CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-13033
https://notcve.org/view.php?id=CVE-2019-13033
18 Jun 2020 — In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans. En CISOfy Lynis versiones 2.x hasta 2.7.5, la clave de licencia puede ser obtenida mediante la búsqueda de la lista de procesos cuando se lleva cabo una carga de datos. Esta licencia pued... • https://cisofy.com/security/cve/cve-2019-13033 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-14396 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14396
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncclient/tls_openssl.c presenta una desreferencia del puntero NULL Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It ... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 22EXPL: 0CVE-2020-14397 – libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-14397
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/rfbregion.c presenta una desreferencia del puntero NULL Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It was ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2020-14398 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14398
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Una conexión TCP cerrada inapropiadamente causa un bucle infinito en la biblioteca libvncclient/sockets.c Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2020-14399
https://notcve.org/view.php?id=CVE-2020-14399
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed. **EN DISPUTA** Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Los datos Byte-aligned son accedidos por medio de punteros uint32_t en la biblioteca libvncclient/rfbproto.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2020-14400 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14400
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary ** EN DISPUTA ** Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Los datos Byte-aligned son accedidos por medio de punteros uint16_t en la biblioteca libvncserver/translate.c. NOTA: Los terceros no consideran que se ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html •
CVSS: 6.5EPSS: 1%CPEs: 17EXPL: 0CVE-2020-14401 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14401
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/scale.c presenta un desbordamiento de enteros en la función pixel_value Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitra... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-14402 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14402
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/corre.c permite un acceso fuera de límites por medio de codificaciones Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute a... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14403 – Ubuntu Security Notice USN-4573-1
https://notcve.org/view.php?id=CVE-2020-14403
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/hextile.c permite un acceso fuera de límites por medio de codificaciones Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorr... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-14404 – Ubuntu Security Notice USN-4573-1
https://notcve.org/view.php?id=CVE-2020-14404
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/rre.c permite un acceso fuera de límites por medio de codificaciones Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly ha... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •