Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:132280
[Eng]
Version
3
Class
patch
ALTXid
325795
Language
Russian
Severity
Medium
Title
Обновление USN-4379-1 -- уязвимости FreeRDP
Description
Several security issues were fixed in FreeRDP.
Family
unix
Platform
Linux Mint 19.x
Ubuntu 18.04
Ubuntu 19.10
Ubuntu 20.04
Product
freerdp2
Reference
VENDOR: USN-4379-1
VENDOR: USN-4379-1
Id:
USN-4379-1
Reference:
https://usn.ubuntu.com/4379-1/
CVE: CVE-2018-1000852
CVE: CVE-2018-1000852
Id:
CVE-2018-1000852
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000852
Comment
: FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
RHSA-2019:2157 (REDHAT)
https://github.com/FreeRDP/FreeRDP/issues/4866 (MISC)
https://github.com/FreeRDP/FreeRDP/pull/4871 (MISC)
https://github.com/FreeRDP/FreeRDP/pull/4871/commits/baee520e3dd9be6511c45a14c5f5e77784de1471 (MISC)
FEDORA-2019-b2d986c3e9 (FEDORA)
CVE: CVE-2019-17177
CVE: CVE-2019-17177
Id:
CVE-2019-17177
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17177
Comment
: libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
https://github.com/FreeRDP/FreeRDP/issues/5645 (MISC)
openSUSE-SU-2019:2604 (SUSE)
openSUSE-SU-2019:2608 (SUSE)
GLSA-202005-07 (GENTOO)
USN-4379-1 (UBUNTU)
https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a (MISC)
CVE: CVE-2020-11042
CVE: CVE-2020-11042
Id:
CVE-2020-11042
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11042
Comment
: In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.
CVSSv2 Score:
4.9
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:P/I:N/A:P
CVSSv3 Score:
5.9
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q (CONFIRM)
https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f (MISC)
https://github.com/FreeRDP/FreeRDP/issues/6010 (MISC)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (MLIST)
CVE: CVE-2020-11044
CVE: CVE-2020-11044
Id:
CVE-2020-11044
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11044
Comment
: In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.
CVSSv2 Score:
3.5
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3 Score:
2.2
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CWE:
415 (Double Free)
References:
https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8 (MISC)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w (CONFIRM)
https://github.com/FreeRDP/FreeRDP/issues/6013 (MISC)
USN-4379-1 (UBUNTU)
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (MLIST)
CVE: CVE-2020-11045
CVE: CVE-2020-11045
Id:
CVE-2020-11045
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11045
Comment
: In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.
CVSSv2 Score:
4.9
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:P/I:N/A:P
CVSSv3 Score:
3.3
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 (MISC)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 (CONFIRM)
https://github.com/FreeRDP/FreeRDP/issues/6005 (MISC)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (MLIST)
CVE: CVE-2020-11046
CVE: CVE-2020-11046
Id:
CVE-2020-11046
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11046
Comment
: In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.
CVSSv2 Score:
3.5
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3 Score:
2.2
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q (CONFIRM)
https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 (MISC)
https://github.com/FreeRDP/FreeRDP/issues/6006 (MISC)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (MLIST)
CVE: CVE-2020-11047
CVE: CVE-2020-11047
Id:
CVE-2020-11047
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11047
Comment
: In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.
CVSSv2 Score:
4.9
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:P/I:N/A:P
CVSSv3 Score:
5.9
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/FreeRDP/FreeRDP/issues/6009 (MISC)
https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65 (MISC)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw (CONFIRM)
USN-4379-1 (UBUNTU)
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (MLIST)
CVE: CVE-2020-11048
CVE: CVE-2020-11048
Id:
CVE-2020-11048
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11048
Comment
: In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.
CVSSv2 Score:
3.5
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3 Score:
2.2
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/FreeRDP/FreeRDP/issues/6007 (MISC)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv (CONFIRM)
https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b (MISC)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (MLIST)
CVE: CVE-2020-11049
CVE: CVE-2020-11049
Id:
CVE-2020-11049
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11049
Comment
: In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.
CVSSv2 Score:
3.5
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3 Score:
2.2
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/FreeRDP/FreeRDP/issues/6008 (MISC)
https://github.com/FreeRDP/FreeRDP/commit/c367f65d42e0d2e1ca248998175180aa9c2eacd0 (MISC)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr (CONFIRM)
https://github.com/FreeRDP/FreeRDP/pull/6019 (MISC)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (MLIST)
CVE: CVE-2020-11058
CVE: CVE-2020-11058
Id:
CVE-2020-11058
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11058
Comment
: In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.
CVSSv2 Score:
3.5
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3 Score:
2.2
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf (MISC)
https://github.com/FreeRDP/FreeRDP/issues/6011 (MISC)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g (CONFIRM)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (MLIST)
CVE: CVE-2020-11521
CVE: CVE-2020-11521
Id:
CVE-2020-11521
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11521
Comment
: libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
CVSSv2 Score:
6
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSSv3 Score:
6.6
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/FreeRDP/FreeRDP/commits/master (MISC)
https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf (CONFIRM)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w (CONFIRM)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
openSUSE-SU-2020:1090 (SUSE)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
CVE: CVE-2020-11522
CVE: CVE-2020-11522
Id:
CVE-2020-11522
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11522
Comment
: libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/FreeRDP/FreeRDP/commits/master (MISC)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh (CONFIRM)
https://pub.freerdp.com/cve/CVE-2020-11522/pocAnalysis_5.pdf (CONFIRM)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
openSUSE-SU-2020:1090 (SUSE)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
CVE: CVE-2020-11523
CVE: CVE-2020-11523
Id:
CVE-2020-11523
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11523
Comment
: libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.
CVSSv2 Score:
6
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSSv3 Score:
6.6
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://github.com/FreeRDP/FreeRDP/commits/master (MISC)
https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf (CONFIRM)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42 (CONFIRM)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
openSUSE-SU-2020:1090 (SUSE)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
CVE: CVE-2020-11524
CVE: CVE-2020-11524
Id:
CVE-2020-11524
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11524
Comment
: libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
CVSSv2 Score:
6
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSSv3 Score:
6.6
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://github.com/FreeRDP/FreeRDP/commits/master (MISC)
https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf (CONFIRM)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw (CONFIRM)
USN-4379-1 (UBUNTU)
openSUSE-SU-2020:1090 (SUSE)
CVE: CVE-2020-11525
CVE: CVE-2020-11525
Id:
CVE-2020-11525
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11525
Comment
: libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
CVSSv2 Score:
3.5
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3 Score:
2.2
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/FreeRDP/FreeRDP/commits/master (MISC)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg (CONFIRM)
https://pub.freerdp.com/cve/CVE-2020-11525/pocAnalysis_1.pdf (CONFIRM)
https://github.com/FreeRDP/FreeRDP/pull/6019/commits/58dc36b3c883fd460199cedb6d30e58eba58298c (CONFIRM)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
openSUSE-SU-2020:1090 (SUSE)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
CVE: CVE-2020-11526
CVE: CVE-2020-11526
Id:
CVE-2020-11526
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11526
Comment
: libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.
CVSSv2 Score:
3.5
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3 Score:
2.2
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/FreeRDP/FreeRDP/commits/master (MISC)
https://pub.freerdp.com/cve/CVE-2020-11526/pocAnalysis_4.pdf (CONFIRM)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 (CONFIRM)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
openSUSE-SU-2020:1090 (SUSE)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
CVE: CVE-2020-13396
CVE: CVE-2020-13396
Id:
CVE-2020-13396
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13396
Comment
: An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
CVSSv2 Score:
5.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:P
CVSSv3 Score:
7.1
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 (MISC)
https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 (MISC)
https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc (MISC)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
openSUSE-SU-2020:1090 (SUSE)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (MLIST)
CVE: CVE-2020-13397
CVE: CVE-2020-13397
Id:
CVE-2020-13397
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13397
Comment
: An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 (MISC)
https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 (MISC)
https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 (MISC)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
openSUSE-SU-2020:1090 (SUSE)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (MLIST)
CVE: CVE-2020-13398
CVE: CVE-2020-13398
Id:
CVE-2020-13398
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13398
Comment
: An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
CVSSv2 Score:
6.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3 Score:
8.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CWE:
787 (Out-of-bounds Write)
References:
https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 (MISC)
https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 (MISC)
https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea (MISC)
USN-4379-1 (UBUNTU)
USN-4382-1 (UBUNTU)
openSUSE-SU-2020:1090 (SUSE)
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update (MLIST)
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (MLIST)
Content available only for registered users!
ovaldb@altx-soft.com