Lucene search
K

738 matches found

OSV
OSV
added 2026/04/17 9:16 p.m.7 views

DEBIAN-CVE-2026-33689

xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase...

9.1CVSS5.7AI score0.00484EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 9:16 p.m.5 views

CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS0.00356EPSS
Exploits0References2
NVD
NVD
added 2026/04/17 9:16 p.m.5 views

CVE-2026-33689

xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase...

9.1CVSS0.00484EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 9:16 p.m.9 views

DEBIAN-CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.3AI score0.00356EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/17 9:16 p.m.8 views

CVE-2026-33689

xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase...

9.1CVSS5.8AI score0.00484EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/17 9:16 p.m.8 views

CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

8.8CVSS6.3AI score0.00583EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 9:16 p.m.5 views

UBUNTU-CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

8.8CVSS6.3AI score0.00583EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 9:16 p.m.6 views

UBUNTU-CVE-2026-33689

xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase...

9.1CVSS5.8AI score0.00484EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 9:16 p.m.7 views

UBUNTU-CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.2AI score0.00356EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/17 9:16 p.m.6 views

CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.2AI score0.00356EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/17 8:42 p.m.6 views

CVE-2026-32107

A flaw was found in xrdp, an open source Remote Desktop Protocol RDP server. The session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execut...

8.8CVSS6.3AI score0.00159EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/17 8:38 p.m.4 views

CVE-2026-32105

A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. When using the "Classic RDP Security" layer, xrdp fails to verify the Message Authentication Code MAC signature of encrypted RDP packets. This oversight allows an unauthenticated attacker with man-in-the-middle MITM...

9.3CVSS5.7AI score0.00174EPSS
Exploits0References5
CVE
CVE
added 2026/04/17 8:21 p.m.17 views

CVE-2026-35512

CVE-2026-35512 affects xrdp up to version 0.10.5, with a heap-based buffer overflow in the EGFX channel caused by insufficient validation of client-controlled size parameters. This allows an out-of-bounds write via crafted PDUs, enabling pre-authentication crashes and, in the post-authentication ...

8.8CVSS6.3AI score0.00583EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/17 8:21 p.m.5 views

EUVD-2026-23519

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

8.7CVSS6.3AI score0.00583EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 8:21 p.m.5 views

CVE-2026-35512 xrdp: Heap buffer overflow in EGFX channel

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

8.7CVSS6.3AI score0.00583EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:21 p.m.4 views

CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

8.7CVSS6.3AI score0.00583EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/17 8:21 p.m.20 views

CVE-2026-35512 xrdp: Heap buffer overflow in EGFX channel

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

8.7CVSS0.00583EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/04/17 8:21 p.m.7 views

CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

8.8CVSS6.3AI score0.00583EPSS
Exploits0
OSV
OSV
added 2026/04/17 8:16 p.m.5 views

DEBIAN-CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

9.1CVSS5.6AI score0.00427EPSS
Exploits0References1
OSV
OSV
added 2026/04/17 8:16 p.m.3 views

DEBIAN-CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

6.5CVSS5.9AI score0.00408EPSS
Exploits0References1
Rows per page
Query Builder