Vulnerabilities > Neutrinolabs > Xrdp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-07 | CVE-2022-23613 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products xrdp is an open source remote desktop protocol (RDP) server. | 7.8 |
| 2020-06-30 | CVE-2020-4044 | Unspecified vulnerability in Neutrinolabs Xrdp The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. | 7.8 |
| 2017-11-23 | CVE-2017-16927 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream. | 8.4 |
| 2017-03-17 | CVE-2017-6967 | Improper Authentication vulnerability in Neutrinolabs Xrdp 0.9.1 xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. | 7.3 |