FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-18 21:55:04 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a955cdb7-d089-11ea-8c6f-080027eedc6aFreeRDP -- Integer overflow in RDPEGFX channel

Bernhard Miklautz reports:

  • Integer overflow due to missing input sanitation in rdpegfx channel
  • All FreeRDP clients are affected
  • The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a memcpy)

Discovery 2020-06-25
Entry 2020-07-28
freerdp
< 2.2.0

https://www.freerdp.com/2020/07/20/2_2_0-released
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15103
CVE-2020-15103
669f3fe8-a07a-11ea-b83e-f0def1f5c5a2FreeRDP -- multiple vulnerabilities

The FreeRDP changelog reports 14 CVEs addressed after 2.0.0-rc4


Discovery 2020-04-10
Entry 2020-05-28
freerdp
< 2.1.1

https://github.com/FreeRDP/FreeRDP/blob/2.1.1/ChangeLog
CVE-2020-11521
CVE-2020-11522
CVE-2020-11523
CVE-2020-11524
CVE-2020-11525
CVE-2020-11526
CVE-2020-11039
CVE-2020-11038
CVE-2020-11043
CVE-2020-11040
CVE-2020-11041
CVE-2020-11019
CVE-2020-11017
CVE-2020-11018