CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23479 – Buffer Overflow occurs in xrdp
https://notcve.org/view.php?id=CVE-2022-23479
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene un flujo del búfer desbordado en la función xrdp_mm_chan_data_in(). No se conocen workarounds para este problema. Se recomienda a los usuarios que actualicen. • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-pgx2-3fjj-fqqh https://www.debian.org/security/2023/dsa-5502 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23478 – Out of Bound Write in xrdp
https://notcve.org/view.php?id=CVE-2022-23478
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene una escritura fuera de los límites en la función xrdp_mm_trans_process_drdynvc_channel_open(). No se conocen workarounds para este problema. Se recomienda a los usuarios que actualicen. • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2f49-wwpm-78pj https://www.debian.org/security/2023/dsa-5502 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23468 – Buffer Overflow in xrdp
https://notcve.org/view.php?id=CVE-2022-23468
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene un flujo de búfer desbordado en la función xrdp_login_wnd_create(). No se conocen workarounds para este problema. Se recomienda a los usuarios que actualicen. • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8c2f-mw8m-qpx6 https://www.debian.org/security/2023/dsa-5502 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23493 – Out of Bound Read in xrdp
https://notcve.org/view.php?id=CVE-2022-23493
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene una lectura fuera de los límites en la función xrdp_mm_trans_process_drdynvc_channel_close(). No se conocen workarounds para este problema. Se recomienda a los usuarios que actualicen. • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-59wp-3wq6-jh5v https://www.debian.org/security/2023/dsa-5502 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42328
https://notcve.org/view.php?id=CVE-2022-42328
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). Los invitados pueden provocar un punto muerto en Linux netback driver T. Este registro de información CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE.] • http://www.openwall.com/lists/oss-security/2022/12/08/2 http://www.openwall.com/lists/oss-security/2022/12/08/3 http://www.openwall.com/lists/oss-security/2022/12/09/2 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://xenbits.xenproject.org/xsa/advisory-424.txt • CWE-667: Improper Locking •