CVSS: 5.7EPSS: 0%CPEs: 9EXPL: 1CVE-2020-12867 – sane-backends: NULL pointer dereference in sanei_epson_net_read function
https://notcve.org/view.php?id=CVE-2020-12867
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. Una desreferencia del puntero NULL en la función sanei_epson_net_read en SANE Backends versiones anteriores a la 1.0.30, permite a un dispositivo malicioso conectado a la misma red local que la víctima causar una denegación de servicio, también se conoce como GHSL-2020-075 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html https://l • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11043 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11043
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta una lectura fuera de límites en la función rfx_process_message_tileset. Los datos no válidos introducidos al decodificador de RFX resulta en una basura en pantalla (como colores). • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84 https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11043 https://bugzilla.redhat.com/show_bug.cgi?id=1848038 • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11085 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11085
In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0. En FreeRDP versiones anteriores a 2.1.0, se presenta una lectura fuera de límites en la función cliprdr_read_format_list. Los datos de formato Clipboard leídos (por el cliente o el servidor) podrían leer datos fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11085 https://bugzilla.redhat.com/show_bug.cgi?id=1844161 • CWE-125: Out-of-bounds Read •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11039 – Integer Overflow in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11039
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, cuando se usa un servidor manipulado con redirección del USB permitió que (por poco) una memoria arbitraria pueda ser leída y escrita debido a unos desbordamientos de enteros en las comprobaciones de longitud. Esto ha sido parcheado en la versión 2.1.0. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11039 https://bugzilla.redhat.com/show_bug.cgi?id=1848022 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11089 – Out-of-bound read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11089
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0. En FreeRDP versiones anteriores a 2.1.0, se presenta una lectura fuera de límite en las funciones de irp (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). Esto ha sido corregido en la versión 2.1.0. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16 https://github.com/FreeRDP/FreeRDP/commit/795842f4096501fcefc1a7f535ccc8132feb31d7 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11089 https://bugzilla.redhat.com/show_bug.cgi?id=1844184 • CWE-125: Out-of-bounds Read •