93 matches found
Debian dla-3606 : freerdp2-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3606 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3606-1 [email protected]...
Oracle Linux 7 : libssh2 (ELSA-2019-2136)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2136 advisory. - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes CVE-2019-3863 - fix out-of-bounds memory comparison with...
ALSA-2023:4535 Moderate: postgresql:12 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 postgresql: Client memory disclosure...
SAP PowerDesigner Information Disclosure Vulnerability
SAP PowerDesigner is a database design software from SAP, Germany. An information disclosure vulnerability exists in SAP PowerDesigner that originates from a special method to access password hashes from client memory...
Moderate: Red Hat Security Advisory: postgresql:13 security update
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Mageia: Security Advisory (MGASA-2023-0064)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2023-0064 Updated postgresql packages fix security vulnerability
Client memory disclosure when connecting, with Kerberos, to modified server. CVE-2022-41862...
SUSE CVE-2017-13721
In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...
SUSE CVE-2019-3858
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
SUSE CVE-2019-3860
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.
PostgreSQL Project reports: A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. When a libpq client application has a Kerberos credential cache and doesn't explicitly disable option gssencmode, a server can cause libpq to...
Denial of Service (DoS)
Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS via excess memory allocations...
FreeRDP < 2.4.1 Multiple Vulnerabilities
FreeRDP is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
FreeRDP 缓冲区错误漏洞
FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A buffer error vulnerability exists in versions prior to FreeRDP 2.4.1, which stems from the program's inability to validate input data, and a malicious gateway could allow out-of-bounds writes to...
SUSE SLES11 Security Update : libssh2_org (SUSE-SU-2019:14099-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2019:14099-1 advisory. - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who...
EulerOS 2.0 SP5 : freerdp (EulerOS-SA-2021-1675)
According to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in updatereadiconinfo. It allows reading a attacker-defined amount...
freerdp: out-of-bound read of client memory that is then passed on to the protocol parser
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0...
CVE-2020-11049
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0...
Out-of-bound Reads
FreeRDP is vulnerable to Out-of-bound Reads. The vulnerability exists because it does not properly handle the updatereadiconinfo data boundary checks, leading to a leakage of amount of client memory 32bit unsigned - 4GB to an intermediate buffer and crashing an application or unauthorized storage...
CVE-2020-11049
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0...