Lucene search
+L

755 matches found

AlpineLinux
AlpineLinux
added 2026/04/17 7:27 p.m.3 views

CVE-2026-32105

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

9.3CVSS5.6AI score0.00174EPSS
Exploits0
OSV
OSV
added 2026/04/17 7:27 p.m.2 views

CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

9.3CVSS7.1AI score0.00174EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/17 7:25 p.m.6 views

CVE-2026-32107

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary co...

8.8CVSS6.1AI score0.00159EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/17 7:25 p.m.25 views

CVE-2026-32107 xrdp: Fail-open privilege drop in sesexec — child processes may execute as root if setuid fails

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary co...

8.8CVSS0.00159EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 7:25 p.m.7 views

CVE-2026-32107

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary co...

8.8CVSS6.2AI score0.00159EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/17 7:25 p.m.4 views

CVE-2026-32107

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary co...

8.8CVSS6.2AI score0.00159EPSS
Exploits0
OSV
OSV
added 2026/04/17 7:25 p.m.2 views

CVE-2026-32107 xrdp: Fail-open privilege drop in sesexec — child processes may execute as root if setuid fails

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary co...

8.8CVSS7.6AI score0.00159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.6 views

PT-2026-33498

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description A heap-based buffer overflow exists in the NeutrinoRDP module. When proxying RDP sessions to another server, the module does not properly validate the size of reassembled fragmented virtual channel dat...

10CVSS6AI score0.00544EPSS
Exploits0References20
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

xrdp 安全漏洞

xrdp is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of xrdp 0.10.5 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of verification of the message authentication code signature for encrypted RDP packets when the classic R...

9.3CVSS5.9AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.12 views

xrdp 安全漏洞

XRDPT is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of XRDPT prior to 0.10.5 contain security vulnerabilities. These vulnerabilities stem from the RDP message parsing logic before authentication, which involves out-of-bound reads. This could lead to...

9.1CVSS5.8AI score0.00484EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.13 views

PT-2026-33507

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description An out-of-bounds read exists in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the...

9.1CVSS5.9AI score0.00484EPSS
Exploits0References20
Fedora
Fedora
added 2026/04/03 5:4 p.m.8 views

[SECURITY] Fedora 42 Update: freerdp-3.24.2-1.fc42

The xfreerdp & wlfreerdp Remote Desktop Protocol RDP clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox...

9.8CVSS6AI score0.00656EPSS
Exploits9
Fedora
Fedora
added 2026/04/01 12:57 a.m.6 views

[SECURITY] Fedora 43 Update: freerdp-3.24.2-1.fc43

The xfreerdp & wlfreerdp Remote Desktop Protocol RDP clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox...

8.1CVSS5.9AI score0.00426EPSS
Exploits2
Fedora
Fedora
added 2026/03/31 12:27 a.m.8 views

[SECURITY] Fedora 44 Update: freerdp-3.24.2-1.fc44

The xfreerdp & wlfreerdp Remote Desktop Protocol RDP clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox...

8.1CVSS5.9AI score0.00426EPSS
Exploits2
Rosalinux
Rosalinux
added 2026/03/22 9:17 p.m.9 views

Advisory ROSA-SA-2026-3244

software: xrdp 0.10.5 WASP: ROSA-CHROME unaffected versions = xrdp-0.10.5-1 affected versions xrdp-0.10.5-1 CVE-ID: CVE-2025-68670 BDU-ID: 2026-00962 CVE-Crit: CRITICAL CVE-DESC.: An XRDP server vulnerability is related to an operation exceeding buffer boundaries in memory. Exploitation of the...

9.8CVSS7.6AI score0.01318EPSS
Exploits0
Fedora
Fedora
added 2026/03/06 6:0 a.m.12 views

[SECURITY] Fedora 44 Update: freerdp-3.23.0-1.fc44

The xfreerdp & wlfreerdp Remote Desktop Protocol RDP clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox...

9.8CVSS5.9AI score0.00599EPSS
Exploits10
FreeBSD
FreeBSD
added 2026/03/03 12:0 a.m.20 views

xrdp -- Multiple vulnerabilities

xrdp project reports: This release includes 8 security fixes: CVE-2026-32105 CVE-2026-32107 CVE-2026-32623 CVE-2026-32624 CVE-2026-33145 CVE-2026-32516 CVE-2026-32689 CVE-2026-35512...

9.3CVSS5.7AI score0.00583EPSS
Exploits0
Fedora
Fedora
added 2026/02/18 12:56 a.m.13 views

[SECURITY] Fedora 42 Update: freerdp-3.22.0-1.fc42

The xfreerdp & wlfreerdp Remote Desktop Protocol RDP clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox...

9.1CVSS5.5AI score0.00628EPSS
Exploits0
OpenVAS
OpenVAS
added 2026/02/16 12:0 a.m.3 views

SUSE: Security Advisory (SUSE-SU-2026:0477-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS5.5AI score0.01318EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.3 views

SUSE SLES15 Security Update : xrdp (SUSE-SU-2026:0477-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0477-1 advisory. - CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362 Tenable has extracted the preceding descripti...

9.8CVSS5.6AI score0.01318EPSS
Exploits0References4
Rows per page
Query Builder