Vulnerabilities > Neutrinolabs

DATE CVE VULNERABILITY TITLE RISK
2022-12-09 CVE-2022-23483 Out-of-bounds Read vulnerability in multiple products
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function.
network
low complexity
neutrinolabs debian CWE-125
critical
9.1
2022-12-09 CVE-2022-23484 Integer Overflow or Wraparound vulnerability in multiple products
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function.
network
low complexity
neutrinolabs debian CWE-190
critical
9.8
2022-12-09 CVE-2022-23493 Out-of-bounds Read vulnerability in multiple products
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function.
network
low complexity
neutrinolabs debian CWE-125
critical
9.1
2022-02-07 CVE-2022-23613 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
xrdp is an open source remote desktop protocol (RDP) server.
local
low complexity
neutrinolabs fedoraproject CWE-191
7.8
2020-06-30 CVE-2020-4044 Stack-based Buffer Overflow vulnerability in Neutrinolabs Xrdp
The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload.
local
low complexity
neutrinolabs CWE-121
4.6
2017-11-23 CVE-2017-16927 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.
local
low complexity
neutrinolabs debian CWE-119
8.4