Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-14 CVE-2022-42721 Infinite Loop vulnerability in multiple products
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
local
low complexity
linux fedoraproject debian CWE-835
5.5
2022-10-14 CVE-2022-42722 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
local
low complexity
linux fedoraproject debian CWE-476
5.5
2022-10-11 CVE-2022-3140 Argument Injection or Modification vulnerability in multiple products
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server.
network
low complexity
libreoffice debian fedoraproject CWE-88
6.3
2022-10-11 CVE-2022-33746 Improper Resource Shutdown or Release vulnerability in multiple products
P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size.
local
low complexity
xen fedoraproject debian CWE-404
6.5
2022-10-11 CVE-2022-33748 Improper Handling of Exceptional Conditions vulnerability in multiple products
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path.
local
high complexity
xen fedoraproject debian CWE-755
5.6
2022-10-08 CVE-2022-3435 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A vulnerability classified as problematic has been found in Linux Kernel.
network
low complexity
linux fedoraproject debian CWE-119
4.3
2022-10-07 CVE-2022-2928 NULL Pointer Dereference vulnerability in multiple products
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field.
low complexity
isc debian fedoraproject CWE-476
6.5
2022-10-07 CVE-2022-2929 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
low complexity
isc debian fedoraproject CWE-770
6.5
2022-09-30 CVE-2022-41849 Use After Free vulnerability in multiple products
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
high complexity
linux debian CWE-416
4.2
2022-09-30 CVE-2022-41850 Use After Free vulnerability in multiple products
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
local
high complexity
linux debian CWE-416
4.7