Shodan
Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  Security Vulnerabilities
CVE-2020-4031
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.
CVSS Score
3.5
EPSS Score
0.003
Published
2020-06-22
CVE-2020-4032
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.
CVSS Score
3.1
EPSS Score
0.005
Published
2020-06-22
CVE-2020-4033
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.
CVSS Score
3.1
EPSS Score
0.002
Published
2020-06-22
CVE-2020-11096
In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.
CVSS Score
3.5
EPSS Score
0.002
Published
2020-06-22
CVE-2020-11097
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
CVSS Score
3.5
EPSS Score
0.001
Published
2020-06-22
CVE-2020-11098
In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.
CVSS Score
3.5
EPSS Score
0.002
Published
2020-06-22
CVE-2020-11099
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.
CVSS Score
3.5
EPSS Score
0.002
Published
2020-06-22
CVE-2020-11095
In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
CVSS Score
3.5
EPSS Score
0.002
Published
2020-06-22
CVE-2020-14954
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
CVSS Score
5.9
EPSS Score
0.058
Published
2020-06-21
CVE-2020-14929
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved