Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-01 CVE-2022-42321 Uncontrolled Recursion vulnerability in multiple products
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g.
local
low complexity
xen debian fedoraproject CWE-674
6.5
2022-11-01 CVE-2022-42322 Memory Leak vulnerability in multiple products
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0.
local
low complexity
xen debian fedoraproject CWE-401
5.5
2022-11-01 CVE-2022-42323 Memory Leak vulnerability in multiple products
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0.
local
low complexity
xen debian fedoraproject CWE-401
5.5
2022-11-01 CVE-2022-42324 Incorrect Conversion between Numeric Types vulnerability in multiple products
Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision.
local
low complexity
xen debian fedoraproject CWE-681
5.5
2022-11-01 CVE-2022-42325 Memory Leak vulnerability in multiple products
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error.
local
low complexity
xen debian fedoraproject CWE-401
5.5
2022-11-01 CVE-2022-42326 Memory Leak vulnerability in multiple products
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error.
local
low complexity
xen debian fedoraproject CWE-401
5.5
2022-10-26 CVE-2022-39348 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products
Twisted is an event-based framework for internet applications.
network
low complexity
twistedmatrix debian CWE-80
5.4
2022-10-26 CVE-2022-43750 Out-of-bounds Write vulnerability in multiple products
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
local
low complexity
linux debian CWE-787
6.7
2022-10-21 CVE-2022-3646 Improper Resource Shutdown or Release vulnerability in multiple products
A vulnerability, which was classified as problematic, has been found in Linux Kernel.
network
low complexity
linux debian CWE-404
4.3
2022-10-21 CVE-2022-3570 Out-of-bounds Write vulnerability in multiple products
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
local
low complexity
libtiff debian CWE-787
5.5