Vulnerabilities > Debian > Debian Linux > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-09 | CVE-2022-23480 | Classic Buffer Overflow vulnerability in multiple products xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. | 9.8 |
| 2022-12-09 | CVE-2022-23479 | Classic Buffer Overflow vulnerability in multiple products xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. | 9.8 |
| 2022-12-09 | CVE-2022-23478 | Out-of-bounds Write vulnerability in multiple products xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. | 9.8 |
| 2022-12-09 | CVE-2022-23477 | Classic Buffer Overflow vulnerability in multiple products xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. | 9.8 |
| 2022-12-09 | CVE-2022-23468 | Classic Buffer Overflow vulnerability in multiple products xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. | 9.8 |
| 2022-12-06 | CVE-2022-24439 | Improper Input Validation vulnerability in multiple products All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. | 9.8 |
| 2022-12-05 | CVE-2022-35255 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. | 9.1 |
| 2022-12-05 | CVE-2022-32221 | Exposure of Resource to Wrong Sphere vulnerability in multiple products When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. | 9.8 |
| 2022-12-05 | CVE-2022-30123 | A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. | 10.0 |
| 2022-11-22 | CVE-2022-36227 | NULL Pointer Dereference vulnerability in multiple products In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. | 9.8 |