VIR Vulnerability Intelligence Relay

CVEs from 2022

5,371 normalized CVEs published or assigned in this year.

Total
5,371
critical
critical 92
high
high 1,228
medium
medium 950
low
low 24
% Critical
1.7%
% with KEV
2.4%
% with exploit
3.3%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-41928 unknown 4y ago Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
CVE-2022-41927 unknown 4y ago Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
CVE-2022-45470 unknown 4y ago Cross-site Scripting in Apache Hama
CVE-2022-45146 unknown 4y ago Garbage collection issue in BC-FJA in Java 13 and later
CVE-2022-4065 unknown 4y ago TestNG is vulnerable to Path Traversal
CVE-2022-43183 unknown 4y ago XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
CVE-2022-45384 unknown 4y ago Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
CVE-2022-45401 unknown 4y ago Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
CVE-2022-45392 unknown 4y ago Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin
CVE-2022-45397 unknown 4y ago XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin
CVE-2022-45400 unknown 4y ago XXE vulnerability in Jenkins JAPEX Plugin
CVE-2022-45394 unknown 4y ago Missing permission check in Jenkins Delete log Plugin
CVE-2022-45395 unknown 4y ago XML External Entity Reference in Jenkins CCCC Plugin
CVE-2022-45388 unknown 4y ago Jenkins Config Rotator Plugin vulnerable to path traversal
CVE-2022-45390 unknown 4y ago Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs
CVE-2022-45391 unknown 4y ago Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally
CVE-2022-45389 unknown 4y ago Missing Authorization in Jenkins XP-Dev Plugin
CVE-2022-45399 unknown 4y ago Jenkins Cluster Statistics Plugin Missing Authorization vulnerability
CVE-2022-45387 unknown 4y ago Jenkins BART Plugin vulnerable to cross-site scripting (XSS)
CVE-2022-45385 unknown 4y ago Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin
CVE-2022-45393 unknown 4y ago Cross-Site Request Forgery in Jenkins Delete log Plugin
CVE-2022-45386 unknown 4y ago XML External Entity Reference in Jenkins Violations Plugin
CVE-2022-45396 unknown 4y ago XXE vulnerability on agents in Jenkins SourceMonitor Plugin
CVE-2022-38666 unknown 4y ago SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
CVE-2022-45379 unknown 4y ago Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
CVE-2022-45382 unknown 4y ago Cross-site Scripting in Jenkins Naginator Plugin
CVE-2022-45380 unknown 4y ago Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
CVE-2022-45383 unknown 4y ago Incorrect permission checks in Jenkins Support Core Plugin
CVE-2022-45381 unknown 4y ago Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
CVE-2022-40309 unknown 4y ago Apache Archiva subject to arbitrary directory deletion by users.
CVE-2022-40308 unknown 4y ago Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
CVE-2022-42127 unknown 4y ago Incorrect Default Permissions in Liferay Portal
CVE-2022-42120 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module
CVE-2022-42121 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module
CVE-2022-42118 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module
CVE-2022-42126 unknown 4y ago Missing permissions check in Liferay Portal
CVE-2022-42111 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module
CVE-2022-42124 unknown 4y ago Inefficient Regular Expression Complexity in Liferay Portal
CVE-2022-42123 unknown 4y ago Path Traversal in Liferay Portal
CVE-2022-42130 unknown 4y ago Incorrect Default Permissions in Liferay Portal
CVE-2022-42110 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module
CVE-2022-42119 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module
CVE-2022-42122 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module
CVE-2022-42131 unknown 4y ago Improper Certificate Validation in Liferay Portal
CVE-2022-42128 unknown 4y ago Incorrect Default Permissions in Liferay Portal
CVE-2022-42132 unknown 4y ago Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL
CVE-2022-42129 unknown 4y ago Authorization Bypass in Liferay Portal
CVE-2022-42125 unknown 4y ago Path Traversal in Liferay Portal
CVE-2022-45378 unknown 4y ago Apache SOAP contains unauthenticated RPCRouterServlet
CVE-2022-45136 unknown 4y ago Apache Jena vulnerable to Deserialization of Untrusted Data
