rpm package
almalinux/freerdp
pkg:rpm/almalinux/freerdp
Vulnerabilities (65)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-39316 | — | < 2:2.4.1-5.el9 | 2:2.4.1-5.el9 | Nov 16, 2022 | FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. | ||
| CVE-2022-39283 | — | < 2:2.4.1-5.el9 | 2:2.4.1-5.el9 | Oct 12, 2022 | FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue h | ||
| CVE-2022-39282 | — | < 2:2.4.1-5.el9 | 2:2.4.1-5.el9 | Oct 12, 2022 | FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not af | ||
| CVE-2021-41160 | — | < 2:2.2.0-7.el8_5 | 2:2.2.0-7.el8_5 | Oct 21, 2021 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the clie | ||
| CVE-2021-41159 | — | < 2:2.2.0-7.el8_5 | 2:2.2.0-7.el8_5 | Oct 21, 2021 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out |
- CVE-2022-39316Nov 16, 2022affected < 2:2.4.1-5.el9fixed 2:2.4.1-5.el9
FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash.
- CVE-2022-39283Oct 12, 2022affected < 2:2.4.1-5.el9fixed 2:2.4.1-5.el9
FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue h
- CVE-2022-39282Oct 12, 2022affected < 2:2.4.1-5.el9fixed 2:2.4.1-5.el9
FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not af
- CVE-2021-41160Oct 21, 2021affected < 2:2.2.0-7.el8_5fixed 2:2.2.0-7.el8_5
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the clie
- CVE-2021-41159Oct 21, 2021affected < 2:2.2.0-7.el8_5fixed 2:2.2.0-7.el8_5
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out
Page 4 of 4