VYPR

rpm package

suse/freerdp&distro=SUSE Linux Enterprise Desktop 12 SP3

pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3

Vulnerabilities (14)

  • CVE-2018-1000852Dec 20, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1

    FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory..

  • CVE-2018-8789Nov 29, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1

    FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

  • CVE-2018-8788Nov 29, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1

    FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.

  • CVE-2018-8787Nov 29, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1

    FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.

  • CVE-2018-8786Nov 29, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1

    FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

  • CVE-2018-8785Nov 29, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1

    FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.

  • CVE-2018-8784Nov 29, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1

    FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.

  • CVE-2017-2839MedApr 24, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.3.2fixed 2.0.0~git.1463131968.4e66df7-12.3.2

    An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server

  • CVE-2017-2838MedApr 24, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.3.2fixed 2.0.0~git.1463131968.4e66df7-12.3.2

    An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server

  • CVE-2017-2837MedApr 24, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.3.2fixed 2.0.0~git.1463131968.4e66df7-12.3.2

    An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or u

  • CVE-2017-2836MedApr 24, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.3.2fixed 2.0.0~git.1463131968.4e66df7-12.3.2

    An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromis

  • CVE-2017-2835HigApr 24, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.3.2fixed 2.0.0~git.1463131968.4e66df7-12.3.2

    An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in

  • CVE-2017-2834HigApr 24, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.3.2fixed 2.0.0~git.1463131968.4e66df7-12.3.2

    An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man

  • CVE-2018-0886HigMar 14, 2018
    affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1

    The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows