CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2018-8792
https://notcve.org/view.php?id=CVE-2018-8792
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). Las versiones de rdesktop, hasta la v1.8.3 (inclusivas), contienen una lectura fuera de límites en la función cssp_read_tsrequest(), lo que resulta en una denegación de servicio (segfault). • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2018-8796
https://notcve.org/view.php?id=CVE-2018-8796
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). Las versiones de rdesktop, hasta la v1.8.3 (inclusivas), contienen una lectura fuera de límites en la función process_bitmap_updates(), lo que resulta en una denegación de servicio (segfault). • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2018-8797
https://notcve.org/view.php?id=CVE-2018-8797
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. Las versiones de rdesktop, hasta la v1.8.3 (inclusivas), contienen un desbordamiento de búfer basado en memoria dinámica (heap) en la función process_plane(), lo que podría resultar en una corrupción de memoria o incluso una ejecución remota de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-8798
https://notcve.org/view.php?id=CVE-2018-8798
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. Las versiones de rdesktop, hasta la v1.8.3 (inclusivas), contienen una lectura fuera de límites en la función rdpsnd_process_ping(), lo que resulta en una fuga de información. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 1CVE-2011-1595 – rdesktop remote file access
https://notcve.org/view.php?id=CVE-2011-1595
Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname. Vulnerabilidad de salto de directorio en la función disk_create en disk.c en rdesktop anteriores a v1.7.0, cuando está habilitada la redirección de disco, permite a atacantes remotos leer o sobrescribir ficheros de su elección al utilizar caracteres .. (punto punto) en la ruta del fichero. • http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061170.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061309.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061316.html http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626 http://secunia.com/advisories/44881 http://secunia.com/advisories/51023 http://security.gentoo.org/glsa/glsa-201210-03.xml http://securitytracker.com/id?1025525 http://sourceforge.net/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •