High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-01	CVE-2022-42309	Release of Invalid Pointer or Reference vulnerability in multiple products Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. local low complexity xen debian fedoraproject CWE-763	8.8
2022-11-01	CVE-2022-42320	Incomplete Cleanup vulnerability in multiple products Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. local high complexity xen debian fedoraproject CWE-459	7.0
2022-11-01	CVE-2022-42327	x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. local low complexity xen fedoraproject	7.1
2022-10-31	CVE-2022-40617	Resource Exhaustion vulnerability in multiple products strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. network low complexity strongswan canonical debian fedoraproject stormshield CWE-400	7.5
2022-10-29	CVE-2022-42915	Double Free vulnerability in multiple products curl before 7.86.0 has a double free. network high complexity haxx fedoraproject netapp apple splunk CWE-415	8.1
2022-10-29	CVE-2022-41974	Improper Privilege Management vulnerability in multiple products multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. local low complexity opensvc fedoraproject debian CWE-269	7.8
2022-10-29	CVE-2022-41973	Link Following vulnerability in multiple products multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. local low complexity opensvc fedoraproject debian CWE-59	7.8
2022-10-29	CVE-2022-42916	Cleartext Transmission of Sensitive Information vulnerability in multiple products In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. network low complexity haxx fedoraproject apple splunk CWE-319	7.5
2022-10-27	CVE-2022-3725	Out-of-bounds Write vulnerability in multiple products Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject CWE-787	7.5
2022-10-26	CVE-2022-39286	Uncontrolled Search Path Element vulnerability in multiple products Jupyter Core is a package for the core common functionality of Jupyter projects. network low complexity jupyter debian fedoraproject CWE-427	8.8