Search CVE reports
41 – 50 of 93 results
CVE-2021-41160
Medium prioritySome fixes available 10 of 12
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or...
2 affected packages
freerdp, freerdp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
freerdp | — | — | — | Needs evaluation | Needs evaluation |
freerdp2 | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2021-41159
Medium prioritySome fixes available 10 of 12
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious...
2 affected packages
freerdp, freerdp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
freerdp | — | — | — | Needs evaluation | Needs evaluation |
freerdp2 | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2021-37595
Low priorityIn FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU.
1 affected package
freerdp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
freerdp2 | — | Not affected | Not affected | Not affected | Ignored |
CVE-2021-37594
Low priorityIn FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU.
1 affected package
freerdp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
freerdp2 | — | Not affected | Not affected | Not affected | Ignored |
CVE-2020-15103
Medium prioritySome fixes available 2 of 4
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface...
2 affected packages
freerdp, freerdp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
freerdp | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
freerdp2 | Not affected | Not affected | Fixed | Fixed | Not in release |
CVE-2020-4033
Low prioritySome fixes available 2 of 5
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.
2 affected packages
freerdp, freerdp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
freerdp | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
freerdp2 | Not affected | Not affected | Fixed | Fixed | Not in release |
CVE-2020-4032
Medium prioritySome fixes available 2 of 3
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.
2 affected packages
freerdp, freerdp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
freerdp | — | — | Not in release | Not affected | Not affected |
freerdp2 | — | — | Fixed | Fixed | Not in release |
CVE-2020-4031
Medium prioritySome fixes available 2 of 3
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.
2 affected packages
freerdp, freerdp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
freerdp | — | — | Not in release | Not affected | Not affected |
freerdp2 | — | — | Fixed | Fixed | Not in release |
CVE-2020-4030
Medium prioritySome fixes available 2 of 5
In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.
2 affected packages
freerdp, freerdp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
freerdp | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
freerdp2 | Not affected | Not affected | Fixed | Fixed | Not in release |
CVE-2020-11099
Medium prioritySome fixes available 2 of 3
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.
2 affected packages
freerdp, freerdp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
freerdp | — | — | Not in release | Not affected | Not affected |
freerdp2 | — | — | Fixed | Fixed | Not in release |