VIR Vulnerability Intelligence Relay

CVEs from 2022

6,001 normalized CVEs published or assigned in this year.

Total
6,001
critical
critical 88
high
high 1,239
medium
medium 887
low
low 24
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-0996 medium 5.5 4y ago Moderate: 389-ds-base security, bug fix, and enhancement update debianredhatsuserockylinux
CVE-2022-2990 medium 5.5 4y ago Moderate: buildah security and bug fix update redhatrockylinuxsusedebian+1
CVE-2022-49404 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix potential integer multiplication overflow errors When multiplying of different types, an overflow is possible even… redhatsusedebian
CVE-2022-50179 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem wa… redhatsusedebian
CVE-2022-49398 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback The list_for_each_entry_safe() macro saves the current it… redhatsusedebian
CVE-2022-49349 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_rename_dir_prepare We got issue as follows: EXT4-fs (loop0): mounted filesystem without journal.… redhatsusedebian
CVE-2022-49348 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state The EXT4_FC_REPLAY bit in sbi->s_mount_state is used to ind… redhatsusedebian
CVE-2022-48918 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses a… redhatsusedebian
CVE-2022-49343 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a direct… redhatsusedebian
CVE-2022-49340 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ip_gre: test csum_start instead of transport header GRE with TUNNEL_CSUM will apply local checksum offload on CHECKSUM_PARTIAL pa… redhatsusedebian
CVE-2022-49325 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with code breaking the assumption that tp->snd_cwn… redhatsusedebian
CVE-2022-50000 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following se… redhatsusedebian
CVE-2022-49306 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: host: Stop setting the ACPI companion It is no longer needed. The sysdev pointer is now used when assigning the ACPI c… redhatsusedebian
CVE-2022-49253 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: media: usb: go7007: s2250-board: fix leak in probe() Call i2c_unregister_device(audio) on this error path. redhatsusedebian
CVE-2022-25255 medium 5.5 4y ago Moderate: qt5 security and bug fix update redhatsuserockylinuxdebian+1
CVE-2022-23825 medium 5.5 4y ago Moderate: kernel security, bug fix, and enhancement update redhatalmalinuxsuserockylinux+1
CVE-2022-23816 medium 5.5 4y ago Moderate: kernel security, bug fix, and enhancement update redhatalmalinuxsuserockylinux
CVE-2022-49229 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ptp: unregister virtual clocks when unregistering physical clock. When unregistering a physical clock which has some virtual cloc… redhatsusedebian
CVE-2022-32891 medium 5.5 4y ago The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. archredhatsusedebian
CVE-2022-0934 medium 5.5 4y ago Moderate: dnsmasq security and bug fix update redhatarchdebiansuse+1
CVE-2022-27191 medium 5.5 4y ago Moderate: buildah security and bug fix update redhatalmalinuxsuserockylinux+2
CVE-2022-49227 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: igc: avoid kernel warning when changing RX ring parameters Calling ethtool changing the RX ring parameters like this: $ ethtoo… redhatsusedebian
CVE-2022-49215 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. Th… redhatsusedebian
CVE-2022-49557 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave) Set the starting uABI size of KVM's guest FPU to 'stru… redhatsusedebian
CVE-2022-49199 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() This code checks "index" for an upper bound but it does no… redhatsusedebian
CVE-2022-26709 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-29162 medium 5.5 4y ago Moderate: container-tools:4.0 security and bug fix update redhatarchsuserockylinux+2
CVE-2022-27405 medium 5.5 4y ago Moderate: freetype security update redhatrockylinuxsusedebian
CVE-2022-39190 medium 5.5 4y ago An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. redhatalmalinuxsusedebian
CVE-2022-29901 medium 5.5 4y ago Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged use… redhatalmalinuxsuserockylinux+1
CVE-2022-29900 medium 5.5 4y ago Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. redhatalmalinuxsuserockylinux+1
CVE-2022-26373 medium 5.5 4y ago Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. almalinuxredhatrockylinuxsuse+1
CVE-2022-2639 medium 5.5 4y ago An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_… redhatalmalinuxrockylinuxsuse+1
CVE-2022-21166 medium 5.5 4y ago Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. redhatalmalinuxsuserockylinux+1
CVE-2022-21125 medium 5.5 4y ago Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. almalinuxredhatsuserockylinux+1
CVE-2022-26719 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-21123 medium 5.5 4y ago Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. almalinuxredhatsuserockylinux+1
CVE-2022-1679 medium 5.5 4y ago A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allow… redhatalmalinuxsusedebian
CVE-2022-0854 medium 5.5 4y ago A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. redhatalmalinuxrockylinuxsuse+1
CVE-2022-49394 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per cgro… redhatsusedebian
CVE-2022-25309 medium 5.5 4y ago Moderate: fribidi security update redhatsuserockylinuxdebian
CVE-2022-49175 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in device_pm_check_callbacks() The function device_pm_check_callbacks() can be called under the spin loc… redhatsusedebian
CVE-2022-48912 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been release… redhatsusedebian
CVE-2022-49147 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, i… redhatsusedebian
CVE-2022-27404 medium 5.5 4y ago Moderate: freetype security update redhatrockylinuxsusedebian
CVE-2022-0918 medium 5.5 4y ago Moderate: 389-ds-base security, bug fix, and enhancement update debianredhatsuserockylinux
CVE-2022-49145 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, … redhatsusedebian
CVE-2022-49142 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta … redhatsusedebian
