VIR Vulnerability Intelligence Relay

CVEs from 2022

6,001 normalized CVEs published or assigned in this year.

Total
6,001
critical
critical 88
high
high 1,239
medium
medium 887
low
low 24
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-20572 medium 5.5 4y ago In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution pri… redhatsusedebian
CVE-2022-21123 medium 5.5 4y ago Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. almalinuxredhatsuserockylinux+1
CVE-2022-24448 medium 5.5 4y ago An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. … redhatalmalinuxrockylinuxsuse+1
CVE-2022-26710 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update archredhatrockylinuxsuse+1
CVE-2022-0996 medium 5.5 4y ago Moderate: 389-ds-base security, bug fix, and enhancement update debianredhatsuserockylinux
CVE-2022-0396 medium 5.5 4y ago Moderate: bind security update redhatdebianarchsuse+1
CVE-2022-50084 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and ru… redhatsusedebian
CVE-2022-50085 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert… redhatsusedebian
CVE-2022-1348 medium 5.5 4y ago Moderate: logrotate security update redhatsuserockylinuxdebian
CVE-2022-32816 medium 5.5 4y ago The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may l… archredhatsusedebian
CVE-2022-23816 medium 5.5 4y ago Moderate: kernel security, bug fix, and enhancement update redhatalmalinuxsuserockylinux
CVE-2022-0909 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-0924 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-0908 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-49093 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: skbuff: fix coalescing for page_pool fragment recycling Fix a use-after-free when using page_pool with page fragments. We encount… redhatsusedebian
CVE-2022-0891 medium 5.5 4y ago Moderate: libtiff security update redhatarchrockylinuxsuse+2
CVE-2022-0865 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-0562 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-27337 medium 5.5 4y ago Moderate: poppler security and bug fix update archredhatrockylinuxsuse+2
CVE-2022-0561 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-31813 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchrockylinux+2
CVE-2022-30556 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchrockylinux+2
CVE-2022-30522 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchsuse+2
CVE-2022-28615 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchrockylinux+2
CVE-2022-28614 medium 5.5 4y ago Moderate: httpd security, bug fix, and enhancement update debianredhatarchrockylinux+2
CVE-2022-49559 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a trip… redhatsusedebian
CVE-2022-49561 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set… redhatsusedebian
CVE-2022-26716 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-49584 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero It is possible to disable VFs while the PF driver is proces… redhatsusedebian
CVE-2022-49615 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe f… redhatsusedebian
CVE-2022-30067 medium 5.5 4y ago Moderate: gimp security and enhancement update redhatsusedebianrockylinux
CVE-2022-49664 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipc_node_create Shuang Li reported a NULL pointer dereference crash: [] BUG: kernel NULL … redhatsusedebian
CVE-2022-49663 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() Recently added debug in commit f9aefd6b2aa3 ("net: warn if ma… redhatsusedebian
CVE-2022-49691 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: erspan: do not assume transport header is always set Rewrite tests in ip6erspan_tunnel_xmit() and erspan_fb_xmit() to not assume … redhatsusedebian
CVE-2022-49732 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 ("sock: Introduce sk->sk_prot->psock_update_sk_prot()") has move… redhatsusedebian
CVE-2022-49297 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for m… redhatsusedebian
CVE-2022-32792 medium 5.5 4y ago An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing malici… archredhatsusedebian
CVE-2022-25308 medium 5.5 4y ago Moderate: fribidi security update redhatsuserockylinuxdebian
CVE-2022-30699 medium 5.5 4y ago Moderate: unbound security, bug fix, and enhancement update redhatrockylinuxsusedebian
CVE-2022-31625 medium 5.5 4y ago Moderate: php security, bug fix, and enhancement update archredhatrockylinuxsuse+1
CVE-2022-50001 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tproxy: restrict to prerouting hook TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this. Thi… redhatsusedebian
CVE-2022-36946 medium 5.5 4y ago nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one… archredhatalmalinuxrockylinux+2
CVE-2022-39190 medium 5.5 4y ago An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. redhatalmalinuxsusedebian
CVE-2022-49086 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate mem… redhatsusedebian
CVE-2022-49264 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard … redhatsusedebian
CVE-2022-50092 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN… redhatsusedebian
CVE-2022-0168 medium 5.5 4y ago A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_u… almalinuxredhatarchrockylinux+2
CVE-2022-49180 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacy_parse_param The usual LSM hook "bail on fail" scheme doesn't work for cases where a secur… redhatsusedebian
CVE-2022-49179 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq Our test report a UAF: [ 2073.019181] ==========================================================… redhatsusedebian
CVE-2022-49175 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in device_pm_check_callbacks() The function device_pm_check_callbacks() can be called under the spin loc… redhatsusedebian
CVE-2022-49147 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, i… redhatsusedebian
CVE-2022-49145 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, … redhatsusedebian
CVE-2022-22628 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatrockylinuxsusedebian
CVE-2022-49142 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta … redhatsusedebian
