Log

CVE-2018-20174 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ rdesktop before 1.8.4 is vulnerable to an information leak in ui_clip_handle_data().
References
+ https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
Notes
CVE-2018-20175 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ rdesktop before 1.8.4 is vulnerable to denial of service in mcs_recv_connect_response() and mcs_parse_domain_params().
References
+ https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
Notes
CVE-2018-20176 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ rdesktop before 1.8.4 is vulnerable to denial of service in sec_parse_crypt_info() and sec_recv().
References
+ https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
Notes
CVE-2018-20177 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ rdesktop before 1.8.4 is vulnerable to a memory corruption issue in rdp_in_unistr() that could lead to arbitrary code execution.
References
+ https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
Notes
CVE-2018-20178 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ rdesktop before 1.8.4 is vulnerable to denial of service in process_demand_active().
References
+ https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
Notes
CVE-2018-20179 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ rdesktop before 1.8.4 is vulnerable to remote code execution in lspci_process().
References
+ https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
Notes
CVE-2018-20180 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ rdesktop before 1.8.4 is vulnerable to remote code execution in rdpsnddbg_process().
References
+ https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
Notes
CVE-2018-20181 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ rdesktop before 1.8.4 is vulnerable to remote code execution in seamless_process().
References
+ https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
Notes
CVE-2018-20182 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ rdesktop before 1.8.4 is vulnerable to remote code execution in seamless_process_line().
References
+ https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
Notes
CVE-2018-20340 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ Yubico library libu2f-host prior to version 1.1.7 contains an unchecked buffer, which could allow a buffer overflow. Libu2f-host is a library that implements the host party of the U2F protocol. This issue can allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer. Users of the YubiKey PAM U2F Tool are the most impacted since the arbitrary code could execute with elevated privileges.
References
+ https://www.yubico.com/support/security-advisories/ysa-2019-01/
Notes