CVE-2022-49152 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_S… redhatsusedebian
CVE-2022-49093 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: skbuff: fix coalescing for page_pool fragment recycling Fix a use-after-free when using page_pool with page fragments. We encount… redhatsusedebian
CVE-2022-49090 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on store_cpu_topology() to call update_siblings_ma… redhatsusedebian
CVE-2022-49264 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard … redhatsusedebian
CVE-2022-48905 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. redhatsusedebian
CVE-2022-48765 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC The below warning is splatting during guest reboot. ------------[ cu… redhatsusedebian
CVE-2022-2989 medium 5.5 4y ago Moderate: buildah security and bug fix update rockylinuxredhatsusedebian+1
CVE-2022-22629 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatrockylinuxsusedebian
CVE-2022-2850 medium 5.5 4y ago Moderate: 389-ds-base security, bug fix, and enhancement update debianredhatsuserockylinux
CVE-2022-30293 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-25310 medium 5.5 4y ago Moderate: fribidi security update redhatsuserockylinuxdebian
CVE-2022-30067 medium 5.5 4y ago Moderate: gimp security and enhancement update redhatsusedebianrockylinux
CVE-2022-26717 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-2309 medium 5.5 4y ago Moderate: python-lxml security update redhatsusedebianrockylinux+1
CVE-2022-3500 medium 5.5 4y ago Moderate: keylime security update redhatsuserockylinuxalmalinux+1
CVE-2022-26700 medium 5.5 4y ago Moderate: webkit2gtk3 security and bug fix update redhatarchrockylinuxsuse+1
CVE-2022-49534 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and l… redhatsusedebian
CVE-2022-49606 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix sleep from invalid context BUG Taking the qos_mutex to process RoCEv2 QP's on netdev events causes a kernel splat… redhatsusedebian
CVE-2022-49615 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe f… redhatsusedebian
CVE-2022-49531 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is stored in the gendisk private data is valid until the gendisk is f… redhatsusedebian
CVE-2022-49707 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4 image which is freshly clear res… redhatsusedebian
CVE-2022-49708 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on ext4_mb_use_inode_pa Hulk Robot reported a BUG_ON: =============================================================… redhatsusedebian
CVE-2022-49710 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITS_PER_LONG The code in dm-log rounds up bitset_size to 32 bits. It then uses fin… redhatsusedebian
CVE-2022-49440 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Keep MSR[RI] set when calling RTAS RTAS runs in real mode (MSR[DR] and MSR[IR] unset) and in 32-bit big endian mode… redhatsusedebian
CVE-2022-50027 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe … redhatsusedebian
CVE-2022-50030 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Malformed user input to debugfs results in buffe… redhatsusedebian
CVE-2022-49433 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent use of lock before it is initialized If there is a failure during probe of hfi1 before the sdma_map_lock is in… redhatsusedebian
CVE-2022-49411 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgrou… redhatsusedebian
CVE-2022-50084 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and ru… redhatsusedebian
CVE-2022-50085 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert… redhatsusedebian
CVE-2022-49409 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ==============================================================… redhatsusedebian
CVE-2022-49408 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in parse_apply_sb_mount_options() If processing the on-disk mount options fails after any memory was alloca… redhatsusedebian
CVE-2022-50178 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: 8852a: rfk: fix div 0 exception The DPK is a kind of RF calibration whose algorithm is to fine tune parameters and c… redhatsusedebian
CVE-2022-41105 medium 5.5 5.5 4y ago Microsoft Excel Information Disclosure Vulnerability windows
CVE-2022-41104 medium 5.5 5.5 4y ago Microsoft Excel Security Feature Bypass Vulnerability windows
CVE-2022-41103 medium 5.5 5.5 4y ago Microsoft Word Information Disclosure Vulnerability windows
CVE-2022-41060 medium 5.5 5.5 4y ago Microsoft Word Information Disclosure Vulnerability windows
CVE-2022-21824 medium 5.5 4y ago Moderate: nodejs:16 security, bug fix, and enhancement update rockylinuxsusedebian
CVE-2022-21682 medium 5.5 4y ago Moderate: flatpak-builder security and bug fix update suserockylinuxdebian
CVE-2022-27950 medium 5.5 4y ago In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. rockylinuxsusedebianalmalinux
CVE-2022-2938 medium 5.5 4y ago A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corr… rockylinuxsusedebianalmalinux
CVE-2022-23960 medium 5.5 4y ago Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buf… rockylinuxsusedebian
CVE-2022-49281 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their o… redhatsusedebian
CVE-2022-37434 medium 5.5 4y ago Moderate: zlib security update redhatarchrockylinuxsuse+2
CVE-2022-33099 medium 5.5 4y ago Moderate: lua security update redhatsuserockylinuxdebian
CVE-2022-50095 medium 5.5 4y ago In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to… redhatsusedebian
CVE-2022-21372 medium 5.5 4y ago Moderate: mysql:8.0 security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2022-21374 medium 5.5 4y ago Moderate: mysql:8.0 security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2022-21379 medium 5.5 4y ago Moderate: mysql:8.0 security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2022-21352 medium 5.5 4y ago Moderate: mysql:8.0 security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2022-21297 medium 5.5 4y ago Moderate: mysql:8.0 security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2022-21254 medium 5.5 4y ago Moderate: mysql:8.0 security, bug fix, and enhancement update rockylinuxdebianalmalinux