Vulnerabilities > Debian > Debian Linux > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-01 | CVE-2022-42309 | Release of Invalid Pointer or Reference vulnerability in multiple products Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. | 8.8 |
2022-11-01 | CVE-2022-42320 | Incomplete Cleanup vulnerability in multiple products Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. | 7.0 |
2022-10-31 | CVE-2022-40617 | Resource Exhaustion vulnerability in multiple products strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | 7.5 |
2022-10-29 | CVE-2022-41974 | Improper Privilege Management vulnerability in multiple products multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. | 7.8 |
2022-10-29 | CVE-2022-41973 | Link Following vulnerability in multiple products multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. | 7.8 |
2022-10-26 | CVE-2022-39286 | Uncontrolled Search Path Element vulnerability in multiple products Jupyter Core is a package for the core common functionality of Jupyter projects. | 8.8 |
2022-10-26 | CVE-2022-3705 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability was found in vim and classified as problematic. | 7.5 |
2022-10-25 | CVE-2022-41704 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. | 7.5 |
2022-10-25 | CVE-2022-42890 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. | 7.5 |
2022-10-24 | CVE-2022-43680 | Use After Free vulnerability in multiple products In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | 7.5 |