CVSS: 6.6EPSS: 1%CPEs: 13EXPL: 1CVE-2020-11521 – freerdp: Out-of-bounds write in planar.c
https://notcve.org/view.php?id=CVE-2020-11521
15 May 2020 — libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. El archivo libfreerdp/codec/planar.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta una Escritura Fuera de límites. A flaw was found in freerdp in versions between 1.0 and 2.0.0. An out-of-bounds memory write was found in the planar.c function which could allow an attacker to control data sent from the RDP server to the client. The highest threat from this vulnerability is to data confidentiali... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 1CVE-2020-11522 – freerdp: out-of-bounds read in gdi.c
https://notcve.org/view.php?id=CVE-2020-11522
15 May 2020 — libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. El archivo libfreerdp/gdi/gdi.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta una Lectura Fuera de límites. FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME desktop. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 6.6EPSS: 1%CPEs: 13EXPL: 1CVE-2020-11523 – freerdp: Integer overflow in region.c
https://notcve.org/view.php?id=CVE-2020-11523
15 May 2020 — libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. El archivo libfreerdp/gdi/region.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta un Desbordamiento de Enteros. A flaw was found in FreeRDP in versions between 1.0 and 2.0.0. An integer overflow was found in the region.c function which could allow an attacker the ability to control the RDP server as well as the data sent to the client. The highest threat from this vulnerability is to data confident... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.6EPSS: 0%CPEs: 11EXPL: 1CVE-2020-11524 – freerdp: Out-of-bounds write in interleaved.c
https://notcve.org/view.php?id=CVE-2020-11524
15 May 2020 — libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. El archivo libfreerdp/codec/interleaved.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta una Escritura Fuera de límites. A flaw was found in FreeRDP between versions 1.0 and 2.0.0. An out-of-bounds memory write was found in the interleaved.c function which could allow an attacker to take over and control the RDP server, including data sent to the client. The highest threat from this vulne... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 3.5EPSS: 1%CPEs: 13EXPL: 1CVE-2020-11525 – freerdp: out-of-bounds read in bitmap.c
https://notcve.org/view.php?id=CVE-2020-11525
15 May 2020 — libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. El archivo libfreerdp/cache/bitmap.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta una Lectura Fuera de límites. FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME d... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 3.5EPSS: 0%CPEs: 13EXPL: 1CVE-2020-11526 – freerdp: Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later
https://notcve.org/view.php?id=CVE-2020-11526
15 May 2020 — libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. El archivo libfreerdp/core/update.c en FreeRDP versiones posteriores a 1.1 hasta 2.0.0-rc4, presenta una Lectura Fuera de límites. FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME des... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11058 – Improper Restriction of Operations within the Bounds of a Memory Buffer in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11058
12 May 2020 — In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. En FreeRDP versiones posteriores a 1.1 y anteriores a 2.0.0, una búsqueda fuera de límites de flujo de datos en rdp_read_font_capability_set podría conllevar a una posterior lectura fuera de límites. Como resultado, un cliente o servidor manip... • https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 1CVE-2020-11042 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11042
07 May 2020 — In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. En FreeRDP versiones superiores a 1.2 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límites en update_read_icon_info. • https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f • CWE-125: Out-of-bounds Read •
CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-11044 – Double Free in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11044
07 May 2020 — In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. En FreeRDP versiones superiores a 1.2 y versiones anteriores a 2.0.0, una doble liberación en update_read_cache_bitmap_v3_order bloquea la aplicación del cliente si los datos corruptos son analizados desde un servidor manipulado. Esto ha sido parcheado en la versión 2.0.0. FreeRDP is a free imple... • https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8 • CWE-415: Double Free CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 1CVE-2020-11045 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11045
07 May 2020 — In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. En FreeRDP versiones posteriores a 1.0 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límite en update_read_bitmap_data que permite que la memoria del cliente sea leída en un búfer imagen. El resultado se muestra en la pantalla como colour. FreeRDP is a free implementation of the Remote Desktop ... • https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 • CWE-125: Out-of-bounds Read •