CVEs from 2022
Total
5,739
critical
critical 88
high
high 1,220
medium
medium 938
low
low 24
% Critical
1.5%
% with KEV
2.3%
% with exploit
2.5%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-1587 | medium | — | 5.5 | 4y ago | An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regula… | |||
| CVE-2022-27776 | medium | — | 5.5 | 4y ago | RHSA-2022:5313: curl security update (Moderate) | |||
| CVE-2022-1621 | medium | — | 5.5 | 4y ago | RHSA-2022:5319: vim security update (Moderate) | |||
| CVE-2022-0943 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-0554 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-1586 | medium | — | 5.5 | 4y ago | RHSA-2022:5809: pcre2 security update (Moderate) | |||
| CVE-2022-26280 | medium | — | 5.5 | 4y ago | Moderate: libarchive security update | |||
| CVE-2022-1420 | medium | — | 5.5 | 4y ago | Moderate: vim security update | |||
| CVE-2022-1154 | medium | — | 5.5 | 4y ago | RHSA-2022:1552: vim security update (Moderate) | |||
| CVE-2022-29824 | medium | — | 5.5 | 4y ago | RHSA-2022:5317: libxml2 security update (Moderate) | |||
| CVE-2022-49044 | medium | — | 5.5 | 4y ago | RHSA-2022:7683: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-1215 | medium | — | 5.5 | 4y ago | RHSA-2022:5331: libinput security update (Moderate) | |||
| CVE-2022-30184 | medium | — | 5.5 | 4y ago | RHSA-2022:5061: .NET Core 3.1 security and bugfix update (Moderate) | |||
| CVE-2022-30552 | medium | 5.5 | 5.5 | 4y ago | Das U-Boot 2022.01 has a Buffer Overflow. | |||
| CVE-2022-1708 | medium | — | 5.5 | 4y ago | RHSA-2022:7529: container-tools:3.0 security update (Moderate) | |||
| CVE-2022-23772 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-23806 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-21443 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-23303 | medium | — | 5.5 | 4y ago | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an inc… | |||
| CVE-2022-21496 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21434 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-22827 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22825 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22826 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-0413 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-22822 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22823 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-22824 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2022-25762 | medium | — | 5.5 | 4y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-28265 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28264 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28263 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28261 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28259 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28258 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28255 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28253 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28251 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-28245 | medium | 5.5 | 5.5 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which … | |||
| CVE-2022-29107 | medium | 5.5 | 5.5 | 4y ago | Microsoft Office Security Feature Bypass Vulnerability | |||
| CVE-2022-21658 | medium | — | 5.5 | 4y ago | RHSA-2022:1894: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-27650 | medium | — | 5.5 | 4y ago | RHSA-2022:1793: container-tools:3.0 security and bug fix update (Moderate) | |||
| CVE-2022-0485 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22594 | medium | — | 5.5 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22592 | medium | — | 5.5 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22590 | medium | — | 5.5 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22637 | medium | — | 5.5 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-22589 | medium | — | 5.5 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-1117 | medium | — | 5.5 | 4y ago | RHSA-2022:1898: fapolicyd security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-1473 | medium | — | 5.5 | 4y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-1343 | medium | — | 5.5 | 4y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-27385 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-31624 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-31621 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-28347 | medium | — | 5.5 | 4y ago | A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion… | |||
| CVE-2022-28346 | medium | — | 5.5 | 4y ago | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via … | |||
| CVE-2022-24795 | medium | — | 5.5 | 4y ago | RHSA-2022:7524: yajl security update (Moderate) | |||
| CVE-2022-24801 | medium | — | 5.5 | 4y ago | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed se… | |||
| CVE-2022-23308 | medium | — | 5.5 | 4y ago | RHSA-2022:0899: libxml2 security update (Moderate) | |||
| CVE-2022-23218 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2022-23219 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2022-0359 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0392 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0318 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0361 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0261 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0358 | medium | — | 5.5 | 4y ago | RHSA-2022:0886: virt:rhel and virt-devel:rhel security update (Moderate) | |||
| CVE-2022-24511 | medium | 5.5 | 5.5 | 4y ago | Microsoft Office Word Tampering Vulnerability | |||
| CVE-2022-24462 | medium | 5.5 | 5.5 | 4y ago | Microsoft Word Security Feature Bypass Vulnerability | |||
| CVE-2022-21716 | medium | — | 5.5 | 4y ago | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the pe… | |||
| CVE-2022-0613 | medium | — | 5.5 | 4y ago | RHBA-2022:1386: .NET Core 3.1 on RHEL 8 bugfix update (Moderate) | |||
| CVE-2022-23634 | medium | — | 5.5 | 4y ago | Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the resp… | |||
| CVE-2022-23633 | medium | — | 5.5 | 4y ago | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `Action… | |||
| CVE-2022-21712 | medium | — | 5.5 | 4y ago | twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in … | |||
| CVE-2022-22818 | medium | — | 5.5 | 4y ago | The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. | |||
| CVE-2022-23833 | medium | — | 5.5 | 4y ago | An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsin… | |||
| CVE-2022-21248 | medium | — | 5.5 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21365 | medium | — | 5.5 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-23837 | medium | — | 5.5 | 4y ago | In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to… | |||
| CVE-2022-0235 | medium | — | 5.5 | 4y ago | RHSA-2023:0050: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-20166 | medium | — | 5.5 | 5y ago | RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-50970 | medium | 5.4 | 5.4 | 20d ago | WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can cra… | |||
| CVE-2022-46840 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help D… | |||
| CVE-2022-45841 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9. | |||
| CVE-2022-38055 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0… | |||
| CVE-2022-40975 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. | |||
| CVE-2022-45851 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4. | |||
| CVE-2022-45351 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-45839 | medium | 5.4 | 5.4 | 3y ago | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions. | |||
| CVE-2022-45804 | medium | 5.4 | 5.4 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & acti… | |||
| CVE-2022-45091 | medium | 5.4 | 5.4 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This iss… | |||
| CVE-2022-45086 | medium | 5.4 | 5.4 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issu… | |||
| CVE-2022-4554 | medium | 5.4 | 5.4 | 3y ago | B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.… | |||
| CVE-2022-44590 | medium | 5.4 | 5.4 | 4y ago | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress. | |||
| CVE-2022-36404 | medium | 5.4 | 5.4 | 4y ago | Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. | |||
| CVE-2022-0900 | medium | 5.4 | 5.4 | 4y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from unspecified before… | |||
| CVE-2022-26523 | medium | 5.3 | 5.3 | 22d ago | The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service… | |||
| CVE-2022-47601 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in JoomUnited WP Table Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Table Manager: from n/a through 3.5.2. | |||
| CVE-2022-47429 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Pag… | |||
| CVE-2022-47182 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for W… |