High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-01	CVE-2022-42823	Type Confusion vulnerability in multiple products A type confusion issue was addressed with improved memory handling. network low complexity apple fedoraproject debian CWE-843	8.8
2022-11-01	CVE-2022-3602	Out-of-bounds Write vulnerability in multiple products A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. network low complexity openssl fedoraproject netapp nodejs CWE-787	7.5
2022-11-01	CVE-2022-3786	Classic Buffer Overflow vulnerability in multiple products A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. network low complexity openssl fedoraproject nodejs CWE-120	7.5
2022-11-01	CVE-2022-39369	Improper Validation of Specified Type of Input vulnerability in multiple products phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. network low complexity apereo fedoraproject CWE-1287	8.0
2022-11-01	CVE-2022-42309	Release of Invalid Pointer or Reference vulnerability in multiple products Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. local low complexity xen debian fedoraproject CWE-763	8.8
2022-11-01	CVE-2022-42320	Incomplete Cleanup vulnerability in multiple products Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. local high complexity xen debian fedoraproject CWE-459	7.0
2022-11-01	CVE-2022-42327	x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. local low complexity xen fedoraproject	7.1
2022-10-31	CVE-2022-40617	Resource Exhaustion vulnerability in multiple products strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. network low complexity strongswan canonical debian fedoraproject stormshield CWE-400	7.5
2022-10-29	CVE-2022-42915	Double Free vulnerability in multiple products curl before 7.86.0 has a double free. network high complexity haxx fedoraproject netapp apple splunk CWE-415	8.1
2022-10-29	CVE-2022-41974	Improper Privilege Management vulnerability in multiple products multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. local low complexity opensvc fedoraproject debian CWE-269	7.8