CVE-2022-49188 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region The device_node pointer is returned by of_parse_phandle() o… redhatsusedebian
CVE-2022-49152 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_S… redhatsusedebian
CVE-2022-49270 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm: fix use-after-free in dm_cleanup_zoned_dev() dm_cleanup_zoned_dev() uses queue, so it must be called before blk_cleanup_disk(… redhatsusedebian
CVE-2022-49272 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock syzbot caught a potential deadlock between the PCM runtime->b… redhatsusedebian
CVE-2022-49306 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: host: Stop setting the ACPI companion It is no longer needed. The sysdev pointer is now used when assigning the ACPI c… redhatsusedebian
CVE-2022-49325 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with code breaking the assumption that tp->snd_cwn… redhatsusedebian
CVE-2022-49348 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state The EXT4_FC_REPLAY bit in sbi->s_mount_state is used to ind… redhatsusedebian
CVE-2022-49349 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_rename_dir_prepare We got issue as follows: EXT4-fs (loop0): mounted filesystem without journal.… redhatsusedebian
CVE-2022-49109 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in ceph_get_snapdir() The ceph_get_inode() will search for or insert a new inode into the hash … redhatsusedebian
CVE-2022-49090 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on store_cpu_topology() to call update_siblings_ma… redhatsusedebian
CVE-2022-49374 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value: ===================================================== … redhatsusedebian
CVE-2022-49378 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sfc: fix considering that all channels have TX queues Normally, all channels have RX and TX queues, but this is not true if modpa… redhatsusedebian
CVE-2022-30293 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-49398 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback The list_for_each_entry_safe() macro saves the current it… redhatsusedebian
CVE-2022-49057 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: block: null_blk: end timed out poll request When poll request is timed out, it is removed from the poll list, but not completed, … redhatsusedebian
CVE-2022-1679 medium 5.5 4y ago A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allow… redhatalmalinuxsusedebian
CVE-2022-49433 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent use of lock before it is initialized If there is a failure during probe of hfi1 before the sdma_map_lock is in… redhatsusedebian
CVE-2022-1184 medium 5.5 4y ago A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of servi… almalinuxredhatrockylinuxsuse+1
CVE-2022-1048 medium 5.5 4y ago A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PC… almalinuxredhatarchrockylinux+2
CVE-2022-26700 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-49228 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a btf decl_tag bug when tagging a function syzbot reported a btf decl_tag bug with stack trace below: general protect… redhatsusedebian
CVE-2022-26719 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-1328 medium 5.5 4y ago Moderate: mutt security update redhatsuserockylinuxdebian
CVE-2022-2320 medium 5.5 4y ago Moderate: xorg-x11-server security and bug fix update redhatarchsuserockylinux+1
CVE-2022-26125 medium 5.5 4y ago Moderate: frr security, bug fix, and enhancement update redhatsusedebianrockylinux
CVE-2022-27404 medium 5.5 4y ago Moderate: freetype security update redhatrockylinuxsusedebian
CVE-2022-32189 medium 5.5 4y ago Moderate: toolbox security and bug fix update rockylinuxredhatsusedebian+2
CVE-2022-29162 medium 5.5 4y ago Moderate: container-tools:4.0 security and bug fix update redhatarchsuserockylinux+2
CVE-2022-49545 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a p… redhatsusedebian
CVE-2022-49606 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix sleep from invalid context BUG Taking the qos_mutex to process RoCEv2 QP's on netdev events causes a kernel splat… redhatsusedebian
CVE-2022-49625 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efx_ef10_try_update_nic_stats_… redhatsusedebian
CVE-2022-49626 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sfc: fix use after free when disabling sriov Use after free is detected by kfence when disabling sriov. What was read after being… redhatsusedebian
CVE-2022-48918 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses a… redhatsusedebian
CVE-2022-22662 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update archredhatrockylinuxsuse+1
CVE-2022-3500 medium 5.5 4y ago Moderate: keylime security update redhatsuserockylinuxalmalinux+1
CVE-2022-2309 medium 5.5 4y ago Moderate: python-lxml security update redhatsusedebianrockylinux+1
CVE-2022-50000 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following se… redhatsusedebian
CVE-2022-2639 medium 5.5 4y ago An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_… redhatalmalinuxrockylinuxsuse+1
CVE-2022-26373 medium 5.5 4y ago Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. almalinuxredhatrockylinuxsuse+1
CVE-2022-29581 medium 5.5 4y ago Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; ver… redhatalmalinuxrockylinuxsuse+1
CVE-2022-49347 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in ext4_writepages we got issue as follows: EXT4-fs error (device loop0): ext4_mb_generate_buddy:1141: group 0, … redhatsusedebian
CVE-2022-0617 medium 5.5 4y ago A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use t… almalinuxredhatrockylinuxsuse+1
CVE-2022-0918 medium 5.5 4y ago Moderate: 389-ds-base security, bug fix, and enhancement update debianredhatsuserockylinux
CVE-2022-25255 medium 5.5 4y ago Moderate: qt5 security and bug fix update redhatsuserockylinuxdebian+1
CVE-2022-49543 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() When test device recovery with below command, it has warning i… redhatsusedebian
CVE-2022-22624 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatrockylinuxsusedebian