Vulnerabilities > Fedoraproject > Fedora > 35

DATE CVE VULNERABILITY TITLE RISK
2022-11-01 CVE-2022-42322 Memory Leak vulnerability in multiple products
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0.
local
low complexity
xen debian fedoraproject CWE-401
5.5
5.5
2022-11-01 CVE-2022-42323 Memory Leak vulnerability in multiple products
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0.
local
low complexity
xen debian fedoraproject CWE-401
5.5
5.5
2022-11-01 CVE-2022-42324 Incorrect Conversion between Numeric Types vulnerability in multiple products
Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision.
local
low complexity
xen debian fedoraproject CWE-681
5.5
5.5
2022-11-01 CVE-2022-42325 Memory Leak vulnerability in multiple products
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error.
local
low complexity
xen debian fedoraproject CWE-401
5.5
5.5
2022-11-01 CVE-2022-42326 Memory Leak vulnerability in multiple products
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error.
local
low complexity
xen debian fedoraproject CWE-401
5.5
5.5
2022-10-30 CVE-2022-44020 Improper Preservation of Permissions vulnerability in multiple products
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2.
local
low complexity
opendev fedoraproject CWE-281
5.5
5.5
2022-10-29 CVE-2022-42915 Double Free vulnerability in multiple products
curl before 7.86.0 has a double free.
network
high complexity
haxx fedoraproject netapp apple splunk CWE-415
8.1
8.1
2022-10-29 CVE-2022-42916 Cleartext Transmission of Sensitive Information vulnerability in multiple products
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP.
network
low complexity
haxx fedoraproject apple splunk CWE-319
7.5
7.5
2022-10-26 CVE-2022-3705 A vulnerability was found in vim and classified as problematic.
network
high complexity
vim fedoraproject debian netapp
7.5
7.5
2022-10-24 CVE-2021-46848 Off-by-one Error vulnerability in multiple products
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
network
low complexity
gnu fedoraproject debian CWE-193
critical
 9.1
9.1