Vendor CVEs
Rdesktop
All CVEs
25 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1802 | 0.04 | — | 0.13 | May 12, 2008 | Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields. | |||
| CVE-2008-1801 | 0.04 | — | 0.13 | May 12, 2008 | Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field. | |||
| CVE-2018-20180 | 0.01 | — | 0.08 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution. | |||
| CVE-2018-20181 | 0.01 | — | 0.08 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. | |||
| CVE-2018-20179 | 0.01 | — | 0.07 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution. | |||
| CVE-2018-20182 | 0.01 | — | 0.08 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. | |||
| CVE-2018-20177 | 0.01 | — | 0.08 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | |||
| CVE-2018-8800 | 0.01 | — | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-8794 | 0.01 | — | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution. | |||
| CVE-2018-8795 | 0.01 | — | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-8793 | 0.01 | — | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-8797 | 0.01 | — | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2008-1803 | 0.01 | — | 0.07 | May 12, 2008 | Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original… | |||
| CVE-2019-15682 | 0.00 | — | 0.01 | Oct 30, 2019 | RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 | |||
| CVE-2018-20178 | 0.00 | — | 0.04 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). | |||
| CVE-2018-20175 | 0.00 | — | 0.04 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). | |||
| CVE-2018-20174 | 0.00 | — | 0.04 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. | |||
| CVE-2018-20176 | 0.00 | — | 0.04 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). | |||
| CVE-2018-8796 | 0.00 | — | 0.04 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). | |||
| CVE-2018-8798 | 0.00 | — | 0.04 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. | |||
| CVE-2018-8799 | 0.00 | — | 0.04 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). | |||
| CVE-2018-8792 | 0.00 | — | 0.04 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). | |||
| CVE-2018-8791 | 0.00 | — | 0.04 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. | |||
| CVE-2011-1595 | 0.00 | — | 0.01 | May 24, 2011 | Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname. | |||
| CVE-2004-2655 | 0.00 | — | 0.02 | Dec 31, 2004 | rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. |
- CVE-2008-1802May 12, 2008risk 0.04cvss —epss 0.13
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.
- CVE-2008-1801May 12, 2008risk 0.04cvss —epss 0.13
Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
- CVE-2018-20180Mar 15, 2019risk 0.01cvss —epss 0.08
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.
- CVE-2018-20181Mar 15, 2019risk 0.01cvss —epss 0.08
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.
- CVE-2018-20179Mar 15, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.
- CVE-2018-20182Mar 15, 2019risk 0.01cvss —epss 0.08
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
- CVE-2018-20177Mar 15, 2019risk 0.01cvss —epss 0.08
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
- CVE-2018-8800Feb 5, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8794Feb 5, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
- CVE-2018-8795Feb 5, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
- CVE-2018-8793Feb 5, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8797Feb 5, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
- CVE-2008-1803May 12, 2008risk 0.01cvss —epss 0.07
Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original…
- CVE-2019-15682Oct 30, 2019risk 0.00cvss —epss 0.01
RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5
- CVE-2018-20178Mar 15, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).
- CVE-2018-20175Mar 15, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).
- CVE-2018-20174Mar 15, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.
- CVE-2018-20176Mar 15, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).
- CVE-2018-8796Feb 5, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).
- CVE-2018-8798Feb 5, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.
- CVE-2018-8799Feb 5, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).
- CVE-2018-8792Feb 5, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).
- CVE-2018-8791Feb 5, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.
- CVE-2011-1595May 24, 2011risk 0.00cvss —epss 0.01
Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.
- CVE-2004-2655Dec 31, 2004risk 0.00cvss —epss 0.02
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.