rpm package
suse/xrdp&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-23484 | — | < 0.9.0~git.1456906198.f422461-16.23.2 | 0.9.0~git.1456906198.f422461-16.23.2 | Dec 9, 2022 | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users | ||
| CVE-2022-23483 | — | < 0.9.0~git.1456906198.f422461-16.23.2 | 0.9.0~git.1456906198.f422461-16.23.2 | Dec 9, 2022 | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to | ||
| CVE-2022-23482 | — | < 0.9.0~git.1456906198.f422461-16.23.2 | 0.9.0~git.1456906198.f422461-16.23.2 | Dec 9, 2022 | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are a | ||
| CVE-2022-23481 | — | < 0.9.0~git.1456906198.f422461-16.23.2 | 0.9.0~git.1456906198.f422461-16.23.2 | Dec 9, 2022 | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are ad | ||
| CVE-2022-23480 | — | < 0.9.0~git.1456906198.f422461-16.23.2 | 0.9.0~git.1456906198.f422461-16.23.2 | Dec 9, 2022 | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. User | ||
| CVE-2022-23479 | — | < 0.9.0~git.1456906198.f422461-16.23.2 | 0.9.0~git.1456906198.f422461-16.23.2 | Dec 9, 2022 | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgr | ||
| CVE-2022-23468 | — | < 0.9.0~git.1456906198.f422461-16.23.2 | 0.9.0~git.1456906198.f422461-16.23.2 | Dec 9, 2022 | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upg | ||
| CVE-2020-4044 | — | < 0.9.0~git.1456906198.f422461-16.20.1 | 0.9.0~git.1456906198.f422461-16.20.1 | Jun 30, 2020 | The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on p | ||
| CVE-2017-6967 | Hig | 7.3 | < 0.9.0~git.1456906198.f422461-16.20.1 | 0.9.0~git.1456906198.f422461-16.20.1 | Mar 17, 2017 | xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. |
- CVE-2022-23484Dec 9, 2022affected < 0.9.0~git.1456906198.f422461-16.23.2fixed 0.9.0~git.1456906198.f422461-16.23.2
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users
- CVE-2022-23483Dec 9, 2022affected < 0.9.0~git.1456906198.f422461-16.23.2fixed 0.9.0~git.1456906198.f422461-16.23.2
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to
- CVE-2022-23482Dec 9, 2022affected < 0.9.0~git.1456906198.f422461-16.23.2fixed 0.9.0~git.1456906198.f422461-16.23.2
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are a
- CVE-2022-23481Dec 9, 2022affected < 0.9.0~git.1456906198.f422461-16.23.2fixed 0.9.0~git.1456906198.f422461-16.23.2
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are ad
- CVE-2022-23480Dec 9, 2022affected < 0.9.0~git.1456906198.f422461-16.23.2fixed 0.9.0~git.1456906198.f422461-16.23.2
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. User
- CVE-2022-23479Dec 9, 2022affected < 0.9.0~git.1456906198.f422461-16.23.2fixed 0.9.0~git.1456906198.f422461-16.23.2
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgr
- CVE-2022-23468Dec 9, 2022affected < 0.9.0~git.1456906198.f422461-16.23.2fixed 0.9.0~git.1456906198.f422461-16.23.2
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upg
- CVE-2020-4044Jun 30, 2020affected < 0.9.0~git.1456906198.f422461-16.20.1fixed 0.9.0~git.1456906198.f422461-16.20.1
The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on p
- affected < 0.9.0~git.1456906198.f422461-16.20.1fixed 0.9.0~git.1456906198.f422461-16.20.1
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.