Vulnerabilities > Freerdp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-07 | CVE-2020-11042 | Out-of-bounds Read vulnerability in multiple products In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. | 5.9 |
| 2019-10-04 | CVE-2019-17178 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. | 5.0 |
| 2019-10-04 | CVE-2019-17177 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. | 5.0 |
| 2018-12-20 | CVE-2018-1000852 | Out-of-bounds Read vulnerability in multiple products FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. | 6.5 |
| 2018-11-29 | CVE-2018-8789 | Out-of-bounds Read vulnerability in multiple products FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). | 5.0 |
| 2018-04-24 | CVE-2017-2839 | An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. | 4.3 |
| 2018-04-24 | CVE-2017-2838 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. | 4.3 |
| 2018-04-24 | CVE-2017-2837 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. | 4.3 |
| 2018-04-24 | CVE-2017-2836 | Improper Certificate Validation vulnerability in multiple products An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. | 4.3 |
| 2018-04-24 | CVE-2017-2835 | Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. | 6.8 |