RDP vulnerabilities

Showing 1 - 14 of 14 CVEs

  1. CVE-2026-21533 Published Feb 10, 2026

    Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

  2. CVE-2026-23883 Published Jan 19, 2026

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

  3. CVE-2025-29966 Published May 13, 2025

    Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.

  4. CVE-2025-21297 Published Jan 14, 2025

    Windows Remote Desktop Services Remote Code Execution Vulnerability

  5. CVE-2024-38076 Published Jul 9, 2024

    Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

  6. CVE-2022-23285 Published Mar 9, 2022

    Remote Desktop Client Remote Code Execution Vulnerability

  7. CVE-2021-41371 Published Nov 10, 2021

    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

  8. CVE-2021-38631 Published Nov 10, 2021

    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

  9. CVE-2021-36958 Published Aug 12, 2021

    <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>

  10. CVE-2020-16896 Published Oct 16, 2020

    <p>An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services.</p> <p>The update addresses the vulnerability by correcting how RDP handles connection requests.</p>

  11. CVE-2020-0612 Published Jan 14, 2020

    A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.

  12. CVE-2020-0611 Published Jan 14, 2020

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

  13. CVE-2020-0610 Published Jan 14, 2020

    A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.

  14. CVE-2020-0609 Published Jan 14, 2020

    A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610.