Lucene search
K

5246 matches found

RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-57156

A flaw was found in FreeRDP clients. A remote attacker, acting as a malicious Remote Desktop Protocol RDP peer, could exploit an integer overflow vulnerability. This overflow occurs when the client processes a specially crafted RDP message, leading to the allocation of an undersized memory buffer...

8.8CVSS6.5AI score0.00528EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-57158

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. FreeRDP clients using the Graphics GFX pipeline are vulnerable to an out-of-bounds read. A malicious RDP server can exploit this by sending a specially crafted, truncated RDPGFXCMDIDWIRETOSURFACE1 planar payloa...

5.4CVSS6AI score0.00528EPSS
Exploits1References7
NVD
NVD
added 3 days ago5 views

CVE-2026-57157

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS0.00522EPSS
Exploits1References6
NVD
NVD
added 3 days ago5 views

CVE-2026-57158

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

9.1CVSS0.00528EPSS
Exploits1References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43006

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00522EPSS
Exploits1References6
CVE
CVE
added 3 days ago10 views

CVE-2026-57158

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

9.1CVSS6.1AI score0.00528EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43004

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

7.5CVSS6.1AI score0.00452EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 3 days ago6 views

CVE-2026-55827

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

7.5CVSS6.1AI score0.00452EPSS
Exploits1
RedHat Linux
RedHat Linux
added 4 days ago5 views

gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS6.6AI score0.0053EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago8 views

freerdp: FreeRDP: Arbitrary code execution via crafted RDPGFX PDUs

A heap-buffer-overflow vulnerability exists in FreeRDP when handling Remote Desktop Protocol Graphics RDPGFX. A malicious or compromised RDP server can exploit this flaw by sending specially crafted graphics packets to a connected client, potentially crashing the client application Denial of...

8.8CVSS7.5AI score0.0042EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 6 days ago6 views

freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...

9.8CVSS6.6AI score0.0049EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 6 days ago6 views

freerdp: FreeRDP: Remote code execution via heap-buffer-overflow in gdi_CacheToSurface

A flaw was found in FreeRDP.If a user connects to a malicious Remote Desktop RDP server, a security flaw in FreeRDP could cause the application to crash or allow the server to run unauthorized code on the user's system...

8.8CVSS7.3AI score0.00827EPSS
Exploits1References7
Redos
Redos
added 6 days ago5 views

ROS-20260707-73-0014

The vulnerability of the gdiCacheToSurface function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause a service failure by sending specially crafted RDPGFX packets...

8.8CVSS7.8AI score0.00827EPSS
Exploits1
Fedora
Fedora
added 2026/07/04 1:7 a.m.13 views

[SECURITY] Fedora 43 Update: freerdp-3.27.1-1.fc43

The xfreerdp & wlfreerdp Remote Desktop Protocol RDP clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox...

7.5CVSS6AI score0.00452EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

Devolutions Remote Desktop Manager 2026.2.5 < 2026.2.12 Code Execution (DEVO-2026-0021)

The version of Devolutions Remote Desktop Manager installed on the remote host is 2026.2.5 through 2026.2.11. It is, therefore, affected by a code execution vulnerability: - Incorrect link resolution by display name in the custom PowerShell VPN editor allows an authenticated attacker with write...

7.2CVSS6.5AI score0.00278EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Security Updates for Windows App Client for Windows Desktop (June 2026)

The Windows app installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. CVE-2026-42908 - Heap-based buffer overflow in Remote Deskt...

8.8CVSS7.4AI score0.01001EPSS
Exploits0References16
NVD
NVD
added 2026/06/26 7:16 p.m.8 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 6:22 p.m.16 views

CVE-2026-13372

The CVE-2026-13372 vulnerability affects Devolutions Remote Desktop Manager 2026.2.5–2026.2.11, where incorrect link resolution by display name in the custom PowerShell VPN editor can enable an authenticated user with write access to a shared workspace to execute a PowerShell script in another us...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/26 6:22 p.m.8 views

EUVD-2026-39832

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 6:22 p.m.37 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

0.00278EPSS
Exploits0References1
Rows per page
Query Builder