42 matches found
RLSA-2023:2851 Moderate: freerdp security update
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: clients using /parallel command line switch might read...
freerdp security update
An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...
RockyLinux 8 : freerdp (RLSA-2023:2851)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2851 advisory. freerdp: clients using /parallel command line switch might read uninitialized data CVE-2022-39282 freerdp: clients using the /video command line switch...
freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb
A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010666)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010666 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBD...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007188)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007188 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBD...
CVE-2026-24681
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion. This vulnerability is fixed in 3.22.0...
CVE-2026-24681 FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion. This vulnerability is fixed in 3.22.0...
CVE-2026-24681
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion. This vulnerability is fixed in 3.22.0...
FreeRDP 资源管理错误漏洞
FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.22.0 contained a resource management vulnerability. This vulnerability stemmed from the ability to reuse released channel callbacks after asynchronous batch transfers were completed...
MiracleLinux 9 : freerdp-2.4.1-5.el9 (AXSA:2023-5536:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5536:02 advisory. freerdp: clients using /parallel command line switch might read uninitialized data CVE-2022-39282 freerdp: clients using the /video command line...
MiracleLinux 8 : freerdp-2.2.0-10.el8 (AXSA:2023-5972:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5972:03 advisory. freerdp: clients using /parallel command line switch might read uninitialized data CVE-2022-39282 freerdp: clients using the /video command line...
EUVD-2022-41802
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-39319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the urbdrc channel. A malicio...
GLSA-202401-16 : FreeRDP: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-16 FreeRDP: Multiple Vulnerabilities - FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a...
freerdp: heap buffer overflow in urbdrc channel
An out-of-bounds read vulnerability exists due to a boundary condition within the urbdrc channel. Attempting an integer addition on narrow types leads to the allocation of a buffer too small to hold the data written. A malicious server can trick a FreeRDP based client to read out-of-bound data an...
freerdp: missing length validation in urbdrc channel
An out-of-bound read vulnerability was discovered in FreeRDP due to improper input length validation in client/datatransfer.c in the urbdrc channel. A malicious server can trigger an out-of-bounds read by tricking a FreeRDP based client to read out-of-bound data and send it back to the server...
freerdp: heap buffer overflow in urbdrc channel
An out-of-bounds read vulnerability exists due to a boundary condition within the urbdrc channel. Attempting an integer addition on narrow types leads to the allocation of a buffer too small to hold the data written. A malicious server can trick a FreeRDP based client to read out-of-bound data an...
freerdp: missing length validation in urbdrc channel
An out-of-bound read vulnerability was discovered in FreeRDP due to improper input length validation in client/datatransfer.c in the urbdrc channel. A malicious server can trigger an out-of-bounds read by tricking a FreeRDP based client to read out-of-bound data and send it back to the server...
freerdp: division by zero in urbdrc channel
A division-by-zero issue was found in FreeRDP's libusbudevice.c in the urbdrc channel. This flaw exists due to missing input validation in the urbdrc channel. A malicious server can pass specially crafted data to the client, causing a crash and denial of service...