CVEs from 2022
Total
5,367
critical
critical 88
high
high 1,225
medium
medium 948
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-49495 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check return value after calling platform_get_resource_byname() It will cause null-ptr-deref if platform_get_resour… | |||
| CVE-2022-49496 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko If the driver support subdev mode, the parameter "dev-… | |||
| CVE-2022-49497 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: remove two BUG() from skb_checksum_help() I have a syzbot report that managed to get a crash in skb_checksum_help() If syzb… | |||
| CVE-2022-49498 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Check for null pointer of pointer substream before dereferencing it Pointer substream is being dereferenced on the ass… | |||
| CVE-2022-49499 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null pointer dereferences without iommu Check if 'aspace' is set before using it as it will stay null without IOMMU,… | |||
| CVE-2022-49500 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wl1251: dynamically allocate memory used for DMA With introduction of vmap'ed stacks, stack parameters can no longer be used for … | |||
| CVE-2022-49501 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregister_netdev() before unbind() again Commit 2c9d6c2b871d ("usbnet: run unbind() before unregister_netdev()") sou… | |||
| CVE-2022-49502 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: rga: fix possible memory leak in rga_probe rga->m2m_dev needs to be freed when rga_probe fails. | |||
| CVE-2022-49503 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix The "rxstatus->rs_keyix" eventually gets passed to … | |||
| CVE-2022-49506 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add vblank register/unregister callback functions We encountered a kernel panic issue that callback data will be NU… | |||
| CVE-2022-49132 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ath11k: pci: fix crash on suspend if board file is not found Mario reported that the kernel was crashing on suspend if ath11k was… | |||
| CVE-2022-49507 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: regulator: da9121: Fix uninit-value in da9121_assign_chip_model() KASAN report slab-out-of-bounds in __regmap_init as follows: B… | |||
| CVE-2022-49510 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/omap: fix NULL but dereferenced coccicheck error Fix the following coccicheck warning: ./drivers/gpu/drm/omapdrm/omap_overlay… | |||
| CVE-2022-49509 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix kernel oops when removing module When removing the max9286 module we get a kernel oops: Unable to handl… | |||
| CVE-2022-3887 | unknown | — | — | — | Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-49512 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: denali: Use managed device resources All of the resources used by this driver has managed interfaces, so use them. … | |||
| CVE-2022-49514 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak in the err… | |||
| CVE-2022-49516 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: always check VF VSI pointer values The ice_get_vf_vsi function can return NULL in some cases, such as if handling messages d… | |||
| CVE-2022-49517 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe This node pointer is returned by of_parse_phandle() with r… | |||
| CVE-2022-49518 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload It is possible to craft a topology where sof_get_control… | |||
| CVE-2022-49521 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() If no handler is found in lpfc_complete_unsol_iocb() to match the rc… | |||
| CVE-2022-49526 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: md/bitmap: don't set sb values if can't pass sanity check If bitmap area contains invalid data, kernel will crash then mdadm trig… | |||
| CVE-2022-49522 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mmc: jz4740: Apply DMA engine limits to maximum segment size Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci… | |||
| CVE-2022-49523 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ath11k: disable spectral scan during spectral deinit When ath11k modules are removed using rmmod with spectral scan enabled, cras… | |||
| CVE-2022-49524 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: Fix the error handling in cx23885_initdev() When the driver fails to call the dma_set_mask(), the driver wil… | |||
