CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11099 – OOB Read in license_read_new_or_upgrade_license_packet in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11099
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en license_read_new_or_upgrade_license_packet. Un paquete de licencia manipulado puede conllevar a lecturas fuera del limite en un búfer interno. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11098 – Out-of-bound read in glyph_cache_put in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11098
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límite en glyph_cache_put. Esto afecta a todos los clientes de FreeRDP con la opción "+glyph-cache" habilitada. Esto es corregido en la versión 2.1.2 FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4030 – OOB read in `TrioParse` in FreeRDP
https://notcve.org/view.php?id=CVE-2020-4030
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en TrioParse. El registro puede omitir las comprobaciones de longitud de cadena debido a un desbordamiento de enteros. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11095 – Global OOB read in update_recv_primary_order in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11095
22 Jun 2020 — In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se producen lecturas fuera de límite que resultan en el acceso a una ubicación de memoria que está fuera de límites de la matriz estática de PRIMARY_DRAWING_ORDER_FIELD_BYTES. Esto es corregido en la versión 2.1.2 FreeRDP is a free implementation ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4033 – OOB Read in RLEDECOMPRESS in FreeRDP
https://notcve.org/view.php?id=CVE-2020-4033
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en RLEDECOMPRESS. Todos los clientes basados ?? • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4032 – Integer casting vulnerability in `update_recv_secondary_order` in FreeRDP
https://notcve.org/view.php?id=CVE-2020-4032
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una vulnerabilidad de conversión de enteros en update_recv_secondary_order. Todos los clientes con +glyph-cache /relax-order-checks están afectados. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4031 – Use-After-Free in gdi_SelectObject in FreeRDP
https://notcve.org/view.php?id=CVE-2020-4031
22 Jun 2020 — In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta un uso de la memoria previamente liberada en gdi_SelectObject. Todos los clientes FreeRDP que usan el modo de compatibilidad con /relax-order-checks están afectados. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11096 – Global OOB read in update_read_cache_bitmap_v3_order in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11096
22 Jun 2020 — In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura OOB global en update_read_cache_bitmap_v3_order. Como solución alternativa, se puede deshabilitar la memoria caché de mapa de bits con -bitmap-cache (predeterminado). • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11097 – OOB read in ntlm_av_pair_get in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11097
22 Jun 2020 — In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se produce una lectura fuera de límites resultando en el acceso a una ubicación de memoria que está fuera de límites de la matriz estática PRIMARY_DRAWING_ORDER_FIELD_BYTES. Esto es corregido en la versión 2.1.2 FreeRDP is a free implementation of... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11087 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11087
29 May 2020 — In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta una lectura fuera de límites en la función ntlm_read_AuthenticateMessage. Esto ha sido corregido en la versión 2.1.0. FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •