Lucene search
K

19 matches found

SUSE CVE
SUSE CVE
added 2026/04/20 11:26 p.m.6 views

SUSE CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.2AI score0.00356EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/17 8:14 p.m.19 views

CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 8:14 p.m.3 views

CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.2AI score0.00356EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 8:14 p.m.13 views

CVE-2026-33145

xrdp (open source RDP server) versions up to 0.10.5 are affected by an authenticated remote command execution vulnerability in xrdp-sesman. When AllowAlternateShell is enabled (default if not configured), a client-supplied AlternateShell is passed and executed via /bin/sh -c during session initia...

6.3CVSS6.2AI score0.00356EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-25303

Malware in sbrugna...

7.8CVSS7.7AI score0.02404EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.3 views

SUSE CVE-2017-16927

The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...

5.5CVSS9.6AI score0.00408EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.3 views

SUSE CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

7.1CVSS8.1AI score0.02404EPSS
Exploits0References10
FreeBSD
FreeBSD
added 2022/01/23 12:0 a.m.23 views

xrdp -- privilege escalation

xrdp project reports: An integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is accessible to a sesman server listens by default on localhost when installing xrdp, but can be remote if configured otherwise to execute code as root...

7.8CVSS3.9AI score0.00485EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/01 12:0 a.m.16 views

xrdp-sesman service buffer overflow vulnerability

xrdp-sesman service is an open source RDP Remote Desktop Protocol server. A buffer overflow vulnerability exists in xrdp-sesman service versions prior to 0.9.13.1, which can be exploited by a remote attacker to execute arbitrary code on a system or cause an application to crash denial of service ...

7.8CVSS9.8AI score0.02404EPSS
Exploits0References1
NVD
NVD
added 2020/06/30 4:15 p.m.10 views

CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

7.8CVSS0.02404EPSS
Exploits0References7
OSV
OSV
added 2020/06/30 4:15 p.m.2 views

DEBIAN-CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

7.8CVSS8.8AI score0.02404EPSS
Exploits0References1
OSV
OSV
added 2020/06/30 4:15 p.m.10 views

CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

7.8CVSS7.8AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2020/06/30 4:15 p.m.26 views

CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

7.8CVSS7.8AI score0.02404EPSS
Exploits0References5
OSV
OSV
added 2020/06/30 4:15 p.m.2 views

UBUNTU-CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

7.8CVSS7.9AI score0.02404EPSS
Exploits0References6
Prion
Prion
added 2020/06/30 4:15 p.m.16 views

Buffer overflow

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

4.6CVSS7.8AI score0.02404EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2020/06/30 3:55 p.m.16 views

CVE-2020-4044 Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

7.5CVSS7.9AI score0.02404EPSS
Exploits0References7
CVE
CVE
added 2020/06/30 3:55 p.m.222 views

CVE-2020-4044

CVE-2020-4044 affects the xrdp SESSMAN component. The issue is a local buffer overflow in xrdp-sesman triggered by crafted traffic on port 3350, enabling an unprivileged attacker to crash the sesman process, impersonate sessions, and capture credentials; there is also a risk of hijacking xorgxrdp...

7.8CVSS7.8AI score0.02404EPSS
Exploits0References7Affected Software1
AlpineLinux
AlpineLinux
added 2020/06/30 3:55 p.m.29 views

CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

7.8CVSS7.9AI score0.02404EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/06/30 3:55 p.m.19 views

CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

7.8CVSS2.9AI score0.02404EPSS
Exploits0
Rows per page
Query Builder