Total
8822 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23480 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2023-10-24 | N/A | 9.8 CRITICAL |
| xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade. | |||||
| CVE-2022-23493 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2023-10-24 | N/A | 9.1 CRITICAL |
| xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade. | |||||
| CVE-2022-23484 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2023-10-24 | N/A | 9.8 CRITICAL |
| xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade. | |||||
| CVE-2022-23483 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2023-10-24 | N/A | 9.1 CRITICAL |
| xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade. | |||||
| CVE-2022-23477 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2023-10-24 | N/A | 9.8 CRITICAL |
| xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade. | |||||
| CVE-2023-40577 | 2 Debian, Prometheus | 2 Debian Linux, Alertmanager | 2023-10-24 | N/A | 5.4 MEDIUM |
| Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51. | |||||
| CVE-2023-1818 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-10-24 | N/A | 8.8 HIGH |
| Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1817 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-10-24 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1816 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-10-24 | N/A | 6.5 MEDIUM |
| Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1815 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-10-24 | N/A | 8.8 HIGH |
| Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1814 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-10-24 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1813 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-10-24 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1812 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-10-24 | N/A | 8.8 HIGH |
| Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-45133 | 2 Babeljs, Debian | 9 Babel, Babel-helper-define-polyfill-provider, Babel-plugin-polyfill-corejs2 and 6 more | 2023-10-24 | N/A | 8.8 HIGH |
| Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3. | |||||
| CVE-2017-1000421 | 2 Debian, Lcdf | 2 Debian Linux, Gifsicle | 2023-10-24 | 7.5 HIGH | 9.8 CRITICAL |
| Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution | |||||
| CVE-2020-11038 | 3 Debian, Freerdp, Opensuse | 3 Debian Linux, Freerdp, Leap | 2023-10-24 | 5.5 MEDIUM | 5.4 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. | |||||
| CVE-2020-11019 | 3 Debian, Freerdp, Opensuse | 3 Debian Linux, Freerdp, Leap | 2023-10-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. | |||||
| CVE-2020-11018 | 3 Debian, Freerdp, Opensuse | 3 Debian Linux, Freerdp, Leap | 2023-10-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. | |||||
| CVE-2020-11017 | 3 Debian, Freerdp, Opensuse | 3 Debian Linux, Freerdp, Leap | 2023-10-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. | |||||
| CVE-2020-13398 | 4 Canonical, Debian, Freerdp and 1 more | 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more | 2023-10-24 | 6.5 MEDIUM | 8.3 HIGH |
| An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | |||||