Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-31	CVE-2022-40617	Resource Exhaustion vulnerability in multiple products strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. network low complexity strongswan canonical debian fedoraproject CWE-400	7.5
2022-09-02	CVE-2022-39176	BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. low complexity bluez canonical debian	8.8
2022-09-02	CVE-2022-39177	BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. low complexity bluez canonical debian	8.8
2022-08-23	CVE-2021-3975	Use After Free vulnerability in multiple products A use-after-free flaw was found in libvirt. network low complexity redhat canonical fedoraproject debian netapp CWE-416	6.5
2022-07-04	CVE-2022-34918	Type Confusion vulnerability in multiple products An issue was discovered in the Linux kernel through 5.18.9. local low complexity linux debian canonical netapp CWE-843	7.8
2022-05-17	CVE-2022-29581	Use After Free vulnerability in multiple products Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. local low complexity linux debian canonical netapp CWE-416	7.8
2022-03-29	CVE-2022-1055	Use After Free vulnerability in multiple products A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. local low complexity linux redhat fedoraproject canonical netapp CWE-416	7.8
2022-03-23	CVE-2021-3748	Use After Free vulnerability in multiple products A use-after-free vulnerability was found in the virtio-net device of QEMU. local high complexity qemu debian canonical fedoraproject redhat CWE-416	7.5
2022-03-04	CVE-2021-3737	Infinite Loop vulnerability in multiple products A flaw was found in python. network low complexity python redhat fedoraproject canonical netapp oracle CWE-835	7.5
2022-03-03	CVE-2021-3640	Use After Free vulnerability in multiple products A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. local high complexity linux debian fedoraproject canonical netapp CWE-416	7.0