2 matches found
CVE-2026-42560 auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation
auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. ...
UBUNTU-CVE-2020-4031
In FreeRDP before version 2.1.2, there is a use-after-free in gdiSelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2...