Cpe Name:
cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2020-11526 |
125 |
|
|
2020-05-15 |
2022-04-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. |
2 |
CVE-2020-11525 |
125 |
|
|
2020-05-15 |
2020-08-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. |
3 |
CVE-2020-11524 |
787 |
|
|
2020-05-15 |
2020-07-27 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. |
4 |
CVE-2020-11523 |
190 |
|
Overflow |
2020-05-15 |
2020-08-30 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. |
5 |
CVE-2020-11522 |
125 |
|
|
2020-05-15 |
2020-08-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. |
6 |
CVE-2020-11521 |
125 |
|
|
2020-05-15 |
2022-04-26 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. |
7 |
CVE-2019-17177 |
772 |
|
|
2019-10-04 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. |
8 |
CVE-2018-1000852 |
125 |
|
|
2018-12-20 |
2020-08-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3. |
9 |
CVE-2018-8789 |
125 |
|
DoS |
2018-11-29 |
2019-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). |
10 |
CVE-2018-8788 |
787 |
|
Exec Code Mem. Corr. |
2018-11-29 |
2019-06-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. |
11 |
CVE-2018-8787 |
787 |
|
Exec Code Overflow Mem. Corr. |
2018-11-29 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. |
12 |
CVE-2018-8786 |
787 |
|
Exec Code Overflow Mem. Corr. |
2018-11-29 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. |
13 |
CVE-2018-8785 |
787 |
|
Exec Code Overflow Mem. Corr. |
2018-11-29 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. |
14 |
CVE-2018-8784 |
787 |
|
Exec Code Overflow Mem. Corr. |
2018-11-29 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. |
Total number of vulnerabilities :
14
Page :
1
(This Page)