CVE-2022-3952 unknown 4y ago ManyDesigns Portofino subject to creation of insecure temporary file
CVE-2022-41854 unknown 4y ago Snakeyaml vulnerable to Stack overflow leading to denial of service
CVE-2022-36022 unknown 4y ago Use of unclaimed s3 bucket in tests and examples
CVE-2022-42964 unknown 4y ago An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method
CVE-2022-44244 unknown 4y ago Lin CMS vulnerable to Improper Authentication
CVE-2022-45129 unknown 4y ago Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF
CVE-2022-39368 unknown 4y ago Failing DTLS handshakes may cause throttling to block processing of records
CVE-2022-37866 unknown 4y ago Apache Ivy vulnerable to path traversal
CVE-2022-37865 unknown 4y ago Apache Ivy does not verify target path when extracting the archive
CVE-2022-39387 unknown 4y ago XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider
CVE-2022-32287 unknown 4y ago Apache UIMA Path Traversal vulnerability
CVE-2022-43670 unknown 4y ago Apache Sling App CMS vulnerable to Cross-site Scripting
CVE-2022-34662 unknown 4y ago Apache DolphinScheduler vulnerable to Path Traversal
CVE-2022-31777 unknown 4y ago Apache Spark vulnerable to Log Injection
CVE-2022-31690 unknown 4y ago spring-security-oauth2-client vulnerable to Privilege Escalation
CVE-2022-31692 unknown 4y ago Spring Security authorization rules can be bypassed via forward or include dispatcher types
CVE-2022-42252 unknown 4y ago If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default f…
CVE-2022-26884 unknown 4y ago Apache DolphinScheduler vulnerable to Path Traversal
CVE-2022-43766 unknown 4y ago Apache IoTDB subject to ReDOS with Java 8
CVE-2022-42468 unknown 4y ago Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
CVE-2022-39944 unknown 4y ago Apache Linkis subject to Remote Code Execution via deserialization
CVE-2022-39327 unknown 4y ago Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting ma…
CVE-2022-42890 unknown 4y ago Untrusted code execution in Apache XML Graphics Batik
CVE-2022-41704 unknown 4y ago Apache XML Graphics Batik vulnerable to code execution via SVG.
CVE-2022-34870 unknown 4y ago Apache Geode vulnerable to Cross-Site Scripting
CVE-2022-40084 unknown 4y ago OpenCRX vulnerable to password enumeration via error messages in password reset
CVE-2022-39259 unknown 4y ago Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack
CVE-2022-31684 unknown 4y ago Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens
CVE-2022-43429 unknown 4y ago Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure
CVE-2022-43433 unknown 4y ago Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin
CVE-2022-43411 unknown 4y ago Non-constant time webhook token comparison in Jenkins GitLab Plugin
CVE-2022-43421 unknown 4y ago Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value
CVE-2022-43414 unknown 4y ago Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure
CVE-2022-43425 unknown 4y ago Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin
CVE-2022-43407 unknown 4y ago CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin
CVE-2022-43423 unknown 4y ago Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin
CVE-2022-43413 unknown 4y ago Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins
CVE-2022-43409 unknown 4y ago Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
CVE-2022-43432 unknown 4y ago Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin
CVE-2022-43424 unknown 4y ago Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin
CVE-2022-43431 unknown 4y ago Jenkins Compuware Strobe Measurement Plugin Missing Authorization vulnerability
CVE-2022-43412 unknown 4y ago Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
CVE-2022-43428 unknown 4y ago Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin
CVE-2022-43402 unknown 4y ago Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution
CVE-2022-43403 unknown 4y ago Jenkins Script Security Plugin sandbox bypass vulnerability
CVE-2022-43406 unknown 4y ago Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
CVE-2022-43405 unknown 4y ago Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin
CVE-2022-43401 unknown 4y ago Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
CVE-2022-43404 unknown 4y ago Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
CVE-2022-43418 unknown 4y ago CSRF vulnerability in Jenkins Katalon Plugin allows capturing credentials