Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-42310 | Incomplete Cleanup vulnerability in multiple products Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. | 5.5 |
| 2022-11-01 | CVE-2022-42317 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. | 6.5 |
| 2022-11-01 | CVE-2022-42318 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. | 6.5 |
| 2022-11-01 | CVE-2022-42319 | Memory Leak vulnerability in multiple products Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. | 6.5 |
| 2022-11-01 | CVE-2022-42321 | Uncontrolled Recursion vulnerability in multiple products Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. | 6.5 |
| 2022-11-01 | CVE-2022-42322 | Memory Leak vulnerability in multiple products Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. | 5.5 |
| 2022-11-01 | CVE-2022-42323 | Memory Leak vulnerability in multiple products Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. | 5.5 |
| 2022-11-01 | CVE-2022-42325 | Memory Leak vulnerability in multiple products Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. | 5.5 |
| 2022-11-01 | CVE-2022-42326 | Memory Leak vulnerability in multiple products Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. | 5.5 |
| 2022-10-19 | CVE-2022-3586 | Use After Free vulnerability in multiple products A flaw was found in the Linux kernel’s networking code. | 5.5 |