Lucene search
+L

4320 matches found

AlpineLinux
AlpineLinux
added 2026/07/10 7:52 p.m.16 views

CVE-2026-57156

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...

9.8CVSS6.2AI score0.00698EPSS
Exploits1
CVE
CVE
added 2026/07/10 7:51 p.m.15 views

CVE-2026-57157

FreeRDP (server implementations with the MS-RDPECAM camera device enumerator channel enabled) is affected prior to 3.28.0. Attackers can cause a 1- to 2-byte out-of-bounds heap read by scanning attacker-supplied DeviceName and VirtualChannelName fields and dereferencing beyond the scanned bound i...

6.5CVSS6.1AI score0.00539EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/07/10 7:51 p.m.7 views

EUVD-2026-43006

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00539EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2026/07/10 7:51 p.m.6 views

CVE-2026-57157

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00539EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/07/10 7:49 p.m.8 views

CVE-2026-57158

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

9.1CVSS7AI score0.0069EPSS
Exploits1
EUVD
EUVD
added 2026/07/10 7:47 p.m.10 views

EUVD-2026-43004

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

7.5CVSS6.1AI score0.00526EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/07/10 7:47 p.m.36 views

CVE-2026-55827 FreeRDP: Heap out-of-bounds write in RemoteFX (RFX) Cache Bitmap V3 decode

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

7.5CVSS0.00526EPSS
Exploits1References4
CVE
CVE
added 2026/07/10 7:47 p.m.25 views

CVE-2026-55827

CVE-2026-55827 affects FreeRDP prior to 3.27.1. When clients start with the non-default /cache:codec:rfx option, FreeRDP passes desktop stride/height to RemoteFX decoding for Cache Bitmap V3 data and allocates bitmap->data only for the smaller DstWidth/DstHeight in gdi_Bitmap_Decompress, enabl...

8.8CVSS6.1AI score0.00526EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/07/10 7:47 p.m.14 views

CVE-2026-55827

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

8.8CVSS6.1AI score0.00526EPSS
Exploits1
OSV
OSV
added 2026/07/10 12:3 p.m.2 views

RLSA-2026:37207 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows...

8.8CVSS6.5AI score0.00502EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2026/07/10 12:3 p.m.4 views

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

9.8CVSS6.5AI score0.00502EPSS
Exploits1
OSV
OSV
added 2026/07/10 10:10 a.m.3 views

RHSA-2026:37207 Red Hat Security Advisory: freerdp security update

Bulletin has no description...

8.8CVSS6.1AI score0.00502EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.6 views

PT-2026-57293

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.28.0 Description FreeRDP clients on 32-bit builds contain an integer overflow in the update read delta points function within libfreerdp/core/orders.c. This occurs when multiplying an attacker-controlled point count...

9.8CVSS6.2AI score0.00698EPSS
Exploits2References13
RedhatCVE
RedhatCVE
added 2026/07/09 2:16 p.m.7 views

CVE-2026-56297

A flaw was found in FreeRDP. A malicious Remote Desktop Protocol RDP server can exploit a use-after-free vulnerability due to improper synchronization of channel callback access. By sending DYNVCDATA and DYNVCCLOSE messages concurrently, a race condition can be triggered in the drdynvc client...

8.3CVSS6.5AI score0.00281EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/09 10:4 a.m.5 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS6.6AI score0.00502EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/07/09 10:4 a.m.5 views

freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...

9.8CVSS6.6AI score0.00502EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-56297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcmanchannelclose and dvcmancallonreceive due to improper synchronization of channelcallback...

8.3CVSS6.5AI score0.00281EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2026/07/09 12:0 a.m.3 views

Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows...

9.8CVSS6.5AI score0.00502EPSS
Exploits1References4
OSV
OSV
added 2026/07/08 2:17 p.m.2 views

DEBIAN-CVE-2026-56297

FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcmanchannelclose and dvcmancallonreceive due to improper synchronization of channelcallback access. A malicious RDP server can trigger a race condition by sending DYNVCDATA and DYNVCCLOSE messages concurrently, causing...

8.1CVSS6.5AI score0.00281EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/08 1:49 p.m.5 views

EUVD-2026-42255

FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcmanchannelclose and dvcmancallonreceive due to improper synchronization of channelcallback access. A malicious RDP server can trigger a race condition by sending DYNVCDATA and DYNVCCLOSE messages concurrently, causing...

8.3CVSS6.6AI score0.00281EPSS
Exploits1References2
Rows per page
Query Builder