CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-11049 – Out-of-bounds Read in FreeRDPrdp_read_share_control_header
https://notcve.org/view.php?id=CVE-2020-11049
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0. En FreeRDP versiones posteriores a 1.1 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límite de la memoria del cliente que es pasada luego en el analizador de protocolo. Esto ha sido parcheado en la versión 2.0.0. • https://github.com/FreeRDP/FreeRDP/commit/c367f65d42e0d2e1ca248998175180aa9c2eacd0 https://github.com/FreeRDP/FreeRDP/issues/6008 https://github.com/FreeRDP/FreeRDP/pull/6019 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11049 https://bugzilla.redhat.com/show_bug.cgi?id=1835772 • CWE-125: Out-of-bounds Read •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 1CVE-2020-11045 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11045
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. En FreeRDP versiones posteriores a 1.0 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límite en update_read_bitmap_data que permite que la memoria del cliente sea leída en un búfer imagen. El resultado se muestra en la pantalla como colour. • https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 https://github.com/FreeRDP/FreeRDP/issues/6005 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11045 https://bugzilla.redhat.com/show_bug&# • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 1CVE-2020-11047 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11047
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0. En FreeRDP versiones posteriores a 1.1 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límites en autodetect_recv_bandwidth_measure_results. Un servidor malicioso puede extraer hasta 8 bytes de la memoria del cliente con un mensaje manipulado al proporcionar una entrada corta y leer los datos del resultado de la medición. • https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65 https://github.com/FreeRDP/FreeRDP/issues/6009 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://access.redhat.com/security/cve/CVE-2020-11047 https://bugzilla.redhat.com/show_bug.cgi?id=1835762 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 1%CPEs: 7EXPL: 1CVE-2020-11042 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11042
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. En FreeRDP versiones superiores a 1.2 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límites en update_read_icon_info. • https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f https://github.com/FreeRDP/FreeRDP/issues/6010 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11042 https://bugzilla.redhat.com/show_bug&# • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12392 – Mozilla: Arbitrary local file access with 'Copy as cURL'
https://notcve.org/view.php?id=CVE-2020-12392
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. La funcionalidad "Copy as cURL" de la pestaña de red de Devtools no escapa apropiadamente los datos HTTP POST de una petición, que el sitio web puede controlar. Si un usuario usó la funcionalidad "Copy as cURL" y pegó el comando a un terminal, podría haber resultado en la divulgación de archivos locales. • https://bugzilla.mozilla.org/show_bug.cgi?id=1614468 https://security.gentoo.org/glsa/202005-03 https://security.gentoo.org/glsa/202005-04 https://usn.ubuntu.com/4373-1 https://www.mozilla.org/security/advisories/mfsa2020-16 https://www.mozilla.org/security/advisories/mfsa2020-17 https://www.mozilla.org/security/advisories/mfsa2020-18 https://access.redhat.com/security/cve/CVE-2020-12392 https://bugzilla.redhat.com/show_bug.cgi?id=1831764 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-552: Files or Directories Accessible to External Parties •