3 results (0.006 seconds)

CVSS: 7.8EPSS: 19%CPEs: 1EXPL: 2

Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference. Chicken of the VNC (cotv) 2.0 permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) mediante un valor de tamaño de nombre muy grande en un paquete ServerInit, lo cual dispara un malloc fallido y la referencia a NULL resultante. • https://www.exploit-db.com/exploits/3257 http://osvdb.org/33637 http://securityreason.com/securityalert/2220 http://www.securityfocus.com/archive/1/458907/100/0/threaded http://www.securityfocus.com/archive/1/466966/100/0/threaded http://www.securityfocus.com/bid/22372 https://exchange.xforce.ibmcloud.com/vulnerabilities/32166 •

CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 7

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. RealVNC 4.1.1 y otros productos que usan RealVNC tales como AdderLink IP y Cisco CallManager, permite a atacantes remotos eludir autenticación a través de una petición en la que el cliente especifica un tipo de seguridad insegura como "Type 1 - None", que es aceptada incluso si no es ofrecida por el servidor, como se demuestra originalmente usando una contraseña larga. Detect VNC servers that support the "None" authentication method. • https://www.exploit-db.com/exploits/1791 https://www.exploit-db.com/exploits/1794 https://www.exploit-db.com/exploits/36932 https://www.exploit-db.com/exploits/17719 http://marc.info/?l=full-disclosure&m=114768344111131&w=2 http://marc.info/?l=vnc-list&m=114755444130188&w=2 http://seclists.org/fulldisclosure/2022/May/29 http://secunia.com/advisories/20107 http://secunia.com/advisories/20109 http://secunia.com/advisories/20789 http://securityreason.com/securityalert • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2

RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900. • http://marc.info/?l=bugtraq&m=109346198700529&w=2 http://secunia.com/advisories/13143 http://www.securityfocus.com/bid/11048 https://exchange.xforce.ibmcloud.com/vulnerabilities/17123 •