5214 matches found
CVE-2026-13372
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
EUVD-2026-39832
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
CVE-2026-13372
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
CVE-2026-13372
The CVE-2026-13372 vulnerability affects Devolutions Remote Desktop Manager 2026.2.5–2026.2.11, where incorrect link resolution by display name in the custom PowerShell VPN editor can enable an authenticated user with write access to a shared workspace to execute a PowerShell script in another us...
PT-2026-52892
Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2026.2.5 through 2026.2.11 Description An issue exists in the custom PowerShell VPN editor where incorrect link resolution by display name allows an authenticated attacker with write access to a shar...
Oracle Linux 9 : freerdp (ELSA-2026-19349)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19349 advisory. - Lock appWindow to fix use-after-free in RAIL mode CVE-2026-25952 Resolves: RHEL-159860 - Fix double free in xfrailwindowcommon cleanup CVE-2026-2698...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reused a cached XImage, where the data pointer referred to an RDPGFX surface buffer that had been freed. This was because gdiDeleteSurface freed surface-data without invalidating...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode process, planardecompressplanerle wrote into pDstData at nYDst+y nDstStep + 4nXDst + nChannel, without verifying that nYDst+nSrcHeight fits within the destination height or that...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, there was a race in the serial channel IRP thread tracking that allowed for a heap use-after-free condition when one thread removed an entry from serial-IrpThreads while another read it. This vulnerability h...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server could trigger a heap buffer overflow in FreeRDP clients by using the GDI surface pipeline e.g., xfreerdp to send an RDPGFX ClearCodec surface command with an out-of-bounds destination...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, the function freerdpbitmapdecompressplanar did not validate the parameters nSrcWidth/nSrcHeight against the values of planar-maxWidth/maxHeight before performing the RLE decompression. A malicious server cou...
ROS-20260624-73-0009
The vulnerability of the gdisurfacebits function in the RDP client of FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
SUSE-SU-2026:22194-1 Security update for freerdp
This update for freerdp fixes the following issues Update to version 3.26.0: - CVE-2026-33982: heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpralignedoffsetrecalloc bsc1261222. - CVE-2026-33985: FreeRDP: Information disclosure via heap memory out of bounds read...
SUSE SLES15 Security Update : wireshark (SUSE-SU-2026:2437-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2437-1 advisory. This update for wireshark fixes the following issues - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5656: Profile impo...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions, a missing offset validation may lead to an Out Of Bound Read error in the gdimultiopaquerect function. Specifically, there is no code to validate whether the value...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are vulnerable to an Out-of-Bounds Write vulnerability in the progressivedecompress function. This issue is likely due to incorrect calculations of the nXSrc and nYSrc...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol. Clients and servers that use versions of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. There are no known workarounds available...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server could crash the FreeRDP client by sending invalid huge allocation sizes. Version 3.5.1 includes a patch for this issue. There are no known workaround solutions available...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use versions of FreeRDP before 3.5.0 or 2.11.6 are vulnerable to integer overflows and out-of-bounds writes. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, do not use /gfx options for example, deactivate...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use FreeRDP versions prior to 3.5.0 or 2.11.6 and have connections to servers using the NSC codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, do not use the NSC...