Количество 8
Количество 8
CVE-2023-40184
xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2023-40184
xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2023-40184
xrdp is an open source remote desktop protocol (RDP) server. In versio ...
SUSE-SU-2023:3830-1
Security update for xrdp
SUSE-SU-2023:3735-1
Security update for xrdp
BDU:2023-07659
Уязвимость функции auth_start_session() сервера XRDP, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2023:4873-1
Security update for xrdp
ROS-20241216-08
Уязвимость xrdp
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-40184 xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue. | CVSS3: 2.6 | 0% Низкий | почти 2 года назад |
 | CVE-2023-40184 xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue. | CVSS3: 2.6 | 0% Низкий | почти 2 года назад |
| CVE-2023-40184 xrdp is an open source remote desktop protocol (RDP) server. In versio ... | CVSS3: 2.6 | 0% Низкий | почти 2 года назад |
 | SUSE-SU-2023:3830-1 Security update for xrdp | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2023:3735-1 Security update for xrdp | 0% Низкий | почти 2 года назад | |
 | BDU:2023-07659 Уязвимость функции auth_start_session() сервера XRDP, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.5 | 0% Низкий | почти 2 года назад |
| SUSE-SU-2023:4873-1 Security update for xrdp | больше 1 года назад | ||
 | ROS-20241216-08 Уязвимость xrdp | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
Уязвимостей на страницу