Security Vulnerabilities - CVEs Published In March 2019
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-03-15
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).
CVSS Score
7.5
EPSS Score
0.006
Published
2019-03-15
rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).
CVSS Score
7.5
EPSS Score
0.005
Published
2019-03-15
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
CVSS Score
9.8
EPSS Score
0.05
Published
2019-03-15
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).
CVSS Score
7.5
EPSS Score
0.006
Published
2019-03-15
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.
CVSS Score
9.8
EPSS Score
0.075
Published
2019-03-15
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.
CVSS Score
9.8
EPSS Score
0.151
Published
2019-03-15
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.
CVSS Score
9.8
EPSS Score
0.099
Published
2019-03-15
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
CVSS Score
9.8
EPSS Score
0.099
Published
2019-03-15
The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.
CVSS Score
9.6
EPSS Score
0.001
Published
2019-03-15