EUVD-2012-0336

Malware in sbrugna...

EUVD-2023-44784

Malicious code in bioql PyPI...

CVE-2016-3985

The Terminal Services Remote Desktop Protocol RDP client session restrictions feature in Pulse Connect Secure aka PCS 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors...

[SECURITY] [DLA 4166-1] xrdp security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4166-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 16, 2025 https://wiki.debian.org/LTS -...

Advisory ROSA-SA-2024-2523

Software: xrdp 0.9.25 OS: rosa-server79 packageevrstring: xrdp-0.9.25-2.0.1.res7 CVE-ID: CVE-2023-40184 BDU-ID: 2023-07659 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the authstartsession function of the XRDP server is related to the bypassing of session restrictions. Exploitation of the...

SUSE SLES12 Security Update : xrdp (SUSE-SU-2023:4873-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4873-1 advisory. - xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handling of session establishment...

Fedora 39 : xrdp (2023-5134642a68)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5134642a68 advisory. Release notes for xrdp v0.9.23 2023/08/31 General announcements - Running xrdp and xrdp-sesman on separate hosts is still supported by this release,...

MGASA-2023-0276 Updated xrdp packages fix security vulnerability

In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in session restrictions such as max concurrent sessions per user by PAM ex...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xrdp (SUSE-SU-2023:3830-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3830-1 advisory. - xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handlin...

FreeBSD : xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions (c9ff1150-5d63-11ee-bbae-1c61b4739ac9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c9ff1150-5d63-11ee-bbae-1c61b4739ac9 advisory. - xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper...

SUSE SLES12 Security Update : xrdp (SUSE-SU-2023:3735-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3735-1 advisory. - xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handling of session establishment errors...

Fedora 38 : xrdp (2023-b1d585e148)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b1d585e148 advisory. Release notes for xrdp v0.9.23 2023/08/31 General announcements - Running xrdp and xrdp-sesman on separate hosts is still supported by this release,...

Fedora 37 : xrdp (2023-40298f6951)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-40298f6951 advisory. Release notes for xrdp v0.9.23 2023/08/31 General announcements - Running xrdp and xrdp-sesman on separate hosts is still supported by this release,...

CVE-2023-40184

xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in in session...

Design/Logic Flaw

xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in in session...

CVE-2023-40184

CVE-2023-40184 affects xrdp, an open-source RDP server. In versions prior to 0.9.23, improper handling of session establishment errors can cause bypass of OS-level session restrictions because auth_start_session may return non-zero (e.g., on PAM error), potentially bypassing PAM limits for max co...

CVE-2023-40184 Improper handling of session establishment errors in xrdp

xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in in session...

CVE-2023-40184

xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in in session...

DEBIAN-CVE-2016-6337

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights...

CVE-2015-4306

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka...