CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Rdesktop » Rdesktop » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:rdesktop:rdesktop:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-20182 119 Exec Code Overflow Mem. Corr. 2019-03-15 2019-09-15
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
2 CVE-2018-20181 787 Exec Code Overflow Mem. Corr. 2019-03-15 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.
3 CVE-2018-20180 191 Exec Code Overflow Mem. Corr. 2019-03-15 2019-09-15
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.
4 CVE-2018-20179 191 Exec Code Overflow Mem. Corr. 2019-03-15 2019-03-21
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.
5 CVE-2018-20178 125 DoS 2019-03-15 2019-09-15
5.0
None Remote Low Not required None None Partial
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).
6 CVE-2018-20177 787 Exec Code Overflow Mem. Corr. 2019-03-15 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
7 CVE-2018-20176 125 DoS 2019-03-15 2019-03-21
5.0
None Remote Low Not required None None Partial
rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).
8 CVE-2018-20175 125 DoS 2019-03-15 2019-09-15
5.0
None Remote Low Not required None None Partial
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).
9 CVE-2018-20174 125 +Info 2019-03-15 2019-03-21
5.0
None Remote Low Not required Partial None None
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.
10 CVE-2018-8800 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
11 CVE-2018-8799 125 DoS 2019-02-05 2019-09-15
5.0
None Remote Low Not required None None Partial
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).
12 CVE-2018-8798 125 +Info 2019-02-05 2019-09-15
5.0
None Remote Low Not required Partial None None
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.
13 CVE-2018-8797 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
14 CVE-2018-8796 125 DoS 2019-02-05 2019-09-15
5.0
None Remote Low Not required None None Partial
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).
15 CVE-2018-8795 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
16 CVE-2018-8794 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
17 CVE-2018-8793 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
18 CVE-2018-8792 125 DoS 2019-02-05 2019-09-15
5.0
None Remote Low Not required None None Partial
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).
19 CVE-2018-8791 125 +Info 2019-02-05 2019-09-15
5.0
None Remote Low Not required Partial None None
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.
20 CVE-2011-1595 22 Dir. Trav. 2011-05-24 2013-04-05
4.3
None Local Network High Not required Partial Partial Partial
Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.
Total number of vulnerabilities : 20   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.