| CVE-2022-49525 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix the warning when removing the module When removing the module, we will get the following warning: [ 14.746… | |||
| CVE-2022-49527 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venus_probe fails at pm_runtime_put_sync the error handling first calls hf… | |||
| CVE-2022-49528 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: i2c: dw9714: Disable the regulator when the driver fails to probe When the driver fails to probe, we will get the followin… | |||
| CVE-2022-49530 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix double free in si_parse_power_table() In function si_parse_power_table(), array adev->pm.dpm.ps and its member is… | |||
| CVE-2022-49532 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This … | |||
| CVE-2022-49533 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ath11k: Change max no of active probe SSID and BSSID to fw capability The maximum number of SSIDs in a for active probe requests … | |||
| CVE-2022-49535 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-z… | |||
| CVE-2022-49542 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() In an attempt to log message 0126 with LOG_TRACE_EVENT, the … | |||
| CVE-2022-49554 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage free worker tries to lock a zspag… | |||
| CVE-2022-49540 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix race in schedule and flush work While booting secondary CPUs, cpus_read_[lock/unlock] is not keeping online cpumas… | |||
| CVE-2022-49544 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before d… | |||
| CVE-2022-50253 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: make sure skb->len != 0 when redirecting to a tunneling device syzkaller managed to trigger another case where skb->len == 0… | |||
| CVE-2022-50254 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: ov8865: Fix an error handling path in ov8865_probe() The commit in Fixes also introduced some new error handling which sho… | |||
| CVE-2022-3315 | unknown | — | — | — | Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2022-50261 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() With clang's kernel control flow integrity (kCFI, CONFIG_CF… | |||
| CVE-2022-1494 | unknown | — | — | — | Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. | |||
| CVE-2022-0804 | unknown | — | — | — | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2022-50273 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on destination blkaddr during recovery As Wenqing Liu reported in bugzilla: https://bugzilla.kernel… | |||
| CVE-2022-50264 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: clk: socfpga: Fix memory leak in socfpga_gate_init() Free @socfpga_clk and @ops on the error path to avoid memory leak issue. | |||
| CVE-2022-48781 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - get rid of alg_memory_allocated alg_memory_allocated does not seem to be really used. alg_proto does have a .me… | |||
| CVE-2022-0460 | unknown | — | — | — | Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-50266 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix check for probe enabled in kill_kprobe() In kill_kprobe(), the check whether disarm_kprobe_ftrace() needs to be call… | |||
| CVE-2022-50267 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_pci: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memor… | |||
| CVE-2022-48634 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinloc… | |||
| CVE-2022-4427 | unknown | — | — | — | Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1,… | |||
| CVE-2022-4991 | unknown | — | — | 23h ago | Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that use… | |||
| CVE-2022-49957 | unknown | — | — | 1y ago | In the Linux kernel, the following vulnerability has been resolved: kcm: fix strp_init() order and cleanup strp_init() is called just a few lines above this csk->sk_user_data check, it also initial… | |||
| CVE-2022-41137 | unknown | — | — | 2y ago | Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore | |||
| CVE-2022-23553 | unknown | — | — | 2y ago | Alpine allows URL access filter bypass | |||
| CVE-2022-23554 | unknown | — | — | 2y ago | Alpine allows Authentication Filter bypass | |||
| CVE-2022-48833 | unknown | — | — | 2y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: skip reserved bytes warning on unmount after log cleanup failure After the recent changes made by commit c2e39305299f01 ("… | |||
| CVE-2022-29946 | unknown | — | — | 2y ago | NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one sc… | |||
| CVE-2022-30636 | unknown | — | — | 2y ago | httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a di… | |||
| CVE-2022-50377 | high | — | — | 2y ago | RHSA-2024:2394: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-47894 | unknown | — | — | 2y ago | Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE | |||
| CVE-2022-4963 | unknown | — | — | 2y ago | SQL injection in Folio Spring Module Core | |||
| CVE-2022-34321 | unknown | — | — | 2y ago | Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint | |||
| CVE-2022-45320 | unknown | — | — | 2y ago | Privilege escalation in Liferay Portal | |||
| CVE-2022-3328 | unknown | — | — | 2y ago | Race condition in snap-confine's must_mkdir_and_open_with_perms() | |||
| CVE-2022-45135 | unknown | — | — | 3y ago | Apache Cocoon SQL Injection vulnerability | |||
| CVE-2022-2232 | unknown | — | — | 3y ago | Keycloak vulnerable to LDAP Injection on UsernameForm Login | |||
| CVE-2022-41678 | unknown | — | — | 3y ago | Apache ActiveMQ Deserialization of Untrusted Data vulnerability | |||
| CVE-2022-46337 | unknown | — | — | 3y ago | Apache Derby: LDAP injection vulnerability in authenticator | |||
| CVE-2022-4245 | unknown | — | — | 3y ago | codehaus-plexus vulnerable to XML injection | |||
| CVE-2022-4244 | unknown | — | — | 3y ago | plexus-codehaus vulnerable to directory traversal | |||
| CVE-2022-28357 | unknown | — | — | 3y ago | NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account. | |||
| CVE-2022-1415 | unknown | — | — | 3y ago | Drools Core Deserialization of Untrusted Data vulnerability | |||
| CVE-2022-44729 | unknown | — | — | 3y ago | Apache XML Graphics Batik Server-Side Request Forgery vulnerability | |||
| CVE-2022-46751 | unknown | — | — | 3y ago | Apache Ivy External Entity Reference vulnerability | |||
| CVE-2022-41401 | unknown | — | — | 3y ago | OpenRefine Server-Side Request Forgery vulnerability | |||
| CVE-2022-40896 | unknown | — | — | 3y ago | A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. | |||
| CVE-2022-42009 | unknown | — | — | 3y ago | Apache Ambari Expression Language Injection vulnerability | |||
| CVE-2022-45855 | unknown | — | — | 3y ago | Apache Ambari Expression Language Injection vulnerability | |||
| CVE-2022-45048 | unknown | — | — | 3y ago | Apache Ranger code execution vulnerability in policy expressions | |||
| CVE-2022-46365 | unknown | — | — | 3y ago | Apache StreamPark Improper Input Validation vulnerability | |||
| CVE-2022-45802 | unknown | — | — | 3y ago | Apache StreamPark Path Traversal vulnerability | |||
| CVE-2022-24697 | unknown | — | — | 3y ago | Apache Kylin vulnerable to remote code execution | |||
| CVE-2022-4361 | unknown | — | — | 3y ago | Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC | |||
| CVE-2022-46907 | unknown | — | — | 3y ago | Apache JSPWiki vulnerable to cross-site scripting on several plugins | |||
| CVE-2022-47937 | unknown | — | — | 3y ago | Apache Sling Commons JSON bundle vulnerable to Improper Input Validation | |||
| CVE-2022-45801 | unknown | — | — | 3y ago | Apache StreamPark LDAP Injection vulnerability | |||
| CVE-2022-45064 | unknown | — | — | 3y ago | Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation | |||
| CVE-2022-41918 | unknown | — | — | 3y ago | OpenSearch has issue with fine-grained access control of indices backing data streams | |||
| CVE-2022-3277 | unknown | — | — | 3y ago | An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates re… | |||
| CVE-2022-1274 | unknown | — | — | 3y ago | HTML Injection in Keycloak Admin REST API | |||
| CVE-2022-4137 | unknown | — | — | 3y ago | Keycloak Cross-site Scripting on OpenID connect login service | |||
| CVE-2022-1438 | unknown | — | — | 3y ago | Keycloak vulnerable to Cross-site Scripting | |||
| CVE-2022-39228 | unknown | — | — | 3y ago | vantage6 vulnerable to Observable Response Discrepancy | |||
| CVE-2022-4492 | unknown | — | — | 3y ago | Undertow client not checking server identity presented by server certificate in https connections | |||
| CVE-2022-42735 | unknown | — | — | 3y ago | Privilege escalation in Apache ShenYu | |||
| CVE-2022-4903 | unknown | — | — | 3y ago | CodenameOne Pending Intent vulnerability | |||
| CVE-2022-24894 | unknown | — | — | 3y ago | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers… | |||
| CVE-2022-24895 | unknown | — | — | 3y ago | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the… | |||
| CVE-2022-44644 | unknown | — | — | 3y ago | Apache Linkis vulnerable to Exposure of Sensitive Information | |||
| CVE-2022-44645 | unknown | — | — | 3y ago | Apache Linkis contains Deserialization of Untrusted Data |