VIR Vulnerability Intelligence Relay

CVEs from 2022

6,001 normalized CVEs published or assigned in this year.

Total
6,001
critical
critical 88
high
high 1,239
medium
medium 887
low
low 24
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-2625 medium 5.5 3y ago Moderate: postgresql security update redhatrockylinuxsusedebian
CVE-2022-41862 medium 5.5 3y ago Moderate: postgresql security update redhatrockylinuxsusedebian
CVE-2022-4899 medium 5.5 3y ago Moderate: mysql security update redhatrockylinuxsusedebian+1
CVE-2022-48303 medium 5.5 3y ago Moderate: tar security update redhatrockylinuxsusedebian
CVE-2022-45061 medium 5.5 3y ago Moderate: python39:3.9 and python39-devel:3.9 security update rockylinuxredhatsusedebian
CVE-2022-40897 medium 5.5 3y ago Moderate: python-setuptools security update redhatrockylinuxsusedebian+1
CVE-2022-47024 medium 5.5 3y ago Moderate: vim security update archredhatsuserockylinux+2
CVE-2022-31631 medium 5.5 3y ago Moderate: php:8.1 security update rockylinuxredhatsusedebian+1
CVE-2022-45873 medium 5.5 3y ago Moderate: systemd security update redhatsuserockylinuxdebian+1
CVE-2022-31629 medium 5.5 3y ago Moderate: php:8.1 security update rockylinuxredhatdebianalmalinux
CVE-2022-31630 medium 5.5 3y ago Moderate: php:8.1 security update rockylinuxredhatsusedebian+1
CVE-2022-31628 medium 5.5 3y ago Moderate: php:8.1 security update rockylinuxredhatsusedebian+1
CVE-2022-4415 medium 5.5 3y ago Moderate: systemd security update redhatrockylinuxsusedebian+1
CVE-2022-36760 medium 5.5 3y ago Moderate: httpd security and bug fix update archdebianredhatrockylinux+2
CVE-2022-37436 medium 5.5 3y ago Moderate: httpd security and bug fix update archdebianredhatrockylinux+2
CVE-2022-4450 medium 5.5 3y ago Moderate: openssl security and bug fix update redhatrockylinuxsusedebian+2
CVE-2022-4304 medium 5.5 3y ago Moderate: openssl security and bug fix update redhatrockylinuxsusedebian+2
CVE-2022-4203 medium 5.5 3y ago Moderate: openssl security and bug fix update redhatsuserockylinuxdebian+2
CVE-2022-3821 medium 5.5 3y ago Moderate: systemd security update redhatsuserockylinuxdebian
CVE-2022-42010 medium 5.5 3y ago Moderate: dbus security update archredhatdebianrockylinux+1
CVE-2022-31197 medium 5.5 3y ago Moderate: postgresql-jdbc security update redhatsusedebianrockylinux+2
CVE-2022-42011 medium 5.5 3y ago Moderate: dbus security update archredhatdebianrockylinux+1
CVE-2022-41717 medium 5.5 3y ago Moderate: podman security and bug fix update rockylinuxredhatsusedebian+2
CVE-2022-27664 medium 5.5 3y ago Moderate: toolbox security and bug fix update rockylinuxredhatsusedebian+2
CVE-2022-43680 medium 5.5 3y ago In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. redhatdebianrockylinuxsuse
CVE-2022-2056 medium 5.5 3y ago Moderate: libtiff security update archredhatrockylinuxsuse+2
CVE-2022-3715 medium 5.5 3y ago Moderate: bash security update redhatdebianrockylinux
CVE-2022-40304 medium 5.5 3y ago Moderate: libxml2 security update redhatrockylinuxsusedebian
CVE-2022-2057 medium 5.5 3y ago Moderate: libtiff security update archredhatrockylinuxsuse+2
CVE-2022-40303 medium 5.5 3y ago Moderate: libxml2 security update redhatrockylinuxsusedebian
CVE-2022-2058 medium 5.5 3y ago Moderate: libtiff security update archredhatalmalinuxrockylinux+2
CVE-2022-2879 medium 5.5 3y ago Moderate: Image Builder security, bug fix, and enhancement update redhatrockylinuxsusedebian+1
CVE-2022-26305 medium 5.5 3y ago Moderate: libreoffice security update archredhatrockylinuxsuse+2
CVE-2022-32221 medium 5.5 3y ago Moderate: curl security update redhatdebiansuserockylinux+1
CVE-2022-2953 medium 5.5 3y ago Moderate: libtiff security update archredhatalmalinuxrockylinux+2
CVE-2022-42012 medium 5.5 3y ago Moderate: dbus security update archredhatdebianrockylinux+1
CVE-2022-2880 medium 5.5 3y ago Moderate: git-lfs security and bug fix update redhatrockylinuxsusedebian+1
CVE-2022-2519 medium 5.5 3y ago Moderate: libtiff security update archredhatalmalinuxrockylinux+2
CVE-2022-2521 medium 5.5 3y ago Moderate: libtiff security update archredhatalmalinuxrockylinux+2
CVE-2022-2520 medium 5.5 3y ago Moderate: libtiff security update archredhatalmalinuxrockylinux+2
CVE-2022-26307 medium 5.5 3y ago Moderate: libreoffice security update archredhatrockylinuxsuse+2
CVE-2022-41715 medium 5.5 3y ago Moderate: golang-github-cpuguy83-md2man security, bug fix, and enhancement update redhatalmalinuxrockylinuxsuse+2
CVE-2022-3140 medium 5.5 3y ago Moderate: libreoffice security update archredhatrockylinuxdebian+1
CVE-2022-26306 medium 5.5 3y ago Moderate: libreoffice security update archredhatrockylinuxsuse+2
CVE-2022-2867 medium 5.5 3y ago Moderate: libtiff security update archrockylinuxsusedebian
CVE-2022-2869 medium 5.5 3y ago Moderate: libtiff security update archrockylinuxsusedebian
CVE-2022-2868 medium 5.5 3y ago Moderate: libtiff security update archrockylinuxsusedebian
CVE-2022-4144 medium 5.5 3y ago Moderate: virt:rhel and virt-devel:rhel security and bug fix update rockylinuxsusedebian
CVE-2022-3517 medium 5.5 4y ago Moderate: nodejs:18 security, bug fix, and enhancement update redhatrockylinuxdebianalmalinux+1
CVE-2022-43548 medium 5.5 4y ago Moderate: nodejs:18 security, bug fix, and enhancement update redhatrockylinuxsusedebian+1
CVE-2022-45442 medium 5.5 4y ago Moderate: pcs security update redhatrockylinuxsusedebian+1
CVE-2022-24999 medium 5.5 4y ago Moderate: nodejs:14 security, bug fix, and enhancement update rockylinuxdebiannpm
CVE-2022-32891 medium 5.5 4y ago The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. archredhatsusedebian
CVE-2022-0909 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-0924 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-0908 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-0891 medium 5.5 4y ago Moderate: libtiff security update redhatarchrockylinuxsuse+2
CVE-2022-22662 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update archredhatrockylinuxsuse+1
CVE-2022-0865 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-27406 medium 5.5 4y ago Moderate: freetype security update redhatrockylinuxsusedebian
CVE-2022-2850 medium 5.5 4y ago Moderate: 389-ds-base security, bug fix, and enhancement update debianredhatsuserockylinux
CVE-2022-22628 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatrockylinuxsusedebian
CVE-2022-49543 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() When test device recovery with below command, it has warning i… redhatsusedebian
CVE-2022-49188 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region The device_node pointer is returned by of_parse_phandle() o… redhatsusedebian
CVE-2022-49215 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. Th… redhatsusedebian
CVE-2022-1998 medium 5.5 4y ago A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this … redhatalmalinuxsusedebian
CVE-2022-20368 medium 5.5 4y ago Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel almalinuxredhatrockylinuxsuse+1
CVE-2022-49538 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_rep… redhatsusedebian
CVE-2022-49545 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a p… redhatsusedebian
CVE-2022-21123 medium 5.5 4y ago Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. almalinuxredhatsuserockylinux+1
CVE-2022-21125 medium 5.5 4y ago Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. almalinuxredhatsuserockylinux+1
CVE-2022-21166 medium 5.5 4y ago Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. redhatalmalinuxsuserockylinux+1
CVE-2022-49625 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efx_ef10_try_update_nic_stats_… redhatsusedebian
CVE-2022-49626 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sfc: fix use after free when disabling sriov Use after free is detected by kfence when disabling sriov. What was read after being… redhatsusedebian
CVE-2022-49228 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a btf decl_tag bug when tagging a function syzbot reported a btf decl_tag bug with stack trace below: general protect… redhatsusedebian
CVE-2022-21499 medium 5.5 4y ago KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that t… archalmalinuxredhatrockylinux+2
CVE-2022-49691 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: erspan: do not assume transport header is always set Rewrite tests in ip6erspan_tunnel_xmit() and erspan_fb_xmit() to not assume … redhatsusedebian
CVE-2022-22844 medium 5.5 4y ago Moderate: libtiff security update redhatarchrockylinuxsuse+2
CVE-2022-49695 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: igb: fix a use-after-free issue in igb_clean_tx_ring Fix the following use-after-free bug in igb_clean_tx_ring routine when the N… redhatsusedebian
CVE-2022-50000 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following se… redhatsusedebian
CVE-2022-49697 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix request_sock leak in sk lookup helpers A customer reported a request_socket leak in a Calico cloud environment. We found… redhatsusedebian
CVE-2022-49698 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user context, ie. local_out… redhatsusedebian
CVE-2022-49732 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 ("sock: Introduce sk->sk_prot->psock_update_sk_prot()") has move… redhatsusedebian
CVE-2022-48912 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been release… redhatsusedebian
CVE-2022-26710 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update archredhatrockylinuxsuse+1
CVE-2022-28893 medium 5.5 4y ago The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. redhatalmalinuxrockylinuxsuse+1
CVE-2022-2639 medium 5.5 4y ago An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_… redhatalmalinuxrockylinuxsuse+1
CVE-2022-0996 medium 5.5 4y ago Moderate: 389-ds-base security, bug fix, and enhancement update debianredhatsuserockylinux
CVE-2022-28390 medium 5.5 4y ago ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. redhatalmalinuxarchrockylinux+2
CVE-2022-29900 medium 5.5 4y ago Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. redhatalmalinuxsuserockylinux+1
CVE-2022-29901 medium 5.5 4y ago Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged use… redhatalmalinuxsuserockylinux+1
CVE-2022-50085 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert… redhatsusedebian
CVE-2022-36946 medium 5.5 4y ago nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one… archredhatalmalinuxrockylinux+2
CVE-2022-50084 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and ru… redhatsusedebian
CVE-2022-39190 medium 5.5 4y ago An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. redhatalmalinuxsusedebian
CVE-2022-50048 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: possible module reference underflow in error path dst->ops is set on when nft_expr_clone() fails, but modul… redhatsusedebian
CVE-2022-30550 medium 5.5 4y ago Moderate: dovecot security and enhancement update archredhatdebianrockylinux+2
CVE-2022-1355 medium 5.5 4y ago Moderate: libtiff security update archredhatrockylinuxdebian+1
CVE-2022-1354 medium 5.5 4y ago Moderate: libtiff security update archredhatdebianalmalinux
CVE-2022-50001 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tproxy: restrict to prerouting hook TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this. Thi… redhatsusedebian