CVE-2026-35512

A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. This heap-based buffer overflow vulnerability, caused by insufficient validation of client-controlled size parameters, allows an out-of-bounds write via crafted Protocol Data Units PDUs. A remote attacker can exploit thi...

DEBIAN-CVE-2026-33689

xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase...

CVE-2026-35512 xrdp: Heap buffer overflow in EGFX channel

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

CVE-2026-32623 xrdp: Heap buffer overflow in NeutrinoRDP channel reassembly

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

[SECURITY] Fedora 42 Update: freerdp-3.24.2-1.fc42

The xfreerdp & wlfreerdp Remote Desktop Protocol RDP clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox...

[SECURITY] Fedora 43 Update: xrdp-0.10.5-1.fc43

xrdp provides a fully functional RDP server compatible with a wide range of RDP clients, including FreeRDP and Microsoft RDP client...

EUVD-2023-44784

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-42822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllabl...

ROS-20241216-08

A vulnerability in the authstartsession function of the XRDP server is related to session restriction bypass. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20231024-02

A vulnerability in the xrdppainter.c component of the XRDP server is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to protected information information...

Advisory ROSA-SA-2023-2249

software: xrdp 0.9.22.1 OS: ROSA-CHROME packageevrstring: xrdp-0.9.22.1-1.src.rpm CVE-ID: CVE-2022-23468 BDU-ID: 2022-07312 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the xrdploginwndcreate function of the XRDP server involves buffer copying without checking the size of the input data...

ROS-20221222-01

A vulnerability in the audinsendopen function of the xrdp server is related to the possibility of a stacked buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to a remote machine Vulnerability in devredirprocclientdevlistannouncereq function ...

xrdp 输入验证错误漏洞

xrdp is an open source remote desktop protocol server from Neutrinolabs Labs. An input validation error vulnerability exists in versions prior to xrdp v0.9.21, which stems from the inclusion of an integer overflow in the xrdpmmprocessrailupdatewindowtext function...