freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

OESA-2026-2226 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of...

DEBIAN-CVE-2026-5405

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

CVE-2026-5405

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

CVE-2026-5405 Heap-based Buffer Overflow in Wireshark

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

KLA91016 Multiple vulnerabilities in Wireshark

Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in Monero protocol dissector can be exploited to cause a denial...

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

RHEL 9 : freerdp (RHSA-2026:9640)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9640 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

FreeRDP security vulnerabilities

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.21.0 contained security vulnerabilities. These vulnerabilities stemmed from specially crafted band coordinates in the ClearCodec decoding path, which allowed writing beyond the targ...

Eternalblue-Doublepulsar-Metasploit

This is a Metasploit module to exploit the EternalBlue-Doublepulsar vulnerability. The module is designed to target Windows systems and uses the Doublepulsar backdoor to install a DLL into a user mode process. The module can be used to perform various operations, including outputting the install...

[SECURITY] Fedora 41 Update: guacamole-server-1.6.0-1.fc41

Guacamole is an HTML5 remote desktop gateway. Guacamole provides access to desktop environments using remote desktop protoc ols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser. No browser plugins are needed, and no clie...

[SECURITY] Fedora 42 Update: guacamole-server-1.6.0-1.fc42

Guacamole is an HTML5 remote desktop gateway. Guacamole provides access to desktop environments using remote desktop protoc ols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser. No browser plugins are needed, and no clie...

CVE-2024-40595

An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions SPS On Premise before 7.5.1 and LTS before 7.0.5.1 allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by intercepting cleartext RDP protocol informatio...

ALSA-2024:2208 Moderate: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: Incorrect offset calculation leading to DOS CVE-2023-39350...

[SECURITY] [DLA 3654-1] freerdp2 security update

Debian LTS Advisory DLA-3654-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost November 17, 2023 https://wiki.debian.org/LTS Package : freerdp2 Version : 2.3.0+dfsg1-2+deb10u4 CVE ID : CVE-2021-41160 CVE-2022-24883 CVE-2022-39282 CVE-2022-39283 CVE-2022-39316...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xrdp (SUSE-SU-2023:3830-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3830-1 advisory. - xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handlin...

ROS-20230907-02

Vulnerability in the Core component of Oracle VM VirtualBox virtual machine is related to resource release errors resources. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code or gain full control of an application using the RDP protocol. arbitrary code or...

CVE-2023-40575

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalYUV444ToRGB8uP3AC4RBGRX function. This issue is likely down to insufficient data for the pSrc variable and results in crashe...