CVEs

Although I am only starting out and I don't have a lot of experience, I have done some vulnerability research professionally. This page lists all the vulnerabilities I have found as part of my research that were assigned a CVE ID, with technical details of variable length. Some of these were awarded bounties.

CVE-2021-38666 in Windows — Remote Code Execution in the RDP client

In Microsoft Remote Desktop, a malicious RDP server could trigger a remote code execution on a client.
Read more →

CVE-2021-38665 in Windows — Remote Heap Leak in the RDP client

In Microsoft Remote Desktop, a malicious RDP server could remotely leak heap memory from a client.
Read more →

CVE-2021-37595 in FreeRDP — Remote Arbitrary File Read

In FreeRDP < 2.4.0 (Windows), a malicious RDP server can remotely read arbitrary files from a client’s system through the clipboard extension (enabled by default).
Read more →

CVE-2021-37594 in FreeRDP — Remote Memory Leak

In FreeRDP < 2.4.0 (Windows), a malicious RDP server can remotely leak memory from a client’s system through the clipboard extension (enabled by default).
Read more →