FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 04:12:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
dd271de6-b444-11ed-9268-b42e991fc52e	freerdp -- clients using the `/video` command line switch might read uninitialized data MITRE reports: All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. Discovery 2022-10-13 Entry 2023-02-24 freerdp < 2.8.1 CVE-2022-39283 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh
1f0421b1-8398-11ed-973d-002b67dfc673	freerdp -- multiple vulnerabilities FreeRDP reports: GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder. GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder. GHSA-387j-8j96-7q35: Division by zero in urbdrc channel. GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel. GHSA-qfq2-82qr-7f4j: Heap buffer overflow in urbdrc channel. GHSA-c5xq-8v35-pffg: Missing path sanitation with `drive` channel. GHSA-pmv3-wpw4-pw5h: Missing input length validation in `drive` channel. Discovery 2022-12-24 Entry 2022-12-24 freerdp < 2.9.0 CVE-2022-39316 https://nvd.nist.gov/vuln/detail/CVE-2022-39316 CVE-2022-39317 https://nvd.nist.gov/vuln/detail/CVE-2022-39317 CVE-2022-39318 https://nvd.nist.gov/vuln/detail/CVE-2022-39318 CVE-2022-39319 https://nvd.nist.gov/vuln/detail/CVE-2022-39319 CVE-2022-39320 https://nvd.nist.gov/vuln/detail/CVE-2022-39320 CVE-2022-39347 https://nvd.nist.gov/vuln/detail/CVE-2022-39347 CVE-2022-41877 https://nvd.nist.gov/vuln/detail/CVE-2022-41877
c682923d-b444-11ed-9268-b42e991fc52e	freerdp -- clients using `/parallel` command line switch might read uninitialized data MITRE reports: FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Discovery 2022-10-13 Entry 2023-02-24 freerdp < 2.8.1 CVE-2022-39282 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq

VuXML ID

Description

dd271de6-b444-11ed-9268-b42e991fc52e

freerdp -- clients using the `/video` command line switch might read uninitialized data

MITRE reports:

All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected.

Discovery 2022-10-13
Entry 2023-02-24
freerdp

< 2.8.1

CVE-2022-39283
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh

1f0421b1-8398-11ed-973d-002b67dfc673

freerdp -- multiple vulnerabilities

FreeRDP reports:

GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder.

GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder.

GHSA-387j-8j96-7q35: Division by zero in urbdrc channel.

GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel.

GHSA-qfq2-82qr-7f4j: Heap buffer overflow in urbdrc channel.

GHSA-c5xq-8v35-pffg: Missing path sanitation with `drive` channel.

GHSA-pmv3-wpw4-pw5h: Missing input length validation in `drive` channel.

Discovery 2022-12-24
Entry 2022-12-24
freerdp

< 2.9.0

CVE-2022-39316
https://nvd.nist.gov/vuln/detail/CVE-2022-39316
CVE-2022-39317
https://nvd.nist.gov/vuln/detail/CVE-2022-39317
CVE-2022-39318
https://nvd.nist.gov/vuln/detail/CVE-2022-39318
CVE-2022-39319
https://nvd.nist.gov/vuln/detail/CVE-2022-39319
CVE-2022-39320
https://nvd.nist.gov/vuln/detail/CVE-2022-39320
CVE-2022-39347
https://nvd.nist.gov/vuln/detail/CVE-2022-39347
CVE-2022-41877
https://nvd.nist.gov/vuln/detail/CVE-2022-41877

c682923d-b444-11ed-9268-b42e991fc52e

freerdp -- clients using `/parallel` command line switch might read uninitialized data

MITRE reports:

FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected.

Discovery 2022-10-13
Entry 2023-02-24
freerdp

< 2.8.1

CVE-2022-39282
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq