| CVE-2022-24883 |
AVG-2756 |
Unknown |
Yes |
Authentication bypass |
freerpd servers using authentication against a SAM file with an invalid path configured might accept invalid credentials |
| CVE-2022-24882 |
AVG-2756 |
Critical |
Yes |
Authentication bypass |
freerdp server with NTLM authentication does not properly abort on empty password |
| CVE-2021-41160 |
AVG-2488 |
Medium |
Yes |
Arbitrary code execution |
A security issue has been found in FreeRDP before version 2.4.1. A malicious server might trigger out of bound writes in a connected client. Connections... |
| CVE-2021-41159 |
AVG-2488 |
Medium |
Yes |
Arbitrary code execution |
A security issue has been found in FreeRDP before version 2.4.1. Improper client input validation for gateway connections (/gt:rpc) allows a malicious... |
| CVE-2021-37595 |
AVG-2227 |
Medium |
Yes |
Insufficient validation |
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE... |
| CVE-2021-37594 |
AVG-2227 |
Medium |
Yes |
Insufficient validation |
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE... |
| CVE-2020-15103 |
AVG-1209 |
Medium |
Yes |
Denial of service |
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The... |
| CVE-2020-13398 |
AVG-1172 |
High |
No |
Information disclosure |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. |
| CVE-2020-13397 |
AVG-1172 |
High |
No |
Information disclosure |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in... |
| CVE-2020-13396 |
AVG-1172 |
High |
No |
Information disclosure |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in... |
| CVE-2020-11526 |
AVG-1131 |
High |
Yes |
Information disclosure |
An out-of-bounds read issue has been found in FreeRDP before 2.0.0. |
| CVE-2020-11525 |
AVG-1131 |
High |
Yes |
Information disclosure |
An out-of-bounds read issue has been found in FreeRDP before 2.0.0. |
| CVE-2020-11524 |
AVG-1131 |
High |
Yes |
Arbitrary code execution |
An out-of-bounds write issue has been found in the RLEDECOMPRESS function of FreeRDP before 2.0.0. |
| CVE-2020-11523 |
AVG-1131 |
Low |
Yes |
Information disclosure |
An integer overflow issue has been found in FreeRDP before 2.0.0. |
| CVE-2020-11522 |
AVG-1131 |
Low |
Yes |
Information disclosure |
An out-of-bounds read has been found in the gdi_multi_opaque_rect function of FreeRDP before 2.0.0. |
| CVE-2020-11521 |
AVG-1131 |
Critical |
Yes |
Arbitrary code execution |
An out-of-bounds write has been found in FreeRDP before 2.0.0, in the planar_skip_plane_rle function. |
| CVE-2020-11099 |
AVG-1193 |
Low |
Yes |
Information disclosure |
An out-of-bounds read has been found in FreeRDP before 2.1.2, in license_read_new_or_upgrade_license_packet(). |
| CVE-2020-11098 |
AVG-1193 |
Low |
Yes |
Information disclosure |
An out-of-bounds read has been found in FreeRDP before 2.1.2, in glyph_cache_put. This issue only exists when glyph-cache is enabled, which is not the case... |
| CVE-2020-11097 |
AVG-1193 |
Low |
Yes |
Information disclosure |
An out-of-bounds read has been found in FreeRDP before 2.1.2, in ntlm_av_pair_get(). |
| CVE-2020-11096 |
AVG-1193 |
Low |
Yes |
Information disclosure |
An out-of-bounds read has been found in FreeRDP before 2.1.2, in update_read_cache_bitmap_v3_order(). |
| CVE-2020-11095 |
AVG-1193 |
Medium |
Yes |
Information disclosure |
A global out-of-bounds read has been found in FreeRDP before 2.1.2, in update_recv_primary_order. |
| CVE-2020-11049 |
AVG-1131 |
Low |
Yes |
Information disclosure |
An out-of-bounds read has been found in FreeRDP before 2.0.0. |
| CVE-2020-11048 |
AVG-1131 |
Low |
Yes |
Information disclosure |
An out-of-bounds read has been found in FreeRDP before 2.0.0. |
| CVE-2020-11047 |
AVG-1131 |
Medium |
Yes |
Information disclosure |
An information disclosure issue has been found in FreeRDP before 2.0.0. |
| CVE-2020-11046 |
AVG-1131 |
Low |
Yes |
Denial of service |
An out-of-bounds read has been found in FreeRDP before 2.0.0. |
| CVE-2020-11045 |
AVG-1131 |
Low |
Yes |
Information disclosure |
An out-of-bounds read has been found in FreeRDP before 2.0.0. |
| CVE-2020-11044 |
AVG-1131 |
Low |
Yes |
Denial of service |
A double-free issue has been found in FreeRDP before 2.0.0. |
| CVE-2020-11042 |
AVG-1131 |
High |
Yes |
Information disclosure |
An out-of-bounds read issue has been found in FreeRDP before 2.0.0, allowing an attacker to read a defined amount of client memory (32bit unsigned -> 4GB)... |
| CVE-2020-4033 |
AVG-1193 |
Low |
Yes |
Information disclosure |
An out-of-bounds read of up to 4 bytes has been found in FreeRDP before 2.1.2, affecting all FreeRDP based clients with sessions with color depth < 32. |
| CVE-2020-4032 |
AVG-1193 |
Low |
Yes |
Information disclosure |
An integer casting vulnerability leading to an out-of-bounds read has been found in FreeRDP before 2.1.2, in update_recv_secondary_order(), on clients with... |
| CVE-2020-4031 |
AVG-1193 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in FreeRDP before 2.1.2, in gdi_SelectObject(). Clients using compatibility mode enabled with... |
| CVE-2020-4030 |
AVG-1193 |
Medium |
Yes |
Information disclosure |
An out-of-bounds read has been found in FreeRDP before 2.1.2, where logging might bypass string length checks due to an integer overflow. |