rpm package
opensuse/freerdp2&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/freerdp2&distro=openSUSE%20Tumbleweed
Vulnerabilities (114)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-8788 | — | < 2.4.0-2.1 | 2.4.0-2.1 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. | ||
| CVE-2018-8787 | — | < 2.4.0-2.1 | 2.4.0-2.1 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8786 | — | < 2.4.0-2.1 | 2.4.0-2.1 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8785 | — | < 2.4.0-2.1 | 2.4.0-2.1 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8784 | — | < 2.4.0-2.1 | 2.4.0-2.1 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2017-2839 | Med | 5.9 | < 2.4.0-2.1 | 2.4.0-2.1 | Apr 24, 2018 | An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server | |
| CVE-2017-2838 | Med | 5.9 | < 2.4.0-2.1 | 2.4.0-2.1 | Apr 24, 2018 | An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server | |
| CVE-2017-2837 | Med | 5.9 | < 2.4.0-2.1 | 2.4.0-2.1 | Apr 24, 2018 | An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or u | |
| CVE-2017-2836 | Med | 5.9 | < 2.4.0-2.1 | 2.4.0-2.1 | Apr 24, 2018 | An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromis | |
| CVE-2017-2835 | Hig | 8.1 | < 2.4.0-2.1 | 2.4.0-2.1 | Apr 24, 2018 | An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in | |
| CVE-2017-2834 | Hig | 7.0 | < 2.4.0-2.1 | 2.4.0-2.1 | Apr 24, 2018 | An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man | |
| CVE-2018-0886 | Hig | 7.0 | < 2.4.0-2.1 | 2.4.0-2.1 | Mar 14, 2018 | The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows | |
| CVE-2014-0250 | — | < 2.11.5-1.1 | 2.11.5-1.1 | Nov 16, 2014 | Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. | ||
| CVE-2014-0791 | — | < 2.11.5-1.1 | 2.11.5-1.1 | Jan 3, 2014 | Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Se |
- CVE-2018-8788Nov 29, 2018affected < 2.4.0-2.1fixed 2.4.0-2.1
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
- CVE-2018-8787Nov 29, 2018affected < 2.4.0-2.1fixed 2.4.0-2.1
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
- CVE-2018-8786Nov 29, 2018affected < 2.4.0-2.1fixed 2.4.0-2.1
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
- CVE-2018-8785Nov 29, 2018affected < 2.4.0-2.1fixed 2.4.0-2.1
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8784Nov 29, 2018affected < 2.4.0-2.1fixed 2.4.0-2.1
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.
- affected < 2.4.0-2.1fixed 2.4.0-2.1
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server
- affected < 2.4.0-2.1fixed 2.4.0-2.1
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server
- affected < 2.4.0-2.1fixed 2.4.0-2.1
An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or u
- affected < 2.4.0-2.1fixed 2.4.0-2.1
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromis
- affected < 2.4.0-2.1fixed 2.4.0-2.1
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in
- affected < 2.4.0-2.1fixed 2.4.0-2.1
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man
- affected < 2.4.0-2.1fixed 2.4.0-2.1
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows
- CVE-2014-0250Nov 16, 2014affected < 2.11.5-1.1fixed 2.11.5-1.1
Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.
- CVE-2014-0791Jan 3, 2014affected < 2.11.5-1.1fixed 2.11.5-1.1
Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Se
Page 6 of 6