Vulnerabilities > Fedoraproject > Fedora > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-08 CVE-2022-39377 sysstat is a set of system performance tools for the Linux operating system.
local
low complexity
sysstat-project debian fedoraproject
7.8
7.8
2022-11-07 CVE-2022-42919 Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration.
local
low complexity
python fedoraproject
7.8
7.8
2022-11-06 CVE-2022-40284 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow was discovered in NTFS-3G before 2022.10.3.
local
low complexity
tuxera debian fedoraproject CWE-120
7.8
7.8
2022-11-03 CVE-2022-44638 Integer Overflow or Wraparound vulnerability in multiple products
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
network
low complexity
pixman debian fedoraproject CWE-190
8.8
8.8
2022-11-01 CVE-2022-42823 Type Confusion vulnerability in multiple products
A type confusion issue was addressed with improved memory handling.
network
low complexity
apple fedoraproject debian CWE-843
8.8
8.8
2022-11-01 CVE-2022-3602 Out-of-bounds Write vulnerability in multiple products
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking.
network
low complexity
openssl fedoraproject netapp nodejs CWE-787
7.5
7.5
2022-11-01 CVE-2022-3786 Classic Buffer Overflow vulnerability in multiple products
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking.
network
low complexity
openssl fedoraproject nodejs CWE-120
7.5
7.5
2022-11-01 CVE-2022-39369 phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.
network
low complexity
apereo fedoraproject
8.0
8.0
2022-11-01 CVE-2022-42309 Release of Invalid Pointer or Reference vulnerability in multiple products
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage.
local
low complexity
xen debian fedoraproject CWE-763
8.8
8.8
2022-11-01 CVE-2022-42320 Incomplete Cleanup vulnerability in multiple products
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid.
local
high complexity
xen debian fedoraproject CWE-459
7.0
7.0