CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39917 – xrdp allows an ininite number of login attempts
https://notcve.org/view.php?id=CVE-2024-39917
12 Jul 2024 — xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42822 – Unchecked access to font glyph info in xrdp
https://notcve.org/view.php?id=CVE-2023-42822
27 Sep 2023 — xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. • https://github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-40184 – Improper handling of session establishment errors in xrdp
https://notcve.org/view.php?id=CVE-2023-40184
30 Aug 2023 — xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. • https://github.com/neutrinolabs/xrdp/blame/9bbb2ec68f390504c32f2062847aa3d821a0089a/sesman/sesexec/session.c#L571C5-L571C19 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23477 – Buffer Overflow in xrdp
https://notcve.org/view.php?id=CVE-2022-23477
09 Dec 2022 — xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene un flujo del búfer desbordado en la función audit... • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hqw2-jx2c-wrr2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23484 – Integer Overflow in xrdp
https://notcve.org/view.php?id=CVE-2022-23484
09 Dec 2022 — xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene un desbordamiento de ente... • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rqfx-5fv8-q9c6 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23483 – Out-of-Bound Read in libxrdp
https://notcve.org/view.php?id=CVE-2022-23483
09 Dec 2022 — xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene una lectura fuera de los límites en la f... • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-38rw-9ch2-fcxq • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23482 – Out-of-Bound Read in xrdp
https://notcve.org/view.php?id=CVE-2022-23482
09 Dec 2022 — xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene una lectura fuera de los límit... • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-56pq-2pm9-7fhm • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23481 – Out-of-Bound Read in xrdp
https://notcve.org/view.php?id=CVE-2022-23481
09 Dec 2022 — xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene una lectura fuera de los límite... • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hm75-9jcg-p7hq • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23480 – Buffer Overflow in xrdp
https://notcve.org/view.php?id=CVE-2022-23480
09 Dec 2022 — xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico para máquinas remotas utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene un flujo del búfer desb... • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-3jmx-f6hv-95wg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23479 – Buffer Overflow occurs in xrdp
https://notcve.org/view.php?id=CVE-2022-23479
09 Dec 2022 — xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade. xrdp es un proyecto de código abierto que proporciona un inicio de sesión gráfico utilizando Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contiene un flujo del búfer desbordado en la función xrdp_mm_chan_data_in()... • https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-pgx2-3fjj-fqqh • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •