CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41881 – codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS
https://notcve.org/view.php?id=CVE-2022-41881
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. El proyecto Netty es un framework de aplicación de red asíncrona impulsado por eventos. • https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html https://security.netapp.com/advisory/ntap-20230113-0004 https://www.debian.org/security/2023/dsa-5316 https://access.redhat.com/security/cve/CVE-2022-41881 https://bugzilla.redhat.com/show_bug.cgi?id=2153379 • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23477 – Buffer Overflow in xrdp
https://notcve.org/view.php?id=CVE-2022-23477
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene un flujo del búfer desbordado en la función auditin_send_open(). No se conocen workarounds para este problema. Se recomienda a los usuarios que actualicen. • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hqw2-jx2c-wrr2 https://www.debian.org/security/2023/dsa-5502 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23484 – Integer Overflow in xrdp
https://notcve.org/view.php?id=CVE-2022-23484
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene un desbordamiento de enteros en la función xrdp_mm_process_rail_update_window_text(). No se conocen workarounds para este problema. Se recomienda a los usuarios que actualicen. • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rqfx-5fv8-q9c6 https://www.debian.org/security/2023/dsa-5502 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23483 – Out-of-Bound Read in libxrdp
https://notcve.org/view.php?id=CVE-2022-23483
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene una lectura fuera de los límites en la función libxrdp_send_to_channel(). No se conocen workarounds para este problema. Se recomienda a los usuarios que actualicen. • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-38rw-9ch2-fcxq https://www.debian.org/security/2023/dsa-5502 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23482 – Out-of-Bound Read in xrdp
https://notcve.org/view.php?id=CVE-2022-23482
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene una lectura fuera de los límites en la función xrdp_sec_process_mcs_data_CS_CORE(). No se conocen workarounds para este problema. Se recomienda a los usuarios que actualicen. • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-56pq-2pm9-7fhm https://www.debian.org/security/2023/dsa-5502 • CWE-125: Out-of-bounds Read •