171 matches found
CVE-2023-47119 HTML injection in oneboxed links
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the...
PT-2023-29706 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier of the beta and tests-passed branches Description: Discourse is an open source platform for community discussion. There is an edge case where a bookmark reminder is...
PT-2023-29863 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.3 Discourse versions prior to 3.2.0.beta3 Description: Discourse is an open source platform for community discussion. The issue affects the availability of subsequent replies in a topic when users can add svgs...
PT-2023-30325 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier in the beta and tests-passed branches Description: Discourse is an open source platform for community discussion. The embedding feature is susceptible to server side...
CVE-2023-40576
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the RleDecompress function. This Out-Of-Bounds Read occurs because FreeRDP processes the pbSrcBuffer variable without checking if it...
CVE-2023-40575
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalYUV444ToRGB8uP3AC4RBGRX function. This issue is likely down to insufficient data for the pSrc variable and results in crashe...
CVE-2023-40188
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalLumaToYUV444 function. This Out-Of-Bounds Read occurs because processing is done on the in variable without checking if it...
SUSE CVE-2023-40181
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the zgfxdecompresssegment function. In the context of CopyMemory, it's possible to read data beyond the...
SUSE CVE-2023-40187
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the avc420ensurebuffer and avc444ensurebuffer functions. If the value of piDstSizex is 0, ppYUVDstDatax will be...
SUSE CVE-2023-40569
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the progressivedecompress function. This issue is likely down to incorrect calculations of the nXSrc and nYSrc variables. This issue h...
CVE-2023-40574
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the writePixelBGRX function. This issue is likely down to incorrect calculations of the nHeight and srcStep variables. This issue has...
DEBIAN-CVE-2023-40188
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalLumaToYUV444 function. This Out-Of-Bounds Read occurs because processing is done on the in variable without checking if it...
UBUNTU-CVE-2023-40575
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalYUV444ToRGB8uP3AC4RBGRX function. This issue is likely down to insufficient data for the pSrc variable and results in crashe...
UBUNTU-CVE-2023-40576
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the RleDecompress function. This Out-Of-Bounds Read occurs because FreeRDP processes the pbSrcBuffer variable without checking if it...
UBUNTU-CVE-2023-40569
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the progressivedecompress function. This issue is likely down to incorrect calculations of the nXSrc and nYSrc variables. This issue h...
CVE-2023-40576
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the RleDecompress function. This Out-Of-Bounds Read occurs because FreeRDP processes the pbSrcBuffer variable without checking if it...
CVE-2023-40574
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the writePixelBGRX function. This issue is likely down to incorrect calculations of the nHeight and srcStep variables. This issue has...
CVE-2023-40576
FreeRDP (RDP library) contains a vulnerability CVE-2023-40576: Out-Of-Bounds Read in the RleDecompress function caused by processing pbSrcBuffer without validating sufficient data. The issue affects FreeRDP and has been addressed in version 3.0.0-beta3; upgrades to 3.0.0-beta3 or newer are recomm...
CVE-2023-40575 Out-Of-Bounds Read in FreeRDP
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalYUV444ToRGB8uP3AC4RBGRX function. This issue is likely down to insufficient data for the pSrc variable and results in crashe...
CVE-2023-40575 Out-Of-Bounds Read in FreeRDP
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalYUV444ToRGB8uP3AC4RBGRX function. This issue is likely down to insufficient data for the pSrc variable and results in crashe...