threat
engine
.sh
Back
·
··:··
Home
/
Product
/
neutrinolabs xrdp
Product
neutrinolabs xrdp
30 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-35512
< 0.10.6
xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual
8.8
HIGH
CVE-2026-33689
< 0.10.6
xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP
9.1
CRITICAL
CVE-2026-33145
< 0.10.6
xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the
6.3
MEDIUM
CVE-2026-33516
< 0.10.6
xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability e
9.1
CRITICAL
CVE-2026-32624
< 0.10.6
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon process
6.5
MEDIUM
CVE-2026-32623
< 0.10.6
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP m
8.1
HIGH
CVE-2026-32107
< 0.10.6
xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error du
8.8
HIGH
CVE-2026-32105
< 0.10.6
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication
7.7
HIGH
CVE-2025-68670
< 0.10.5
xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The
9.1
CRITICAL
CVE-2024-39917
< 0.10.0
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite nu
7.2
HIGH
CVE-2023-42822
< 0.9.23.1
xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since s
4.6
MEDIUM
CVE-2023-40184
< 0.9.23
xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishmen
2.6
LOW
CVE-2022-23493
< 0.9.21
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).
9.1
CRITICAL
CVE-2022-23484
< 0.9.21
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).
8.2
HIGH
CVE-2022-23483
< 0.9.21
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).
7.5
HIGH
CVE-2022-23482
< 0.9.21
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).
NONE
CVE-2022-23481
< 0.9.21
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).
NONE
CVE-2022-23480
< 0.9.21
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).
9.1
CRITICAL
CVE-2022-23479
< 0.9.21
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).
9.1
CRITICAL
CVE-2022-23478
< 0.9.21
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).
9.1
CRITICAL
CVE-2022-23477
< 0.9.21
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).
9.1
CRITICAL
CVE-2022-23468
< 0.9.21
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).
6.5
MEDIUM
CVE-2022-23613
all versions
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow
7.8
HIGH
CVE-2020-4044
< 0.9.13.1
The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Onc
7.5
HIGH
CVE-2017-16927
<= 0.9.4
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as
8.4
HIGH
CVE-2017-6967
all versions
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly
7.3
HIGH
CVE-2013-1430
<= 0.8.0
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_
9.8
CRITICAL
CVE-2008-5904
<= 0.4.1
The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unk
CVE-2008-5903
<= 0.4.1
Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execut
CVE-2008-5902
<= 0.4.1
Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin