CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4032 – Integer casting vulnerability in `update_recv_secondary_order` in FreeRDP
https://notcve.org/view.php?id=CVE-2020-4032
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una vulnerabilidad de conversión de enteros en update_recv_secondary_order. Todos los clientes con +glyph-cache /relax-order-checks están afectados. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4030 – OOB read in `TrioParse` in FreeRDP
https://notcve.org/view.php?id=CVE-2020-4030
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en TrioParse. El registro puede omitir las comprobaciones de longitud de cadena debido a un desbordamiento de enteros. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4033 – OOB Read in RLEDECOMPRESS in FreeRDP
https://notcve.org/view.php?id=CVE-2020-4033
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en RLEDECOMPRESS. Todos los clientes basados ?? • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11096 – Global OOB read in update_read_cache_bitmap_v3_order in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11096
22 Jun 2020 — In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura OOB global en update_read_cache_bitmap_v3_order. Como solución alternativa, se puede deshabilitar la memoria caché de mapa de bits con -bitmap-cache (predeterminado). • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11097 – OOB read in ntlm_av_pair_get in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11097
22 Jun 2020 — In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se produce una lectura fuera de límites resultando en el acceso a una ubicación de memoria que está fuera de límites de la matriz estática PRIMARY_DRAWING_ORDER_FIELD_BYTES. Esto es corregido en la versión 2.1.2 • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11099 – OOB Read in license_read_new_or_upgrade_license_packet in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11099
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en license_read_new_or_upgrade_license_packet. Un paquete de licencia manipulado puede conllevar a lecturas fuera del limite en un búfer interno. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11095 – Global OOB read in update_recv_primary_order in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11095
22 Jun 2020 — In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se producen lecturas fuera de límite que resultan en el acceso a una ubicación de memoria que está fuera de límites de la matriz estática de PRIMARY_DRAWING_ORDER_FIELD_BYTES. Esto es corregido en la versión 2.1.2 • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4031 – Use-After-Free in gdi_SelectObject in FreeRDP
https://notcve.org/view.php?id=CVE-2020-4031
22 Jun 2020 — In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta un uso de la memoria previamente liberada en gdi_SelectObject. Todos los clientes FreeRDP que usan el modo de compatibilidad con /relax-order-checks están afectados. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11098 – Out-of-bound read in glyph_cache_put in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11098
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límite en glyph_cache_put. Esto afecta a todos los clientes de FreeRDP con la opción "+glyph-cache" habilitada. Esto es corregido en la versión 2.1.2 • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 0CVE-2020-14954
https://notcve.org/view.php?id=CVE-2020-14954
21 Jun 2020 — Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." Mutt versiones anteriores a 1.14.4 y NeoMutt antes del 19-06-2020, presentan un problema de almacenamiento de STARTTLS que afecta a IMAP, SMTP y POP3. Cuando un servidor envía una respuesta "begin TLS", el cliente le... • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •