20 matches found
EUVD-2022-41801
Malicious code in bioql PyPI...
Debian dla-3606 : freerdp2-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3606 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3606-1 [email protected]...
SUSE SLED15: freerdp / freerdp-devel / freerdp-proxy / freerdp-server / etc (SUSE-SU-2022:4292-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4292-1 advisory. - CVE-2022-39318: Fixed division by zero in urbdrc bsc1205563. - CVE-2022-39319: Fixed missing...
CVE-2022-39319
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the urbdrc channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in...
CVE-2022-39319
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the urbdrc channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in...
CVE-2022-39317
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in versio...
CVE-2022-41877
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version...
Design/Logic Flaw
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send i...
CVE-2022-41877 Missing input length validation in `drive` channel in FreeRDP
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version...
CVE-2022-39320
CVE-2022-39320 affects FreeRDP and relates to a heap buffer overflow in the urbdrc channel caused by integer addition on too-narrow types, leading to writing data into a too-small allocation. Exploitation could enable reading out-of-bound data and echoing it back to the server. The vulnerability ...
CVE-2022-41877 Missing input length validation in `drive` channel in FreeRDP
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version...
CVE-2022-39319 Missing length validation in urbdrc channel in FreeRDP
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the urbdrc channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in...
CVE-2022-41877
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version...
CVE-2022-39319
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the urbdrc channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in...
CVE-2022-41877
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version...
EulerOS 2.0 SP8 : freerdp (EulerOS-SA-2022-1564)
According to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the...
CVE-2020-11040
CVE-2020-11040 affects FreeRDP versions up to 2.0.0, where an out-of-bounds data read from memory occurs in clear_decompress_subcode_rlex and is visualized as color on screen. The issue has been fixed in version 2.1.0. Related advisories from Debian, CentOS/RHEL, AlmaLinux, Amazon Linux 2 and CNV...
CVE-2019-8275
UltraVNC revision 1211 contains multiple improper null termination vulnerabilities in the VNC server code, allowing out-of-bounds data access via network. CVSS v3.1 base score 9.8. Affected: UltraVNC 1211; fix: upgrade to revision 1212 (addressed in the same family of issues).
CVE-2019-8275
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212...
Null pointer dereference
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212...