CVEs from 2022
Total
5,378
critical
critical 94
high
high 1,233
medium
medium 950
low
low 24
% Critical
1.7%
% with KEV
2.4%
% with exploit
3.3%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23109 | unknown | — | — | 4y ago | Improper credentials masking in Jenkins HashiCorp Vault Plugin | |||
| CVE-2022-23110 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Publish Over SSH Plugin | |||
| CVE-2022-23108 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Badge Plugin | |||
| CVE-2022-23111 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin | |||
| CVE-2022-23117 | unknown | — | — | 4y ago | Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials | |||
| CVE-2022-23115 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins batch task Plugin | |||
| CVE-2022-23113 | unknown | — | — | 4y ago | Path traversal vulnerability in Jenkins Publish Over SSH Plugin | |||
| CVE-2022-23112 | unknown | — | — | 4y ago | Missing permission check in Jenkins Publish Over SSH Plugin | |||
| CVE-2022-23114 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins Publish Over SSH Plugin | |||
| CVE-2022-23116 | unknown | — | — | 4y ago | Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets | |||
| CVE-2022-23118 | unknown | — | — | 4y ago | Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin | |||
| CVE-2022-21653 | unknown | — | — | 5y ago | Hash collision in typelevel jawn |