CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
49.9%
software: xrdp 0.9.23.1
OS: ROSA-CHROME
package_evr_string: xrdp-0.9.23.1-1
CVE-ID: CVE-2023-40184
BDU-ID: 2023-07659
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the auth_start_session() function of the XRDP server is related to the bypassing of session restrictions. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update xrdp
CVE-ID: CVE-2023-42822
BDU-ID: 2023-06266
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the xrdp_painter.c component of the XRDP server is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
49.9%