Lucene search
K

5214 matches found

NVD
NVD
added 2026/06/26 7:16 p.m.8 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 6:22 p.m.7 views

EUVD-2026-39832

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 6:22 p.m.34 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 6:22 p.m.13 views

CVE-2026-13372

The CVE-2026-13372 vulnerability affects Devolutions Remote Desktop Manager 2026.2.5–2026.2.11, where incorrect link resolution by display name in the custom PowerShell VPN editor can enable an authenticated user with write access to a shared workspace to execute a PowerShell script in another us...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52892

Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2026.2.5 through 2026.2.11 Description An issue exists in the custom PowerShell VPN editor where incorrect link resolution by display name allows an authenticated attacker with write access to a shar...

7.2CVSS5.9AI score0.00278EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.4 views

Oracle Linux 9 : freerdp (ELSA-2026-19349)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19349 advisory. - Lock appWindow to fix use-after-free in RAIL mode CVE-2026-25952 Resolves: RHEL-159860 - Fix double free in xfrailwindowcommon cleanup CVE-2026-2698...

9.8CVSS6.4AI score0.00599EPSS
Exploits7References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reused a cached XImage, where the data pointer referred to an RDPGFX surface buffer that had been freed. This was because gdiDeleteSurface freed surface-data without invalidating...

9.8CVSS5.9AI score0.00498EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode process, planardecompressplanerle wrote into pDstData at nYDst+y nDstStep + 4nXDst + nChannel, without verifying that nYDst+nSrcHeight fits within the destination height or that...

8.8CVSS7.3AI score0.00591EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, there was a race in the serial channel IRP thread tracking that allowed for a heap use-after-free condition when one thread removed an entry from serial-IrpThreads while another read it. This vulnerability h...

8.1CVSS5.8AI score0.00286EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server could trigger a heap buffer overflow in FreeRDP clients by using the GDI surface pipeline e.g., xfreerdp to send an RDPGFX ClearCodec surface command with an out-of-bounds destination...

8.8CVSS6.1AI score0.00537EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, the function freerdpbitmapdecompressplanar did not validate the parameters nSrcWidth/nSrcHeight against the values of planar-maxWidth/maxHeight before performing the RLE decompression. A malicious server cou...

9.8CVSS7.6AI score0.00443EPSS
Exploits1References3
Redos
Redos
added 2026/06/24 12:0 a.m.3 views

ROS-20260624-73-0009

The vulnerability of the gdisurfacebits function in the RDP client of FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

9.8CVSS6.5AI score0.00656EPSS
Exploits1
OSV
OSV
added 2026/06/20 6:53 a.m.2 views

SUSE-SU-2026:22194-1 Security update for freerdp

This update for freerdp fixes the following issues Update to version 3.26.0: - CVE-2026-33982: heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpralignedoffsetrecalloc bsc1261222. - CVE-2026-33985: FreeRDP: Information disclosure via heap memory out of bounds read...

9.8CVSS6.2AI score0.03472EPSS
Exploits6References24
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.11 views

SUSE SLES15 Security Update : wireshark (SUSE-SU-2026:2437-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2437-1 advisory. This update for wireshark fixes the following issues - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5656: Profile impo...

7.8CVSS6.6AI score0.0018EPSS
Exploits2References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions, a missing offset validation may lead to an Out Of Bound Read error in the gdimultiopaquerect function. Specifically, there is no code to validate whether the value...

9.1CVSS7.1AI score0.01529EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are vulnerable to an Out-of-Bounds Write vulnerability in the progressivedecompress function. This issue is likely due to incorrect calculations of the nXSrc and nYSrc...

9.8CVSS7.3AI score0.01106EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.14 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients and servers that use versions of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. There are no known workarounds available...

9.8CVSS8AI score0.0375EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server could crash the FreeRDP client by sending invalid huge allocation sizes. Version 3.5.1 includes a patch for this issue. There are no known workaround solutions available...

7.5CVSS7.1AI score0.01178EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use versions of FreeRDP before 3.5.0 or 2.11.6 are vulnerable to integer overflows and out-of-bounds writes. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, do not use /gfx options for example, deactivate...

9.8CVSS8AI score0.02275EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use FreeRDP versions prior to 3.5.0 or 2.11.6 and have connections to servers using the NSC codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, do not use the NSC...

9.8CVSS7.3AI score0.01922EPSS
Exploits0References2
Rows per page
Query Builder