CVSS: 6.5EPSS: 1%CPEs: 20EXPL: 0CVE-2020-14405 – libvncserver: libvncclient/rfbproto.c does not limit TextChat size
https://notcve.org/view.php?id=CVE-2020-14405
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncclient/rfbproto.c no limita el tamaño de TextChat Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It was discovered that ... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 3%CPEs: 22EXPL: 0CVE-2019-20839 – libvncserver: buffer overflow in ConnectClientToUnixSock()
https://notcve.org/view.php?id=CVE-2019-20839
17 Jun 2020 — libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. La biblioteca libvncclient/sockets.c en LibVNCServer versiones anteriores a 0.9.13, presenta un desbordamiento de búfer por medio de un nombre de archivo socket largo Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2019-20840 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2019-20840
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/ws_decode.c puede conllevar a un bloqueo debido a accesos no alineados en la función hybiReadAndDecode Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted s... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2018-21247 – libvncserver: uninitialized memory contents are vulnerable to Information Leak
https://notcve.org/view.php?id=CVE-2018-21247
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Se presenta una pérdida de memoria en la biblioteca libvncclient/rfbproto.c en la función ConnectToRFBRepeater LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Issues addressed include buffer overflow, denial... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-909: Missing Initialization of Resource •
CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 1CVE-2019-20788 – libvncserver: integer overflow and heap-based buffer overflow in libvncclient/cursor.c in HandleCursorShape function
https://notcve.org/view.php?id=CVE-2019-20788
23 Apr 2020 — libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. En la biblioteca libvncclient/cursor.c en LibVNCServer versiones hasta 0.9.12, tiene un desbordamiento de enteros en la función HandleCursorShape y un desbordamiento de búfer en la región heap de la memoria por medio de un valor de alto o ancho grande. A flaw was found in libvncserver in versions through 0.9.12.... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15690 – libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2019-15690
23 Mar 2020 — LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution. A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequentl... • https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2010-5304
https://notcve.org/view.php?id=CVE-2010-5304
05 Feb 2020 — A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. Se encontró un fallo de desreferencia del puntero NULL en la manera en que LibVNCServer versiones anteriores a 0.9.9 manejaba determinado mensaje de ClientCutText. Un atacante remoto podría utilizar este fallo para bloquear el servidor VNC mediante el envío de... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 4%CPEs: 20EXPL: 0CVE-2019-15681 – Ubuntu Security Notice USN-4547-1
https://notcve.org/view.php?id=CVE-2019-15681
29 Oct 2019 — LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. LibVNC en el commit anterior a d01e1bb4246323ba6fcee3b82ef1faa9... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 10%CPEs: 19EXPL: 1CVE-2018-20748 – Ubuntu Security Notice USN-3877-1
https://notcve.org/view.php?id=CVE-2018-20748
30 Jan 2019 — LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. LibVNC, en versiones anteriores a la 0.9.12, contiene múltiples vulnerabilidades de escritura fuera de límites en la memoria dinámica (heap) en libvncclient/rfbproto.c. La solución para CVE-2018-20019 era incompleta. Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 10%CPEs: 20EXPL: 1CVE-2018-20749 – Ubuntu Security Notice USN-4547-1
https://notcve.org/view.php?id=CVE-2018-20749
30 Jan 2019 — LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC, en versiones anteriores a la 0.9.12, contiene una vulnerabilidad de escritura fuera de límites en la memoria dinámica (heap) en libvncserver/rfbserver.c. La solución para CVE-2018-15127 era incompleta. It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. • http://www.securityfocus.com/bid/106825 • CWE-787: Out-of-bounds Write •