Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-24882: Release Release 2.7.0 · FreeRDP/FreeRDP

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.

CVE
Open in Source
#vulnerability#web#git#perl#auth

Compare

Choose a tag to compare

Latest

Latest

@akallabeth akallabeth released this

· 1625 commits to master since this release

2.7.0

40ee5d3

Compare

Choose a tag to compare

Noteworthy changes:

  • Backported OpenSSL3 gateway support (#7822)
  • Backported various NTLM fixes
  • Backported WINPR_ASSERT to ease future backports

Fixed issues:

  • Backported #6786: Use /network:auto by default
  • Backported #7714: Workaround for broken surface frame marker
  • Backported #7733: Support 10bit X11 color (BGRX32 only)
  • Backported #7745: GFX progressive double free
  • Backported #7808: Disable websockets with /gt:rpc
  • Backported #7815: RAIL expect LOGON_MSG_SESSION_CONTINUE

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE