Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xrdp xrdp vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-5903
Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and previous versions allows remote malicious users to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member.
Xrdp Xrdp 0.3.2
Xrdp Xrdp 0.3.1
Xrdp Xrdp 0.3
Xrdp Xrdp
Xrdp Xrdp 0.4
7.5
CVSSv2
CVE-2008-5904
The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and previous versions allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.
Xrdp Xrdp 0.3
Xrdp Xrdp 0.3.2
Xrdp Xrdp 0.3.1
Xrdp Xrdp
Xrdp Xrdp 0.4
1 EDB exploit
7.5
CVSSv2
CVE-2008-5902
Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and previous versions allows remote malicious users to execute arbitrary code via a crafted request.
Xrdp Xrdp
Xrdp Xrdp 0.4
Xrdp Xrdp 0.3.2
Xrdp Xrdp 0.3.1
Xrdp Xrdp 0.3
7.2
CVSSv2
CVE-2022-23613
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability h...
Neutrinolabs Xrdp 0.9.17
Neutrinolabs Xrdp 0.9.18
Fedoraproject Fedora 34
Fedoraproject Fedora 35
NA
CVE-2023-40184
xrdp is an open source remote desktop protocol (RDP) server. In versions before 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may ...
Neutrinolabs Xrdp
4.6
CVSSv2
CVE-2020-4044
The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on p...
Neutrinolabs Xrdp
7.5
CVSSv2
CVE-2017-6967
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.
Neutrinolabs Xrdp 0.9.1
7.2
CVSSv2
CVE-2017-16927
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp up to and including 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecifie...
Neutrinolabs Xrdp
Debian Debian Linux 7.0
NA
CVE-2022-23477
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrad...
Neutrinolabs Xrdp
Debian Debian Linux 11.0
NA
CVE-2022-23478
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue...
Neutrinolabs Xrdp
Debian Debian Linux 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »