Categories
NVD NVD Nist GOV

NVD – CVE-2020-10741

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Hyperlink Resource
Categories
NVD NVD Nist GOV

NVD – CVE-2020-11057

Undergoing Analysis


This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary.

In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0.

Categories
NVD NVD Nist GOV

NVD – CVE-2020-11058

CVE-2020-11058 Detail

Current Description

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.

Source:  MITRE
View Analysis Description

Analysis Description

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.

Source:  MITRE

Severity

CVSS 3.x Severity and Metrics:

CVSS 2.0 Severity and Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Weakness Enumeration

CWE-ID CWE Name Source
CWE-125 Out-of-bounds Read NIST  
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer GitHub, Inc.  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

 cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
     Show Matching CPE(s)
From (excluding)
1.1.0
Up to (including)
2.0.0

Change History

1 change record found – show changes

Initial Analysis5/14/2020 10:05:05 AM

Action Type Old Value New Value
Added CPE Configuration
OR
     *cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:* versions from (excluding) 1.1.0 up to (including) 2.0.0
Added CVSS V2
NIST (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Added CVSS V3.1
NIST AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Added CWE
NIST CWE-125
Changed Reference Type
https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf No Types Assigned
https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf Patch, Third Party Advisory
Changed Reference Type
https://github.com/FreeRDP/FreeRDP/issues/6011 No Types Assigned
https://github.com/FreeRDP/FreeRDP/issues/6011 Third Party Advisory
Changed Reference Type
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g No Types Assigned
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g Patch, Third Party Advisory

Quick Info

CVE Dictionary Entry:
CVE-2020-11058
NVD Published Date:
05/12/2020
NVD Last Modified:
05/14/2020

Categories
NVD NVD Nist GOV

NVD – CVE-2020-11060

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-11062

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-11063

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-11064

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-11065

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-11070

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-11071

Undergoing Analysis


This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary.

SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user’s minting baton. This is fixed in version 0.27.2.