Show filters
255 Total Results
Displaying 71-80 of 255
Sort by:
Attacker Value
Unknown

CVE-2023-39354

Disclosure Date: August 31, 2023 (last updated October 19, 2023)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Attacker Value
Unknown

CVE-2023-39351

Disclosure Date: August 31, 2023 (last updated October 19, 2023)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Attacker Value
Unknown

CVE-2023-39350

Disclosure Date: August 31, 2023 (last updated October 19, 2023)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Attacker Value
Unknown

CVE-2023-40589

Disclosure Date: August 31, 2023 (last updated October 13, 2023)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.
Attacker Value
Unknown

CVE-2023-40184

Disclosure Date: August 30, 2023 (last updated October 08, 2023)
xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.
Attacker Value
Unknown

CVE-2023-4417

Disclosure Date: August 21, 2023 (last updated October 08, 2023)
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.
Attacker Value
Unknown

CVE-2023-4373

Disclosure Date: August 21, 2023 (last updated October 08, 2023)
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.
Attacker Value
Unknown

CVE-2023-35352

Disclosure Date: July 11, 2023 (last updated October 08, 2023)
Windows Remote Desktop Security Feature Bypass Vulnerability
Attacker Value
Unknown

CVE-2023-35332

Disclosure Date: July 11, 2023 (last updated May 29, 2024)
Windows Remote Desktop Protocol Security Feature Bypass
Attacker Value
Unknown

CVE-2023-32043

Disclosure Date: July 11, 2023 (last updated May 29, 2024)
Windows Remote Desktop Security Feature Bypass Vulnerability