Page 24 of 703 results (0.013 seconds)

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue. • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat.com/security/cve/CVE-2022-39317 https://bugzilla.redhat.com/show_bug.cgi?id=2143643 • CWE-125: Out-of-bounds Read •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. • https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-125: Out-of-bounds Read •

CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch. • https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat.com/security/cve/CVE-2022-39320 https://bugzilla.redhat.com/show_bug.cgi?id=2143646 • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. GNOME Nautilus 42.2 permite una desreferencia del puntero NULL y el bloqueo de la aplicación get_basename a través de un archivo ZIP pegado. • https://gitlab.gnome.org/GNOME/nautilus/-/issues/2376 https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/1001 https://gitlab.gnome.org/GNOME/nautilus/-/tree/master https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PX5CVF4FAHFA6UNKHFBBLOP2NUMIQJAY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYPDZ7LBBUVU3WFK7DCGDFGK2GXTKGT5 • CWE-476: NULL Pointer Dereference •