rpm package
suse/vinagre&distro=SUSE Linux Enterprise Workstation Extension 12 SP5
pkg:rpm/suse/vinagre&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
Vulnerabilities (46)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11019 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 29, 2020 | In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. | ||
| CVE-2020-11018 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 29, 2020 | In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. | ||
| CVE-2020-11017 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 29, 2020 | In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. | ||
| CVE-2020-13398 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 22, 2020 | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | ||
| CVE-2020-13397 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 22, 2020 | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. | ||
| CVE-2020-13396 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 22, 2020 | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. | ||
| CVE-2020-11526 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 15, 2020 | libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. | ||
| CVE-2020-11525 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 15, 2020 | libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. | ||
| CVE-2020-11524 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 15, 2020 | libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | ||
| CVE-2020-11523 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 15, 2020 | libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. | ||
| CVE-2020-11522 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 15, 2020 | libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. | ||
| CVE-2020-11521 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | May 15, 2020 | libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | ||
| CVE-2018-1000852 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | Dec 20, 2018 | FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. | ||
| CVE-2018-8789 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). | ||
| CVE-2018-8788 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. | ||
| CVE-2018-8787 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8786 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8785 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8784 | — | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2017-2839 | Med | 5.9 | < 3.20.2-16.3.3 | 3.20.2-16.3.3 | Apr 24, 2018 | An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server |
- CVE-2020-11019May 29, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.
- CVE-2020-11018May 29, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.
- CVE-2020-11017May 29, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0.
- CVE-2020-13398May 22, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
- CVE-2020-13397May 22, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
- CVE-2020-13396May 22, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
- CVE-2020-11526May 15, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.
- CVE-2020-11525May 15, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
- CVE-2020-11524May 15, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
- CVE-2020-11523May 15, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.
- CVE-2020-11522May 15, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.
- CVE-2020-11521May 15, 2020affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
- CVE-2018-1000852Dec 20, 2018affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory..
- CVE-2018-8789Nov 29, 2018affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).
- CVE-2018-8788Nov 29, 2018affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
- CVE-2018-8787Nov 29, 2018affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
- CVE-2018-8786Nov 29, 2018affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
- CVE-2018-8785Nov 29, 2018affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8784Nov 29, 2018affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.
- affected < 3.20.2-16.3.3fixed 3.20.2-16.3.3
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server
Page 2 of 3