CVE-2022-23613

HIGH Year: 2022
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-191
View all →

Vulnerability Description

xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.

Related Vulnerabilities

CVE-2014-9626

HIGH
CVSS:7.8(High)

Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspe...

CWE-1912014

CVE-2014-9883

HIGH
CVSS:7.8(High)

Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive informa...

CWE-1912014

CVE-2016-10268

HIGH
CVSS:7.8(High)

tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF i...

CWE-1912016

CVE-2017-18278

HIGH
CVSS:7.8(High)

An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer ov...

CWE-1912017

CVE-2017-3034

HIGH
CVSS:7.8(High)

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, rel...

CWE-1912017

CVE-2017-7367

HIGH
CVSS:7.8(High)

In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.

CWE-1912017