Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xrdp xrdp vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-5904
The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and previous versions allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.
Xrdp Xrdp 0.3
Xrdp Xrdp 0.3.2
Xrdp Xrdp 0.3.1
Xrdp Xrdp
Xrdp Xrdp 0.4
1 EDB exploit
7.5
CVSSv2
CVE-2008-5903
Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and previous versions allows remote malicious users to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member.
Xrdp Xrdp 0.3.2
Xrdp Xrdp 0.3.1
Xrdp Xrdp 0.3
Xrdp Xrdp
Xrdp Xrdp 0.4
7.5
CVSSv2
CVE-2008-5902
Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and previous versions allows remote malicious users to execute arbitrary code via a crafted request.
Xrdp Xrdp
Xrdp Xrdp 0.4
Xrdp Xrdp 0.3.2
Xrdp Xrdp 0.3.1
Xrdp Xrdp 0.3
7.2
CVSSv2
CVE-2022-23613
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability h...
Neutrinolabs Xrdp 0.9.17
Neutrinolabs Xrdp 0.9.18
Fedoraproject Fedora 34
Fedoraproject Fedora 35
4.6
CVSSv2
CVE-2020-4044
The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on p...
Neutrinolabs Xrdp
NA
CVE-2023-40184
xrdp is an open source remote desktop protocol (RDP) server. In versions before 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may ...
Neutrinolabs Xrdp
7.5
CVSSv2
CVE-2017-6967
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.
Neutrinolabs Xrdp 0.9.1
7.2
CVSSv2
CVE-2017-16927
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp up to and including 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecifie...
Neutrinolabs Xrdp
Debian Debian Linux 7.0
NA
CVE-2022-23483
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised ...
Neutrinolabs Xrdp
Debian Debian Linux 11.0
1 Github repository
NA
CVE-2022-23478
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue...
Neutrinolabs Xrdp
Debian Debian Linux 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »