VDB

GCVE-110-MAGEIA-2023-276

GCVE-110-MAGEIA-2023-276
Advisory Published
Vulnetix · Advisory published September 30, 2023
In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. (CVE-2023-40184)

Affected Products

VendorProductVersionsPlatforms
Mageiaxrdp0 (affected), 0.9.23-1.mga9 (unaffected)
Mageiaxrdp0 (affected), 0.9.23-1.mga8 (unaffected)

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›