CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will...

CVE-2023-40184

xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The auth_start_session function can return non-zero (1) value on, e.g., PAM error which may result in in session...

CVE-2022-23613

xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in ...

CVE-2022-23468

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

CVE-2022-23481

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

CVE-2022-23484

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

CVE-2022-23477

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

CVE-2022-23482

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

CVE-2022-23478

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

CVE-2022-23483

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

CVE-2022-23480

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

CVE-2022-23493

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

CVE-2022-23479

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

CVE-2023-42822

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within ...

CVE-2024-39917

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However, this mech...

CVE-2017-16927

The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted in...

CVE-2013-1430

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.