Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/04/17 8:38 p.m.4 views

CVE-2026-32105

A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. When using the "Classic RDP Security" layer, xrdp fails to verify the Message Authentication Code MAC signature of encrypted RDP packets. This oversight allows an unauthenticated attacker with man-in-the-middle MITM...

9.3CVSS5.7AI score0.00174EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/17 7:27 p.m.5 views

CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

9.3CVSS5.6AI score0.00174EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 7:27 p.m.18 views

CVE-2026-32105

This CVE concerns xrdp, an open source RDP server. In versions up to 0.10.5, xrdp does not verify the MAC (8-byte integrity signature) of RDP packets when using the Classic RDP Security layer. The receiver’s logic fails to validate the MAC, allowing an unauthenticated attacker with MITM capabilit...

9.3CVSS5.6AI score0.00174EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/17 7:27 p.m.20 views

CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

9.3CVSS0.00174EPSS
Exploits0References2
OSV
OSV
added 2020/06/04 3:15 p.m.3 views

CVE-2020-13803

An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures...

7.5CVSS5.8AI score0.00684EPSS
Exploits0References1
NVD
NVD
added 2017/08/10 6:29 p.m.25 views

CVE-2017-3156

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks...

7.5CVSS7.4AI score0.06315EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2013/09/23 12:0 a.m.48 views

Polycom HDX < 3.1.1.2 Multiple Vulnerabilities

According to its self-reported version number, the firmware installed on the remote host is affected by multiple vulnerabilities : - A command shell authorization bypass vulnerability exists that could be used by a malicious user to gain unauthorized access to the system, which could result in...

6.6AI score
Exploits0References11
Rows per page
Query Builder