Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2022-11-23 CVE-2022-44789 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
network
low complexity
artifex debian CWE-119
8.8
2022-11-15 CVE-2022-41916 Off-by-one Error vulnerability in multiple products
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos.
network
low complexity
heimdal-project debian CWE-193
7.5
2022-11-09 CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. 7.5
2022-11-08 CVE-2022-39377 Incorrect Calculation of Buffer Size vulnerability in multiple products
sysstat is a set of system performance tools for the Linux operating system.
network
low complexity
sysstat-project debian fedoraproject CWE-131
critical
9.8
2022-11-01 CVE-2022-42309 Release of Invalid Pointer or Reference vulnerability in multiple products
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage.
local
low complexity
xen debian fedoraproject CWE-763
8.8
2022-11-01 CVE-2022-42310 Incomplete Cleanup vulnerability in multiple products
Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created.
local
low complexity
xen debian fedoraproject CWE-459
5.5
2022-11-01 CVE-2022-42317 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2022-11-01 CVE-2022-42318 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2022-11-01 CVE-2022-42319 Memory Leak vulnerability in multiple products
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily.
local
low complexity
xen debian fedoraproject CWE-401
6.5
2022-11-01 CVE-2022-42320 Incomplete Cleanup vulnerability in multiple products
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid.
local
high complexity
xen debian fedoraproject CWE-459
7.0