High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-09	CVE-2022-45059	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. network low complexity varnish-cache-project fedoraproject CWE-444	7.5
2022-11-09	CVE-2022-45060	An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. network low complexity varnish-software varnish-cache-project fedoraproject debian	7.5
2022-11-01	CVE-2022-3602	Classic Buffer Overflow vulnerability in multiple products A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. network low complexity openssl fedoraproject netapp CWE-120	7.5
2022-11-01	CVE-2022-3786	Classic Buffer Overflow vulnerability in multiple products A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. network low complexity openssl fedoraproject CWE-120	7.5
2022-11-01	CVE-2022-42309	Release of Invalid Pointer or Reference vulnerability in multiple products Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. local low complexity xen debian fedoraproject CWE-763	8.8
2022-11-01	CVE-2022-42320	Incomplete Cleanup vulnerability in multiple products Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. local high complexity xen debian fedoraproject CWE-459	7.0
2022-10-29	CVE-2022-42916	Cleartext Transmission of Sensitive Information vulnerability in multiple products In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. network low complexity haxx fedoraproject CWE-319	7.5
2022-10-24	CVE-2022-43680	Use After Free vulnerability in multiple products In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. network low complexity libexpat-project debian fedoraproject CWE-416	7.5
2022-10-19	CVE-2022-41742	Out-of-bounds Write vulnerability in multiple products NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. local low complexity f5 fedoraproject debian CWE-787	7.1
2022-10-19	CVE-2022-39260	Out-of-bounds Write vulnerability in multiple products Git is an open source, scalable, distributed revision control system. network low complexity git-scm fedoraproject apple CWE-787	8.8