Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-09 CVE-2022-23479 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function.
network
low complexity
neutrinolabs debian
critical
9.8
2022-12-09 CVE-2022-23480 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function.
network
low complexity
neutrinolabs debian
critical
9.8
2022-12-09 CVE-2022-23481 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function.
network
low complexity
neutrinolabs debian
critical
9.1
2022-12-09 CVE-2022-23482 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function.
network
low complexity
neutrinolabs debian
critical
9.1
2022-12-09 CVE-2022-23483 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function.
network
low complexity
neutrinolabs debian
critical
9.1
2022-12-09 CVE-2022-23484 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function.
network
low complexity
neutrinolabs debian
critical
9.8
2022-12-09 CVE-2022-23493 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function.
network
low complexity
neutrinolabs debian
critical
9.1
2022-12-06 CVE-2022-24439 Improper Input Validation vulnerability in multiple products
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command.
network
low complexity
gitpython-project fedoraproject debian CWE-20
critical
9.8
2022-12-05 CVE-2022-30123 A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
network
low complexity
rack-project debian
critical
10.0
2022-12-05 CVE-2022-32221 Exposure of Resource to Wrong Sphere vulnerability in multiple products
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback.
network
low complexity
haxx netapp debian apple splunk CWE-668
critical
9.8