5207 matches found
CVE-2026-13372
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
EUVD-2026-39832
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
CVE-2026-13372
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
CVE-2026-13372
The CVE-2026-13372 vulnerability affects Devolutions Remote Desktop Manager 2026.2.5–2026.2.11, where incorrect link resolution by display name in the custom PowerShell VPN editor can enable an authenticated user with write access to a shared workspace to execute a PowerShell script in another us...
SUSE SLES15 Security Update : wireshark (SUSE-SU-2026:2437-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2437-1 advisory. This update for wireshark fixes the following issues - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5656: Profile impo...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server could trigger a heap buffer overflow in FreeRDP clients by using the GDI surface pipeline e.g., xfreerdp to send an RDPGFX ClearCodec surface command with an out-of-bounds destination...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reused a cached XImage, where the data pointer referred to an RDPGFX surface buffer that had been freed. This was because gdiDeleteSurface freed surface-data without invalidating...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a heap-buffer overflow occurred during drive reads when a server-controlled read length was used to read file data into an IRP output stream buffer without a hard upper limit. This allowed an oversized read ...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a heap out-of-bounds read occurred in the smartcard SetAttrib path when cbAttrLen did not match the actual NDR buffer length. This vulnerability has been fixed in version 3.20.1...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode process, planardecompressplanerle wrote into pDstData at nYDst+y nDstStep + 4nXDst + nChannel, without verifying that nYDst+nSrcHeight fits within the destination height or that...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are vulnerable to a Out-of-Bounds Read vulnerability in the nscrledecompressdata function. The Out-of-Bounds Read vulnerability occurs because the function processes...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, the NDR array reader in RDPEAR did not perform bounds checking on the number of on-wire elements, and could write beyond the heap buffer allocated from hints, resulting in a heap buffer overflow in...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free remote desktop protocol library and client. In affected versions, there is an out-of-bound read in the ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP-based client into reading out-of-bound data and attempting to decode it, potentially leading to a cras...
Astra Linux – Vulnerability in xrdp
xrdp is an open-source project that provides a graphical login interface to remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 and earlier of xrdp contain an integer overflow in the xrdpmmprocessrailupdatewindowtext function. There are no known solutions to this issue...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, there was a race in the serial channel IRP thread tracking that allowed for a heap use-after-free condition when one thread removed an entry from serial-IrpThreads while another read it. This vulnerability h...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. The ainputsendinputevent function caches the channelcallback in a local variable and then uses it without synchronization. A concurrent closure of a channel can free or reinitialize the callback, resulting in an use-after-free...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurred in the RDPGFX ClearCodec decode path, where maliciously crafted residual data caused out-of-bounds writes during color output. A malicious server could trigger a...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, xfPointerNew would free cursorPixels if there was a failure. After that, pointerfree would call xfPointerFree to free it again, which could trigger an ASan UAF. A malicious server could exploit this...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions, a missing offset validation may lead to an Out Of Bound Read error in the gdimultiopaquerect function. Specifically, there is no code to validate whether the value...
Devolutions Remote Desktop Manager <= 2026.2.8 Improper Host Validation (DEVO-2026-0018)(CVE-2026-12162)
The version of Devolutions Remote Desktop Manager installed on the remote host is 2025.2.8 or earlier. It is, therefore, affected by an improper host validation vulnerability: - Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an...