VIR Vulnerability Intelligence Relay

CVEs from 2022

6,001 normalized CVEs published or assigned in this year.

Total
6,001
critical
critical 88
high
high 1,239
medium
medium 887
low
low 24
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-36946 medium 5.5 4y ago nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one… archredhatalmalinuxrockylinux+2
CVE-2022-49504 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external … redhatsusedebian
CVE-2022-1706 medium 5.5 4y ago Moderate: ignition security, bug fix, and enhancement update redhatsusedebianrockylinux+1
CVE-2022-49615 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe f… redhatsusedebian
CVE-2022-48936 medium 5.5 4y ago Moderate: kernel-rt security update redhatrockylinuxsuse
CVE-2022-49515 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defin… redhatsusedebian
CVE-2022-26709 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-49536 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces … redhatsusedebian
CVE-2022-49537 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processo… redhatsusedebian
CVE-2022-49606 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix sleep from invalid context BUG Taking the qos_mutex to process RoCEv2 QP's on netdev events causes a kernel splat… redhatsusedebian
CVE-2022-49538 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_rep… redhatsusedebian
CVE-2022-49545 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a p… redhatsusedebian
CVE-2022-49671 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix memory leak in ib_cm_insert_listen cm_alloc_id_priv() allocates resource for the cm_id_priv. When cm_init_listen() f… redhatsusedebian
CVE-2022-29900 medium 5.5 4y ago Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. redhatalmalinuxsuserockylinux+1
CVE-2022-29901 medium 5.5 4y ago Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged use… redhatalmalinuxsuserockylinux+1
CVE-2022-22662 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update archredhatrockylinuxsuse+1
CVE-2022-49147 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, i… redhatsusedebian
CVE-2022-26700 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-2989 medium 5.5 4y ago Moderate: buildah security and bug fix update rockylinuxredhatsusedebian+1
CVE-2022-50084 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and ru… redhatsusedebian
CVE-2022-49086 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate mem… redhatsusedebian
CVE-2022-27337 medium 5.5 4y ago Moderate: poppler security and bug fix update archredhatrockylinuxsuse+2
CVE-2022-0865 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-49297 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for m… redhatsusedebian
CVE-2022-0891 medium 5.5 4y ago Moderate: libtiff security update redhatarchrockylinuxsuse+2
CVE-2022-49394 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per cgro… redhatsusedebian
CVE-2022-49109 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in ceph_get_snapdir() The ceph_get_inode() will search for or insert a new inode into the hash … redhatsusedebian
CVE-2022-0561 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-0908 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-0924 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-0918 medium 5.5 4y ago Moderate: 389-ds-base security, bug fix, and enhancement update debianredhatsuserockylinux
CVE-2022-22628 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatrockylinuxsusedebian
CVE-2022-0909 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-22844 medium 5.5 4y ago Moderate: libtiff security update redhatarchrockylinuxsuse+2
CVE-2022-1049 medium 5.5 4y ago Moderate: pcs security, bug fix, and enhancement update redhatrockylinuxdebian
CVE-2022-49107 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error Reset the last_readdir at the same time, and add a comm… redhatsusedebian
CVE-2022-27404 medium 5.5 4y ago Moderate: freetype security update redhatrockylinuxsusedebian
CVE-2022-1354 medium 5.5 4y ago Moderate: libtiff security update archredhatdebianalmalinux
CVE-2022-49227 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: igc: avoid kernel warning when changing RX ring parameters Calling ethtool changing the RX ring parameters like this: $ ethtoo… redhatsusedebian
CVE-2022-49229 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ptp: unregister virtual clocks when unregistering physical clock. When unregistering a physical clock which has some virtual cloc… redhatsusedebian
CVE-2022-49710 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITS_PER_LONG The code in dm-log rounds up bitset_size to 32 bits. It then uses fin… redhatsusedebian
CVE-2022-49708 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on ext4_mb_use_inode_pa Hulk Robot reported a BUG_ON: =============================================================… redhatsusedebian
CVE-2022-49707 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4 image which is freshly clear res… redhatsusedebian
CVE-2022-1355 medium 5.5 4y ago Moderate: libtiff security update archredhatrockylinuxdebian+1
CVE-2022-49253 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: media: usb: go7007: s2250-board: fix leak in probe() Call i2c_unregister_device(audio) on this error path. redhatsusedebian
CVE-2022-48765 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC The below warning is splatting during guest reboot. ------------[ cu… redhatsusedebian
CVE-2022-30550 medium 5.5 4y ago Moderate: dovecot security and enhancement update archredhatdebianrockylinux+2
CVE-2022-49673 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5_add_disks There's a KASAN warning in raid5_add_disk when running the LVM testsuite. The warni… redhatsusedebian
CVE-2022-49669 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race on unaccepted mptcp sockets When the listener socket owning the relevant request is closed, it frees the unaccept… redhatsusedebian
CVE-2022-0854 medium 5.5 4y ago A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. redhatalmalinuxrockylinuxsuse+1
CVE-2022-49306 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: host: Stop setting the ACPI companion It is no longer needed. The sysdev pointer is now used when assigning the ACPI c… redhatsusedebian
CVE-2022-2309 medium 5.5 4y ago Moderate: python-lxml security update redhatsusedebianrockylinux+1
CVE-2022-50027 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe … redhatsusedebian
CVE-2022-49663 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() Recently added debug in commit f9aefd6b2aa3 ("net: warn if ma… redhatsusedebian
CVE-2022-30699 medium 5.5 4y ago Moderate: unbound security, bug fix, and enhancement update redhatrockylinuxsusedebian
CVE-2022-26719 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-49664 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipc_node_create Shuang Li reported a NULL pointer dereference crash: [] BUG: kernel NULL … redhatsusedebian
CVE-2022-3500 medium 5.5 4y ago Moderate: keylime security update redhatsuserockylinuxalmalinux+1
CVE-2022-32742 medium 5.5 4y ago Moderate: samba security, bug fix, and enhancement update redhatarchsuserockylinux+2
CVE-2022-32990 medium 5.5 4y ago Moderate: gimp security and enhancement update redhatsusedebianrockylinux
CVE-2022-49325 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with code breaking the assumption that tp->snd_cwn… redhatsusedebian
CVE-2022-1304 medium 5.5 4y ago Moderate: e2fsprogs security update redhatdebianrockylinuxsuse+1
CVE-2022-1263 medium 5.5 4y ago A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, cau… redhatsusedebian
CVE-2022-1280 medium 5.5 4y ago A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial… redhatalmalinuxsusedebian
CVE-2022-1353 medium 5.5 4y ago A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system cras… archalmalinuxredhatsuse+2
CVE-2022-30293 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-0396 medium 5.5 4y ago Moderate: bind security update redhatdebianarchsuse+1
CVE-2022-1852 medium 5.5 4y ago A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing a… almalinuxredhatrockylinuxsuse+1
CVE-2022-49175 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in device_pm_check_callbacks() The function device_pm_check_callbacks() can be called under the spin loc… redhatsusedebian
CVE-2022-32792 medium 5.5 4y ago An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing malici… archredhatsusedebian
CVE-2022-49378 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sfc: fix considering that all channels have TX queues Normally, all channels have RX and TX queues, but this is not true if modpa… redhatsusedebian
CVE-2022-1998 medium 5.5 4y ago A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this … redhatalmalinuxsusedebian
CVE-2022-49142 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta … redhatsusedebian
CVE-2022-49626 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sfc: fix use after free when disabling sriov Use after free is detected by kfence when disabling sriov. What was read after being… redhatsusedebian
CVE-2022-26716 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-49625 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efx_ef10_try_update_nic_stats_… redhatsusedebian
CVE-2022-50179 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem wa… redhatsusedebian
CVE-2022-49330 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd syzbot got a new report [1] finally pointing to a very old bug, added in initia… redhatsusedebian
CVE-2022-50178 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: 8852a: rfk: fix div 0 exception The DPK is a kind of RF calibration whose algorithm is to fine tune parameters and c… redhatsusedebian
CVE-2022-32189 medium 5.5 4y ago Moderate: toolbox security and bug fix update rockylinuxredhatsusedebian+2
CVE-2022-20572 medium 5.5 4y ago In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution pri… redhatsusedebian
CVE-2022-21499 medium 5.5 4y ago KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that t… archalmalinuxredhatrockylinux+2
CVE-2022-29162 medium 5.5 4y ago Moderate: container-tools:4.0 security and bug fix update redhatarchsuserockylinux+2
CVE-2022-24448 medium 5.5 4y ago An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. … redhatalmalinuxrockylinuxsuse+1
CVE-2022-39190 medium 5.5 4y ago An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. redhatalmalinuxsusedebian
CVE-2022-32891 medium 5.5 4y ago The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. archredhatsusedebian
CVE-2022-50030 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Malformed user input to debugfs results in buffe… redhatsusedebian
CVE-2022-49145 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, … redhatsusedebian
CVE-2022-49543 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() When test device recovery with below command, it has warning i… redhatsusedebian
CVE-2022-49584 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero It is possible to disable VFs while the PF driver is proces… redhatsusedebian
CVE-2022-0562 medium 5.5 4y ago Moderate: libtiff security update redhatarchsuserockylinux+2
CVE-2022-50085 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert… redhatsusedebian
CVE-2022-49152 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_S… redhatsusedebian
CVE-2022-41105 medium 5.5 5.5 4y ago Microsoft Excel Information Disclosure Vulnerability windows
CVE-2022-41104 medium 5.5 5.5 4y ago Microsoft Excel Security Feature Bypass Vulnerability windows
CVE-2022-41103 medium 5.5 5.5 4y ago Microsoft Word Information Disclosure Vulnerability windows
CVE-2022-41060 medium 5.5 5.5 4y ago Microsoft Word Information Disclosure Vulnerability windows
CVE-2022-27950 medium 5.5 4y ago In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. rockylinuxsusedebianalmalinux
CVE-2022-23960 medium 5.5 4y ago Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buf… rockylinuxsusedebian
CVE-2022-21682 medium 5.5 4y ago Moderate: flatpak-builder security and bug fix update suserockylinuxdebian