VIR Vulnerability Intelligence Relay

CVEs from 2022

6,002 normalized CVEs published or assigned in this year.

Total
6,002
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-30522 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchsuse+1
CVE-2022-0924 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+1
CVE-2022-49288 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation chan… redhatsusedebian
CVE-2022-1706 medium 5.5 4y ago Moderate: ignition security, bug fix, and enhancement update redhatsusedebianrockylinux+1
CVE-2022-22719 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatsuserockylinux
CVE-2022-1304 medium 5.5 4y ago Moderate: e2fsprogs security update redhatdebianrockylinuxsuse
CVE-2022-25255 medium 5.5 4y ago Moderate: qt5 security and bug fix update redhatsuserockylinuxdebian
CVE-2022-31813 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchrockylinux+1
CVE-2022-49374 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value: ===================================================== … redhatsusedebian
CVE-2022-49543 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() When test device recovery with below command, it has warning i… redhatsusedebian
CVE-2022-49093 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: skbuff: fix coalescing for page_pool fragment recycling Fix a use-after-free when using page_pool with page fragments. We encount… redhatsusedebian
CVE-2022-1353 medium 5.5 4y ago A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system cras… archalmalinuxredhatsuse+2
CVE-2022-32816 medium 5.5 4y ago The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may l… archredhatsusedebian
CVE-2022-1852 medium 5.5 4y ago A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing a… almalinuxredhatrockylinuxsuse+1
CVE-2022-49228 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a btf decl_tag bug when tagging a function syzbot reported a btf decl_tag bug with stack trace below: general protect… redhatsusedebian
CVE-2022-48912 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been release… redhatsusedebian
CVE-2022-49109 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in ceph_get_snapdir() The ceph_get_inode() will search for or insert a new inode into the hash … redhatsusedebian
CVE-2022-49306 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: host: Stop setting the ACPI companion It is no longer needed. The sysdev pointer is now used when assigning the ACPI c… redhatsusedebian
CVE-2022-36946 medium 5.5 4y ago nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one… archredhatalmalinuxrockylinux+2
CVE-2022-49107 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error Reset the last_readdir at the same time, and add a comm… redhatsusedebian
CVE-2022-2319 medium 5.5 4y ago Moderate: xorg-x11-server security and bug fix update redhatarchsuserockylinux+1
CVE-2022-49179 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq Our test report a UAF: [ 2073.019181] ==========================================================… redhatsusedebian
CVE-2022-28614 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchrockylinux+1
CVE-2022-49465 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: blk-throttle: Set BIO_THROTTLED when bio has been throttled 1.In current process, all bio will set the BIO_THROTTLED flag after _… redhatsusedebian
CVE-2022-49292 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INT_MAX overflow at vmalloc() allocation that … redhatsusedebian
CVE-2022-49291 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against t… redhatsusedebian
CVE-2022-49440 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Keep MSR[RI] set when calling RTAS RTAS runs in real mode (MSR[DR] and MSR[IR] unset) and in 32-bit big endian mode… redhatsusedebian
CVE-2022-50048 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: possible module reference underflow in error path dst->ops is set on when nft_expr_clone() fails, but modul… redhatsusedebian
CVE-2022-1354 medium 5.5 4y ago Moderate: libtiff security update archredhatdebian
CVE-2022-1263 medium 5.5 4y ago A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, cau… redhatsusedebian
CVE-2022-49129 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the reset_work has already been schedu… redhatsusedebian
CVE-2022-49691 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: erspan: do not assume transport header is always set Rewrite tests in ip6erspan_tunnel_xmit() and erspan_fb_xmit() to not assume … redhatsusedebian
CVE-2022-25309 medium 5.5 4y ago Moderate: fribidi security update redhatsuserockylinuxdebian
CVE-2022-49147 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, i… redhatsusedebian
CVE-2022-26377 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchsuse+1
CVE-2022-49253 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: media: usb: go7007: s2250-board: fix leak in probe() Call i2c_unregister_device(audio) on this error path. redhatsusedebian
CVE-2022-49297 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for m… redhatsusedebian
CVE-2022-25310 medium 5.5 4y ago Moderate: fribidi security update redhatsuserockylinuxdebian
CVE-2022-49330 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd syzbot got a new report [1] finally pointing to a very old bug, added in initia… redhatsusedebian
CVE-2022-2309 medium 5.5 4y ago Moderate: python-lxml security update redhatsusedebianrockylinux+1
CVE-2022-49332 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Calls to starget_to_rport() may return NULL. Add check for… redhatsusedebian
CVE-2022-49325 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with code breaking the assumption that tp->snd_cwn… redhatsusedebian
CVE-2022-49378 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sfc: fix considering that all channels have TX queues Normally, all channels have RX and TX queues, but this is not true if modpa… redhatsusedebian
CVE-2022-25308 medium 5.5 4y ago Moderate: fribidi security update redhatsuserockylinuxdebian
CVE-2022-27406 medium 5.5 4y ago Moderate: freetype security update redhatrockylinuxsusedebian
CVE-2022-28615 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchrockylinux+1
CVE-2022-22844 medium 5.5 4y ago Moderate: libtiff security update redhatarchrockylinuxsuse+1
CVE-2022-49057 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: block: null_blk: end timed out poll request When poll request is timed out, it is removed from the poll list, but not completed, … redhatsusedebian
CVE-2022-49404 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix potential integer multiplication overflow errors When multiplying of different types, an overflow is possible even… redhatsusedebian
CVE-2022-49408 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in parse_apply_sb_mount_options() If processing the on-disk mount options fails after any memory was alloca… redhatsusedebian
CVE-2022-49409 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ==============================================================… redhatsusedebian
CVE-2022-49066 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with act_mirred, skb_headlen… redhatsusedebian
CVE-2022-50115 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes We have sanity checks for byte controls and i… redhatsusedebian
CVE-2022-50178 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: 8852a: rfk: fix div 0 exception The DPK is a kind of RF calibration whose algorithm is to fine tune parameters and c… redhatsusedebian
CVE-2022-49615 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe f… redhatsusedebian
CVE-2022-49142 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta … redhatsusedebian
CVE-2022-49561 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set… redhatsusedebian
CVE-2022-49145 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, … redhatsusedebian
CVE-2022-49122 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and use… redhatsusedebian
CVE-2022-27337 medium 5.5 4y ago Moderate: poppler security and bug fix update archredhatrockylinuxsuse+1
CVE-2022-2850 medium 5.5 4y ago Moderate: 389-ds-base security, bug fix, and enhancement update debianredhatsuserockylinux
CVE-2022-49426 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3-sva: Fix mm use-after-free We currently call arm64_mm_context_put() without holding a reference to the mm, whic… redhatsusedebian
CVE-2022-0909 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+1
CVE-2022-49389 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails after tha… redhatsusedebian
CVE-2022-22721 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatrockylinuxsuse
CVE-2022-30067 medium 5.5 4y ago Moderate: gimp security and enhancement update redhatsusedebianrockylinux
CVE-2022-3107 medium 5.5 4y ago An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null p… redhatsusedebian
CVE-2022-1355 medium 5.5 4y ago Moderate: libtiff security update archredhatrockylinuxdebian
CVE-2022-32891 medium 5.5 4y ago The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. archredhatsusedebian
CVE-2022-0996 medium 5.5 4y ago Moderate: 389-ds-base security, bug fix, and enhancement update debianredhatsuserockylinux
CVE-2022-30698 medium 5.5 4y ago Moderate: unbound security, bug fix, and enhancement update redhatrockylinuxsusedebian
CVE-2022-3500 medium 5.5 4y ago Moderate: keylime security update redhatsuserockylinuxpython
CVE-2022-22662 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update archredhatrockylinuxsuse+1
CVE-2022-48921 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. This has been bisected to commit 4ef0c5c6b5ba ("k… redhatsusedebian
CVE-2022-0168 medium 5.5 4y ago A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_u… almalinuxredhatarchrockylinux+2
CVE-2022-0561 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+1
CVE-2022-49669 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race on unaccepted mptcp sockets When the listener socket owning the relevant request is closed, it frees the unaccept… redhatsusedebian
CVE-2022-26709 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-49130 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ath11k: mhi: use mhi_sync_power_up() If amss.bin was missing ath11k would crash during 'rmmod ath11k_pci'. The reason for that wa… redhatsusedebian
CVE-2022-22629 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatrockylinuxsusedebian
CVE-2022-28693 medium 5.5 4y ago RHSA-2022:8267: kernel security, bug fix, and enhancement update (Moderate) redhatsuse
CVE-2022-49229 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ptp: unregister virtual clocks when unregistering physical clock. When unregistering a physical clock which has some virtual cloc… redhatsusedebian
CVE-2022-49259 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: block: don't delete queue kobject before its children kobjects aren't supposed to be deleted before their child kobjects are dele… redhatsusedebian
CVE-2022-49605 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: igc: Reinstate IGC_REMOVED logic and implement it properly The initially merged version of the igc driver code (via commit 146740… redhatsusedebian
CVE-2022-48765 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC The below warning is splatting during guest reboot. ------------[ cu… redhatsusedebian
CVE-2022-49268 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM Do not call snd_dma_free_pages() when snd_dma_alloc_pages() returns -ENOME… redhatsusedebian
CVE-2022-48905 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. redhatsusedebian
CVE-2022-2320 medium 5.5 4y ago Moderate: xorg-x11-server security and bug fix update redhatarchsuserockylinux+1
CVE-2022-49732 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 ("sock: Introduce sk->sk_prot->psock_update_sk_prot()") has move… redhatsusedebian
CVE-2022-49264 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard … redhatsusedebian
CVE-2022-49673 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5_add_disks There's a KASAN warning in raid5_add_disk when running the LVM testsuite. The warni… redhatsusedebian
CVE-2022-49247 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED If the callback 'start_streaming' fails, then all… redhatsusedebian
CVE-2022-48918 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses a… redhatsusedebian
CVE-2022-49235 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. … redhatsusedebian
CVE-2022-49671 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix memory leak in ib_cm_insert_listen cm_alloc_id_priv() allocates resource for the cm_id_priv. When cm_init_listen() f… redhatsusedebian
CVE-2022-49663 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() Recently added debug in commit f9aefd6b2aa3 ("net: warn if ma… redhatsusedebian
CVE-2022-49664 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipc_node_create Shuang Li reported a NULL pointer dereference crash: [] BUG: kernel NULL … redhatsusedebian
CVE-2022-48786 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsock_connect() expects that the socket could al… redhatsusedebian
CVE-2022-26716 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-49398 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback The list_for_each_entry_safe() macro saves the current it… redhatsusedebian