CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
57.6%
software: xrdp 0.9.22.1
OS: ROSA-CHROME
package_evr_string: xrdp-0.9.22.1-1.src.rpm
CVE-ID: CVE-2022-23468
BDU-ID: 2022-07312
CVE-Crit: CRITICAL
CVE-DESC.: A vulnerability in the xrdp_login_wnd_create() function of the XRDP server involves buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp
CVE-ID: CVE-2022-23477
BDU-ID: 2022-07224
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the audin_send_open function of the xrdp server is related to the possibility of a stacked buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to a remote machine
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp
CVE-ID: CVE-2022-23478
BDU-ID: 2022-07225
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the xrdp_mm_trans_process_drdynvc_channel_open function of the XRDP server is related to the ability to write outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to a remote machine
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp
CVE-ID: CVE-2022-23479
BDU-ID: 2022-07309
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the xrdp_mm_chan_data_in() function of the XRDP server is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp
CVE-ID: CVE-2022-23480
BDU-ID: 2022-07306
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the devredir_proc_client_devlist_announce_req() function of the XRDP server is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp
CVE-ID: CVE-2022-23481
BDU-ID: 2022-07313
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the xrdp_caps_process_confirm_active() function of the XRDP server involves reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information or cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update xrdp
CVE-ID: CVE-2022-23482
BDU-ID: 2022-07311
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the xrdp_sec_process_mcs_data_CS_CORE() function of the XRDP server involves reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information or cause a denial-of-service condition
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update xrdp
CVE-ID: CVE-2022-23483
BDU-ID: 2022-07308
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libxrdp_send_to_channel() function of the XRDP server is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp
CVE-ID: CVE-2022-23484
BDU-ID: 2022-07307
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the xrdp_mm_process_rail_update_window_text() function of the XRDP server involves an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update xrdp
CVE-ID: CVE-2022-23493
BDU-ID: 2022-07310
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the xrdp_mm_trans_process_drdynvc_channel_close() function of the XRDP server is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information or cause denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update xrdp
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
57.6%