171 matches found
CVE-2023-39352
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values rect-left and rect-top are exactly equal to surface-width and...
UBUNTU-CVE-2023-39353
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the libfreerdp/codec/rfx.c file there is no offset validation in tile-quantIdxY, tile-quantIdxCb, a...
Out-of-bounds
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the libfreerdp/codec/rfx.c file there is no offset validation in tile-quantIdxY, tile-quantIdxCb, a...
UBUNTU-CVE-2023-39352
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values rect-left and rect-top are exactly equal to surface-width and...
CVE-2023-39356
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function gdimultiopaquerect. In particular there is no code to validate if the value...
DEBIAN-CVE-2023-39351
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX rfx handling. Inside the rfxprocessmessagetileset function, the program allocates tiles...
UBUNTU-CVE-2023-39355
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing RDPGFXCMDIDRESETGRAPHICS packets. If context-maxPlaneSize is 0, context-planesBuffer wil...
UBUNTU-CVE-2023-39350
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS e.g. abort due to WINPRASSERT with default compilation flags. When an insufficient blockLen is provided, and proper length...
CVE-2023-39355 FreeRDP Use-After-Free in RDPGFX_CMDID_RESETGRAPHICS
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing RDPGFXCMDIDRESETGRAPHICS packets. If context-maxPlaneSize is 0, context-planesBuffer wil...
CVE-2023-39350 Incorrect offset calculation leading to denial of service in FreeRDP
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS e.g. abort due to WINPRASSERT with default compilation flags. When an insufficient blockLen is provided, and proper length...
CVE-2023-40589
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrushdecompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a...
PT-2023-4666 · Freerdp +8 · Freerdp +8
Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.11.0 FreeRDP versions prior to 3.0.0-beta3 Description: The issue affects FreeRDP clients only and is related to an integer underflow leading to a Denial of Service DOS vulnerability. When an insufficient blockLen ...
PT-2023-4669 · Freerdp +8 · Freerdp +8
Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.11.0 FreeRDP versions prior to 3.0.0-beta3 Description: The issue is related to an Out-Of-Bounds Write in the progressive decompress function, likely due to incorrect calculations of the nXSrc and nYSrc variables...
PT-2023-4673 · Freerdp +1 · Freerdp +1
Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 3.0.0-beta3 Description: The issue is related to a Use-After-Free problem in the avc420 ensure buffer and avc444 ensure buffer functions of the FreeRDP client. This occurs when the value of piDstSizex is 0, causing...
PT-2023-4667 · Freerdp · Freerdp
Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 3.0.0-beta3 Description: The issue is related to a Use-After-Free in processing RDPGFX CMDID RESETGRAPHICS packets. If context-maxPlaneSize is 0, context-planesBuffer will be freed, but without updating...
PT-2023-4670 · Freerdp +8 · Freerdp +8
Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.11.0 FreeRDP versions prior to 3.0.0-beta3 Description: The issue is related to a missing offset validation in the gdi multi opaque rect function, which can lead to an Out Of Bound Read error. This occurs when the...
PT-2023-4671 · Freerdp +8 · Freerdp +8
Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.11.0 FreeRDP versions prior to 3.0.0-beta3 Description: The issue is related to a missing offset validation in the libfreerdp/codec/rfx.c file, specifically in tile-quantIdxY, tile-quantIdxCb, and tile-quantIdxCr...
Discourse 跨站脚本漏洞
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A cross-site scripting vulnerability exists in Discourse that could allow an attacker to upload an SVG file to execute arbitrary JavaScript code on a user's browser. Affected...
Design/Logic Flaw
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the...
CVE-2023-28112 Discourse's SSRF protection missing for some FastImage requests
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the...