Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-09 CVE-2022-23481 Out-of-bounds Read vulnerability in multiple products
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function.
network
low complexity
neutrinolabs debian CWE-125
critical
9.1
2022-12-09 CVE-2022-23482 Out-of-bounds Read vulnerability in multiple products
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function.
network
low complexity
neutrinolabs debian CWE-125
critical
9.1
2022-12-09 CVE-2022-23483 Out-of-bounds Read vulnerability in multiple products
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function.
network
low complexity
neutrinolabs debian CWE-125
critical
9.1
2022-12-09 CVE-2022-23484 Integer Overflow or Wraparound vulnerability in multiple products
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function.
network
low complexity
neutrinolabs debian CWE-190
critical
9.8
2022-12-09 CVE-2022-23493 Out-of-bounds Read vulnerability in multiple products
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function.
network
low complexity
neutrinolabs debian CWE-125
critical
9.1
2022-12-06 CVE-2022-24439 Improper Input Validation vulnerability in multiple products
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command.
network
low complexity
gitpython-project fedoraproject debian CWE-20
critical
9.8
2022-12-05 CVE-2022-30123 A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
network
low complexity
rack-project debian
critical
10.0
2022-12-05 CVE-2022-32221 Exposure of Resource to Wrong Sphere vulnerability in multiple products
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback.
network
low complexity
haxx netapp debian apple splunk CWE-668
critical
9.8
2022-12-05 CVE-2022-35255 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc.
network
low complexity
nodejs siemens debian CWE-338
critical
9.1
2022-11-22 CVE-2022-36227 NULL Pointer Dereference vulnerability in multiple products
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
network
low complexity
libarchive debian fedoraproject splunk CWE-476
critical
9.8