Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-03-28 CVE-2022-23121 Improper Handling of Exceptional Conditions vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-755
critical
9.8
2023-03-28 CVE-2022-23122 Out-of-bounds Write vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-787
critical
9.8
2023-03-28 CVE-2022-23123 Out-of-bounds Read vulnerability in multiple products
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-125
critical
9.8
2023-03-28 CVE-2022-23124 Out-of-bounds Read vulnerability in multiple products
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-125
critical
9.8
2023-03-28 CVE-2022-23125 Out-of-bounds Write vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-787
critical
9.8
2023-02-28 CVE-2023-27372 SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled.
network
low complexity
spip debian
critical
9.8
2023-02-20 CVE-2022-48337 OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program.
network
low complexity
gnu debian CWE-78
critical
9.8
2023-02-14 CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1.
network
low complexity
haproxy debian
critical
9.1
2023-01-10 CVE-2022-4337 An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
network
low complexity
openvswitch debian
critical
9.8
2023-01-10 CVE-2022-4338 An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
network
low complexity
openvswitch debian
critical
9.8