Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xrdp vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-5420
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an malicious user to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability af...
Mozilla Firefox
6.5
CVSSv3
CVE-2017-5407
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and ...
Debian Debian Linux 8.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Eus 7.5
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Eus 7.3
Redhat Enterprise Linux Server 6.0
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
6.1
CVSSv3
CVE-2021-22810
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete pol...
Schneider-electric Network Management Card 2 Firmware
Schneider-electric Network Management Card 3 Firmware
6.1
CVSSv3
CVE-2021-22811
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Un...
Schneider-electric Network Management Card 2 Firmware
Schneider-electric Network Management Card 3 Firmware
6.1
CVSSv3
CVE-2021-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Ph...
Schneider-electric Network Management Card 2 Firmware
Schneider-electric Network Management Card 3 Firmware
6.1
CVSSv3
CVE-2021-22813
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit poli...
Schneider-electric Network Management Card 2 Firmware
Schneider-electric Network Management Card 3 Firmware
6.1
CVSSv3
CVE-2021-22814
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) u...
Schneider-electric Network Management Card 2 Firmware
Schneider-electric Network Management Card 3 Firmware
5.9
CVSSv3
CVE-2021-36158
In the xrdp package (in branches up to and including 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.
Alpinelinux Aports
5.5
CVSSv3
CVE-2017-5414
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbir...
Mozilla Firefox
Mozilla Thunderbird
5.5
CVSSv3
CVE-2017-5427
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This co...
Mozilla Firefox
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »