CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11038 – Integer Overflow to Buffer Overflow in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11038
29 May 2020 — In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta un Desbordamiento de Enteros ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11085 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11085
29 May 2020 — In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0. En FreeRDP versiones anteriores a 2.1.0, se presenta una lectura fuera de límites en la función cliprdr_read_format_list. Los datos de formato Clipboard leídos (por el cliente o el servidor) podrían leer datos fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13398 – freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c
https://notcve.org/view.php?id=CVE-2020-13398
22 May 2020 — An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. Se detectó un problema en FreeRDP versiones anteriores a 2.1.1. Ha sido detectada una vulnerabilidad de escritura fuera de límites (OOB) en la función crypto_rsa_common en el archivo libfreerdp/crypto/crypto.c. An issue was found in freerdp's libfreerdp/crypto/crypto.c, in versions before 2.1.1, where buffer access with an incorrect length value, l... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13397 – freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c
https://notcve.org/view.php?id=CVE-2020-13397
22 May 2020 — An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. Se detectó un problema en FreeRDP versiones anteriores a 2.1.1. Ha sido detectada una vulnerabilidad de lectura fuera de límites (OOB) en la función security_fips_decrypt en el archivo libfreerdp/core/security.c debido a un valor no inicializado. FreeRDP is a free implementation of the Remote Desktop Protocol, relea... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13396 – freerdp: Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
https://notcve.org/view.php?id=CVE-2020-13396
22 May 2020 — An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. Se detectó un problema en FreeRDP versiones anteriores a 2.1.1. Se detectó una vulnerabilidad de lectura fuera de límites (OOB) en la función ntlm_read_ChallengeMessage en el archivo winpr/libwinpr/sspi/NTLM/ ntlm_message.c. FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 6.6EPSS: 0%CPEs: 13EXPL: 1CVE-2020-11523 – freerdp: Integer overflow in region.c
https://notcve.org/view.php?id=CVE-2020-11523
15 May 2020 — libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. El archivo libfreerdp/gdi/region.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta un Desbordamiento de Enteros. A flaw was found in FreeRDP in versions between 1.0 and 2.0.0. An integer overflow was found in the region.c function which could allow an attacker the ability to control the RDP server as well as the data sent to the client. The highest threat from this vulnerability is to data confident... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.5EPSS: 0%CPEs: 13EXPL: 1CVE-2020-11526 – freerdp: Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later
https://notcve.org/view.php?id=CVE-2020-11526
15 May 2020 — libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. El archivo libfreerdp/core/update.c en FreeRDP versiones posteriores a 1.1 hasta 2.0.0-rc4, presenta una Lectura Fuera de límites. FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME des... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 1CVE-2020-11522 – freerdp: out-of-bounds read in gdi.c
https://notcve.org/view.php?id=CVE-2020-11522
15 May 2020 — libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. El archivo libfreerdp/gdi/gdi.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta una Lectura Fuera de límites. FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME desktop. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 3.5EPSS: 0%CPEs: 13EXPL: 1CVE-2020-11525 – freerdp: out-of-bounds read in bitmap.c
https://notcve.org/view.php?id=CVE-2020-11525
15 May 2020 — libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. El archivo libfreerdp/cache/bitmap.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta una Lectura Fuera de límites. FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME d... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 6.6EPSS: 0%CPEs: 13EXPL: 1CVE-2020-11521 – freerdp: Out-of-bounds write in planar.c
https://notcve.org/view.php?id=CVE-2020-11521
15 May 2020 — libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. El archivo libfreerdp/codec/planar.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta una Escritura Fuera de límites. A flaw was found in freerdp in versions between 1.0 and 2.0.0. An out-of-bounds memory write was found in the planar.c function which could allow an attacker to control data sent from the RDP server to the client. The highest threat from this vulnerability is to data confidentiali... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •