xrdp is vulnerable to denial of service. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root.
github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa
github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32
lists.fedoraproject.org/archives/list/[email protected]/message/K5ONRGARKHGFU2CIEQ7E6M6VJZEM5XWW/
lists.fedoraproject.org/archives/list/[email protected]/message/U3XGFJNQMNXHBD3J7CBM4YURYEDXROWZ/
secdb.alpinelinux.org/edge/community.yaml