version of the igc driver code (via commit 146740… | |
| CVE-2022-1049 | medium | — | 5.5 | 4y ago | Moderate: pcs security, bug fix, and enhancement update | |
| CVE-2022-48912 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been release… | |
| CVE-2022-49228 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a btf decl_tag bug when tagging a function syzbot reported a btf decl_tag bug with stack trace below: general protect… | |
| CVE-2022-32792 | medium | — | 5.5 | 4y ago | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing malici… | |
| CVE-2022-2320 | medium | — | 5.5 | 4y ago | Moderate: xorg-x11-server security and bug fix update | |
| CVE-2022-49374 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value: ===================================================== … | |
| CVE-2022-0561 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |
| CVE-2022-1852 | medium | — | 5.5 | 4y ago | A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing a… | |
| CVE-2022-49334 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: Fix xarray node memory leak If xas_split_alloc() fails to allocate the necessary nodes to complete the xarray ent… | |
| CVE-2022-1353 | medium | — | 5.5 | 4y ago | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system cras… | |
| CVE-2022-1280 | medium | — | 5.5 | 4y ago | A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial… | |
| CVE-2022-1263 | medium | — | 5.5 | 4y ago | A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, cau… | |
| CVE-2022-1184 | medium | — | 5.5 | 4y ago | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of servi… | |
| CVE-2022-1304 | medium | — | 5.5 | 4y ago | Moderate: e2fsprogs security update | |
| CVE-2022-49398 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback The list_for_each_entry_safe() macro saves the current it… | |
| CVE-2022-27337 | medium | — | 5.5 | 4y ago | Moderate: poppler security and bug fix update | |
| CVE-2022-49347 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in ext4_writepages we got issue as follows: EXT4-fs error (device loop0): ext4_mb_generate_buddy:1141: group 0, … | |
| CVE-2022-23825 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |
| CVE-2022-1355 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |
| CVE-2022-23816 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |
| CVE-2022-0908 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |
| CVE-2022-0891 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |
| CVE-2022-0909 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |
| CVE-2022-32742 | medium | — | 5.5 | 4y ago | Moderate: samba security, bug fix, and enhancement update | |
| CVE-2022-0562 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |
| CVE-2022-28615 | medium | — | 5.5 | 4y ago | Moderate: httpd security, bug fix, and enhancement update | |
| CVE-2022-30556 | medium | — | 5.5 | 4y ago | Moderate: httpd security, bug fix, and enhancement update | |
| CVE-2022-29404 | medium | — | 5.5 | 4y ago | Moderate: httpd security, bug fix, and enhancement update | |
| CVE-2022-22719 | medium | — | 5.5 | 4y ago | Moderate: httpd security, bug fix, and enhancement update |