Lucene search
+L

1747 matches found

Debian CVE
Debian CVE
added 2026/04/17 7:56 p.m.4 views

CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

9.1CVSS5.6AI score0.00427EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/17 7:56 p.m.4 views

CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

7.7CVSS5.8AI score0.00427EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/17 7:56 p.m.22 views

CVE-2026-33516

CVE-2026-33516 affects xrdp (open source RDP server). Versions up to 0.10.5 contain an out-of-bounds read during the RDP capability exchange, triggered when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can exploit this by sending a crafted C...

9.1CVSS5.8AI score0.00427EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 7:43 p.m.10 views

CVE-2026-32623 xrdp: Heap buffer overflow in NeutrinoRDP channel reassembly

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

7.7CVSS6.1AI score0.00544EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 7:43 p.m.4 views

CVE-2026-32623

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

7.7CVSS6.1AI score0.00544EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/17 7:43 p.m.16 views

CVE-2026-32623

Summary: CVE-2026-32623 affects xrdp up to v0.10.5, where the NeutrinoRDP module (not built by default) may mishandle reassembled fragmented virtual channel data, causing a heap-based buffer overflow. This can lead to memory corruption with potential DoS or RCE if an attacker can position or MITM...

8.1CVSS6.1AI score0.00544EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/17 7:43 p.m.2 views

CVE-2026-32623 xrdp: Heap buffer overflow in NeutrinoRDP channel reassembly

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

7.7CVSS7.4AI score0.00544EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/04/17 7:43 p.m.5 views

CVE-2026-32623

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

8.1CVSS6AI score0.00544EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/17 7:27 p.m.23 views

CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

9.3CVSS0.00174EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 7:27 p.m.9 views

CVE-2026-32105

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

9.3CVSS5.6AI score0.00174EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/17 7:27 p.m.3 views

CVE-2026-32105

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

9.3CVSS5.6AI score0.00174EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.6 views

PT-2026-33498

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description A heap-based buffer overflow exists in the NeutrinoRDP module. When proxying RDP sessions to another server, the module does not properly validate the size of reassembled fragmented virtual channel dat...

10CVSS6AI score0.00544EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.11 views

AlmaLinux 9 : freerdp (ALSA-2026:8457)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:8457 advisory. FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data CVE-2026-33984 FreeRDP: FreeRDP: Denial of Service via...

7.5CVSS6.7AI score0.00426EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007208)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007208 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure ...

8.7CVSS5.8AI score0.00467EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007207)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007207 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls...

9.8CVSS6AI score0.00443EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007197)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007197 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is...

9.8CVSS6AI score0.00453EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007183)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007183 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in freerdpimagecopyfromicondata libfreerdp/codec/color.c...

6.9CVSS5.8AI score0.00242EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2026/04/09 6:2 a.m.8 views

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

9.8CVSS6.6AI score0.00656EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2026/04/08 5:18 a.m.6 views

freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface

A heap buffer overflow has been discovered in FreeRDP. The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface...

9.1CVSS6.1AI score0.00489EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/08 5:18 a.m.9 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.8AI score0.00534EPSS
Exploits0References7
Rows per page
Query Builder