Lucene search
K

1730 matches found

SUSE CVE
SUSE CVE
added 2026/04/20 11:26 p.m.6 views

SUSE CVE-2026-32105

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

9.3CVSS5.6AI score0.00174EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/20 6:31 a.m.8 views

CVE-2026-33516

A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. A remote, unauthenticated attacker can exploit an out-of-bounds read vulnerability by sending a specially crafted Confirm Active PDU during the RDP capability exchange. This issue occurs when memory is accessed without...

9.1CVSS5.9AI score0.00427EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.5 views

RHEL 8 : freerdp (RHSA-2026:8945)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8945 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

7.5CVSS6.7AI score0.00426EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-32623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP...

8.1CVSS7.4AI score0.00544EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/17 9:16 p.m.8 views

CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

8.8CVSS6.3AI score0.00583EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 8:16 p.m.5 views

DEBIAN-CVE-2026-32623

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

8.1CVSS6AI score0.00544EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 8:16 p.m.6 views

CVE-2026-32105

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

9.3CVSS0.00174EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/17 8:16 p.m.4 views

CVE-2026-33689

xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase...

9.1CVSS5.6AI score0.00484EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/04/17 8:16 p.m.10 views

CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

6.5CVSS5.9AI score0.00408EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 8:16 p.m.6 views

UBUNTU-CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

9.1CVSS5.8AI score0.00427EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/17 7:56 p.m.23 views

CVE-2026-33516 xrdp: Pre-authentication out-of-bounds reads in RDP capability and channel parsers

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

7.7CVSS0.00427EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 7:56 p.m.4 views

CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

7.7CVSS5.8AI score0.00427EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 7:56 p.m.5 views

CVE-2026-33516 xrdp: Pre-authentication out-of-bounds reads in RDP capability and channel parsers

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

7.7CVSS5.8AI score0.00427EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 7:56 p.m.21 views

CVE-2026-33516

CVE-2026-33516 affects xrdp (open source RDP server). Versions up to 0.10.5 contain an out-of-bounds read during the RDP capability exchange, triggered when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can exploit this by sending a crafted C...

9.1CVSS5.8AI score0.00427EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/04/17 7:56 p.m.4 views

CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

9.1CVSS5.6AI score0.00427EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/17 7:43 p.m.4 views

CVE-2026-32623

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

8.1CVSS6AI score0.00544EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/17 7:43 p.m.9 views

CVE-2026-32623 xrdp: Heap buffer overflow in NeutrinoRDP channel reassembly

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

7.7CVSS6.1AI score0.00544EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 7:43 p.m.3 views

CVE-2026-32623

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

7.7CVSS6.1AI score0.00544EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/17 7:43 p.m.14 views

CVE-2026-32623

Summary: CVE-2026-32623 affects xrdp up to v0.10.5, where the NeutrinoRDP module (not built by default) may mishandle reassembled fragmented virtual channel data, causing a heap-based buffer overflow. This can lead to memory corruption with potential DoS or RCE if an attacker can position or MITM...

8.1CVSS6.1AI score0.00544EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/17 7:27 p.m.21 views

CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

9.3CVSS0.00174EPSS
Exploits0References2
Rows per page
Query Builder