CVE-2020-11038

MEDIUM Year: 2020
CVSS v3 Score
5.4
Medium
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-680
View all →

Vulnerability Description

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.

Related Vulnerabilities

CVE-2022-29030

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_...

CWE-6802022

CVE-2023-22305

MEDIUM
CVSS:5.5(Medium)

Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.

CWE-6802023

CVE-2023-22443

MEDIUM
CVSS:5.5(Medium)

Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access.

CWE-6802023

CVE-2024-55626

MEDIUM
CVSS:5.5(Medium)

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead t...

CWE-6802024

CVE-2024-56451

MEDIUM
CVSS:5.5(Medium)

Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

CWE-6802024

CVE-2024-28219

MEDIUM
CVSS:6.7(Medium)

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

CWE-6802024