Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-01 CVE-2022-42823 Type Confusion vulnerability in multiple products
A type confusion issue was addressed with improved memory handling.
network
low complexity
apple fedoraproject debian CWE-843
8.8
2022-11-01 CVE-2022-42309 Release of Invalid Pointer or Reference vulnerability in multiple products
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage.
local
low complexity
xen debian fedoraproject CWE-763
8.8
2022-11-01 CVE-2022-42320 Incomplete Cleanup vulnerability in multiple products
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid.
local
high complexity
xen debian fedoraproject CWE-459
7.0
2022-10-31 CVE-2022-40617 Resource Exhaustion vulnerability in multiple products
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
7.5
2022-10-29 CVE-2022-41974 Improper Privilege Management vulnerability in multiple products
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973.
local
low complexity
opensvc fedoraproject debian CWE-269
7.8
2022-10-29 CVE-2022-41973 Link Following vulnerability in multiple products
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974.
local
low complexity
opensvc fedoraproject debian CWE-59
7.8
2022-10-26 CVE-2022-39286 Uncontrolled Search Path Element vulnerability in multiple products
Jupyter Core is a package for the core common functionality of Jupyter projects.
network
low complexity
jupyter debian fedoraproject CWE-427
8.8
2022-10-26 CVE-2022-3705 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A vulnerability was found in vim and classified as problematic.
network
high complexity
vim fedoraproject debian netapp CWE-119
7.5
2022-10-25 CVE-2022-41704 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.
network
low complexity
apache debian CWE-918
7.5
2022-10-25 CVE-2022-42890 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript.
network
low complexity
apache debian CWE-918
7.5