RDP vulnerabilities

Showing 1 - 49 of 49 CVEs

  1. CVE-2026-26151 Published Apr 14, 2026

    Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.

  2. CVE-2026-25941 Published Feb 25, 2026

    FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read uninitialized heap memory by sending a crafted WIRE_TO_SURFACE_2 PDU with a `bitmapDataLength` value larger than the actual data in the packet. This can lead to information disclosure or client crashes when a user connects to a malicious server. Versions 2.11.8 and 3.23.0 fix the issue.

  3. CVE-2026-21533 Published Feb 10, 2026

    Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

  4. CVE-2026-21525 Published Feb 10, 2026

    Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

  5. CVE-2026-21519 Published Feb 10, 2026

    Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

  6. CVE-2026-21514 Published Feb 10, 2026

    Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

  7. CVE-2026-21513 Published Feb 10, 2026

    Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

  8. CVE-2026-21510 Published Feb 10, 2026

    Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

  9. CVE-2026-23883 Published Jan 19, 2026

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

  10. CVE-2025-26399 Published Sep 23, 2025

    SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

  11. CVE-2025-47813 Published Jul 10, 2025

    loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

  12. CVE-2025-48817 Published Jul 8, 2025

    Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  13. CVE-2025-47987 Published Jul 8, 2025

    Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

  14. CVE-2025-49113 Published Jun 2, 2025

    Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

  15. CVE-2025-29966 Published May 13, 2025

    Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.

  16. CVE-2025-26645 Published Mar 11, 2025

    Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  17. CVE-2025-24045 Published Mar 11, 2025

    Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

  18. CVE-2025-24035 Published Mar 11, 2025

    Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

  19. CVE-2025-21297 Published Jan 14, 2025

    Windows Remote Desktop Services Remote Code Execution Vulnerability

  20. CVE-2024-49120 Published Dec 12, 2024

    Windows Remote Desktop Services Remote Code Execution Vulnerability

  21. CVE-2024-49119 Published Dec 12, 2024

    Windows Remote Desktop Services Remote Code Execution Vulnerability

  22. CVE-2024-49075 Published Dec 12, 2024

    Windows Remote Desktop Services Denial of Service Vulnerability

  23. CVE-2024-43599 Published Oct 8, 2024

    Remote Desktop Client Remote Code Execution Vulnerability

  24. CVE-2024-43582 Published Oct 8, 2024

    Remote Desktop Protocol Server Remote Code Execution Vulnerability

  25. CVE-2024-38077 Published Jul 9, 2024

    Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

  26. CVE-2024-38076 Published Jul 9, 2024

    Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

  27. CVE-2023-29352 Published Jun 14, 2023

    Windows Remote Desktop Security Feature Bypass Vulnerability

  28. CVE-2022-22015 Published May 10, 2022

    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

  29. CVE-2022-23285 Published Mar 9, 2022

    Remote Desktop Client Remote Code Execution Vulnerability

  30. CVE-2022-21893 Published Jan 11, 2022

    Remote Desktop Protocol Remote Code Execution Vulnerability

  31. CVE-2021-41371 Published Nov 10, 2021

    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

  32. CVE-2021-38631 Published Nov 10, 2021

    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

  33. CVE-2021-36958 Published Aug 12, 2021

    <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>

  34. CVE-2021-34535 Published Aug 12, 2021

    Remote Desktop Client Remote Code Execution Vulnerability

  35. CVE-2020-16997 Published Nov 11, 2020

    Remote Desktop Protocol Server Information Disclosure Vulnerability

  36. CVE-2020-16896 Published Oct 16, 2020

    <p>An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services.</p> <p>The update addresses the vulnerability by correcting how RDP handles connection requests.</p>

  37. CVE-2020-0660 Published Feb 11, 2020

    A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.

  38. CVE-2020-0612 Published Jan 14, 2020

    A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.

  39. CVE-2020-0611 Published Jan 14, 2020

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

  40. CVE-2020-0610 Published Jan 14, 2020

    A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.

  41. CVE-2020-0609 Published Jan 14, 2020

    A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610.

  42. CVE-2009-3864 Published Nov 5, 2009

    The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.

  43. CVE-2008-6194 Published Feb 19, 2009

    Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898.

  44. CVE-2008-5112 Published Nov 17, 2008

    The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.

  45. CVE-2008-4037 Published Nov 12, 2008

    Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.

  46. CVE-2008-3012 Published Sep 11, 2008

    gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."

  47. CVE-2007-5348 Published Sep 11, 2008

    Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."

  48. CVE-2007-2108 Published Apr 18, 2007

    Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges.

  49. CVE-1999-0524 Published Aug 1, 1997

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.