Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-03-28 CVE-2022-23123 Out-of-bounds Read vulnerability in multiple products
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-125
critical
9.8
2023-03-28 CVE-2022-23124 Out-of-bounds Read vulnerability in multiple products
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-125
critical
9.8
2023-03-28 CVE-2022-23125 Out-of-bounds Write vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-787
critical
9.8
2023-02-28 CVE-2023-27372 SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled.
network
low complexity
spip debian
critical
9.8
2023-02-20 CVE-2022-48337 OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program.
network
low complexity
gnu debian CWE-78
critical
9.8
2023-02-14 CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1.
network
low complexity
haproxy debian
critical
9.1
2023-01-10 CVE-2022-4337 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
network
low complexity
openvswitch debian CWE-125
critical
9.8
2023-01-10 CVE-2022-4338 Out-of-bounds Read vulnerability in multiple products
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
network
low complexity
openvswitch debian CWE-125
critical
9.8
2022-12-22 CVE-2022-41639 Heap-based Buffer Overflow vulnerability in multiple products
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0.
network
low complexity
openimageio debian CWE-122
critical
9.8
2022-12-22 CVE-2022-41649 Out-of-bounds Read vulnerability in multiple products
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0.
network
low complexity
openimageio debian CWE-125
critical
9.1