FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2675f0db-baa5-11ea-aa12-80ee73419af3xrdp -- Local users can perform a buffer overflow attack against the xrdp-sesman service and then inpersonate it

Ashley Newson reports:

The xrdp-sesman service can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350.


Discovery 2020-06-02
Entry 2020-06-30
xrdp
< 0.9.13.1,1

https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044
CVE-2020-4044
ba94433c-7890-11ed-859e-1c61b4739ac9xrdp -- multiple vulnerabilities

xrdp project reports:

This update is recommended for all xrdp users and provides following important security fixes:

  • CVE-2022-23468
  • CVE-2022-23477
  • CVE-2022-23478
  • CVE-2022-23479
  • CVE-2022-23480
  • CVE-2022-23481
  • CVE-2022-23483
  • CVE-2022-23482
  • CVE-2022-23484
  • CVE-2022-23493

These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.


Discovery 2022-12-01
Entry 2022-12-10
xrdp
< 0.9.21

CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493
https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21