FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-03 16:31:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c9ff1150-5d63-11ee-bbae-1c61b4739ac9	xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions xrdp team reports: In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue. Discovery 2023-08-30 Entry 2023-09-27 xrdp < 0.9.23 CVE-2023-40184 https://www.cve.org/CVERecord?id=CVE-2023-40184 https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq

VuXML ID

Description

c9ff1150-5d63-11ee-bbae-1c61b4739ac9

xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions

xrdp team reports:

In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.

Discovery 2023-08-30
Entry 2023-09-27
xrdp

< 0.9.23

CVE-2023-40184
https://www.cve.org/CVERecord?id=CVE-2023-40184
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq