CVE-2026-0967 affecting package libssh for versions less than 0.10.6-7

CVE-2026-0967 affecting package libssh for versions less than 0.10.6-7. A patched version of the package is available...

CVE-2026-0964 affecting package libssh for versions less than 0.10.6-7

CVE-2026-0964 affecting package libssh for versions less than 0.10.6-7. A patched version of the package is available...

CVE-2026-0965 affecting package libssh for versions less than 0.10.6-7

CVE-2026-0965 affecting package libssh for versions less than 0.10.6-7. A patched version of the package is available...

[SECURITY] Fedora 44 Update: xrdp-0.10.6-1.fc44

xrdp provides a fully functional RDP server compatible with a wide range of RDP clients, including FreeRDP and Microsoft RDP client...

SUSE CVE-2026-32105

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

SUSE CVE-2026-32107

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary co...

SUSE CVE-2026-32623

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

SUSE CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

SUSE CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

SUSE CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

SUSE CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

Linux Distros Unpatched Vulnerability : CVE-2026-32623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP...

Linux Distros Unpatched Vulnerability : CVE-2026-32105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypt...

Linux Distros Unpatched Vulnerability : CVE-2026-33689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remot...

Linux Distros Unpatched Vulnerability : CVE-2026-33145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling...

Linux Distros Unpatched Vulnerability : CVE-2026-33516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occur...

DEBIAN-CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

CVE-2026-33689

xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase...