Linux Distros Unpatched Vulnerability : CVE-2026-33516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occur...

DEBIAN-CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

CVE-2026-33689

xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase...

CVE-2026-33689

xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase...

CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

CVE-2026-33516

CVE-2026-33516 affects xrdp (open source RDP server). Versions up to 0.10.5 contain an out-of-bounds read during the RDP capability exchange, triggered when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can exploit this by sending a crafted C...

PT-2026-33507

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description An out-of-bounds read exists in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the...