CVE-2020-11041

LOW Year: 2020
CVSS v3 Score
2.7
Low
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-129
View all →

Vulnerability Description

In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.

Related Vulnerabilities

CVE-2021-35005

LOW
CVSS:3.3(Low)

This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the tar...

CWE-1292021

CVE-2022-47346

MEDIUM
CVSS:4.0(Medium)

In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.

CWE-1292022

CVE-2022-47348

MEDIUM
CVSS:4.0(Medium)

In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.

CWE-1292022

CVE-2022-31745

MEDIUM
CVSS:4.3(Medium)

If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101.

CWE-1292022

CVE-2024-34047

MEDIUM
CVSS:4.3(Medium)

O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler.

CWE-1292024

CVE-2016-7170

MEDIUM
CVSS:4.4(Medium)

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via ...

CWE-1292016