VYPR

rpm package

suse/xrdp&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4

pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Vulnerabilities (11)

  • CVE-2022-23484Dec 9, 2022
    affected < 0.9.0~git.1456906198.f422461-21.30.2fixed 0.9.0~git.1456906198.f422461-21.30.2

    xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users

  • CVE-2022-23483Dec 9, 2022
    affected < 0.9.0~git.1456906198.f422461-21.30.2fixed 0.9.0~git.1456906198.f422461-21.30.2

    xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to

  • CVE-2022-23482Dec 9, 2022
    affected < 0.9.0~git.1456906198.f422461-21.30.2fixed 0.9.0~git.1456906198.f422461-21.30.2

    xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are a

  • CVE-2022-23481Dec 9, 2022
    affected < 0.9.0~git.1456906198.f422461-21.30.2fixed 0.9.0~git.1456906198.f422461-21.30.2

    xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are ad

  • CVE-2022-23480Dec 9, 2022
    affected < 0.9.0~git.1456906198.f422461-21.30.2fixed 0.9.0~git.1456906198.f422461-21.30.2

    xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. User

  • CVE-2022-23479Dec 9, 2022
    affected < 0.9.0~git.1456906198.f422461-21.30.2fixed 0.9.0~git.1456906198.f422461-21.30.2

    xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgr

  • CVE-2022-23468Dec 9, 2022
    affected < 0.9.0~git.1456906198.f422461-21.30.2fixed 0.9.0~git.1456906198.f422461-21.30.2

    xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upg

  • CVE-2020-4044Jun 30, 2020
    affected < 0.9.0~git.1456906198.f422461-21.27.1fixed 0.9.0~git.1456906198.f422461-21.27.1

    The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on p

  • CVE-2017-16927HigNov 23, 2017
    affected < 0.9.0~git.1456906198.f422461-21.9.1fixed 0.9.0~git.1456906198.f422461-21.9.1

    The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impa

  • CVE-2017-6967HigMar 17, 2017
    affected < 0.9.0~git.1456906198.f422461-21.9.1fixed 0.9.0~git.1456906198.f422461-21.9.1

    xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.

  • CVE-2013-1430CriDec 16, 2016
    affected < 0.9.0~git.1456906198.f422461-21.9.1fixed 0.9.0~git.1456906198.f422461-21.9.1

    An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.