CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7392 – tigervnc: SSecurityVeNCrypt memory leak
https://notcve.org/view.php?id=CVE-2017-7392
01 Apr 2017 — In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. En TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), un cliente no autenticado puede provocar una pequeña fuga de memoria en el servidor. A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causin... • http://www.securityfocus.com/bid/97305 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-7393 – tigervnc: Double free via crafted fences
https://notcve.org/view.php?id=CVE-2017-7393
01 Apr 2017 — In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. En TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), un cliente autenticado puede provocar una liberación doble, conduciendo a denegación de servicio o potencialmente ejecución de código. A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to m... • http://www.securityfocus.com/bid/97305 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2017-7394 – tigervnc: Server crash via long usernames
https://notcve.org/view.php?id=CVE-2017-7394
01 Apr 2017 — In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. En TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), usuarios no autenticados pueden bloquear el servidor enviando nombres de usuario largos. A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial o... • http://www.securityfocus.com/bid/97305 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7395 – tigervnc: Integer overflow in SMsgReader::readClientCutText
https://notcve.org/view.php?id=CVE-2017-7395
01 Apr 2017 — In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. En TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), provocando un desbordamiento de entero, un cliente autenticado puede bloquear el servidor. An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages,... • http://www.securityfocus.com/bid/97305 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7396 – tigervnc: SecurityServer and ClientServer memory leaks
https://notcve.org/view.php?id=CVE-2017-7396
01 Apr 2017 — In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. En TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), un cliente no autenticado puede provocar una fuga pequeña fuga de memoria en el servidor. A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resource... • http://www.securityfocus.com/bid/97305 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 2CVE-2016-10207 – tigervnc: VNC server can crash when TLS handshake terminates early
https://notcve.org/view.php?id=CVE-2016-10207
28 Feb 2017 — The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. El servidor Xvnc en TigerVNC permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no válida y caída) terminando un apretón de manos TLS temprano. A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process earl... • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00020.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-5581 – tigervnc: Buffer overflow in ModifiablePixelBuffer::fillRect
https://notcve.org/view.php?id=CVE-2017-5581
21 Feb 2017 — Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries. Desbordamiento de búfer en la función ModifiablePixelBuffer::fillRect en TigerVNC en versiones anteriores a 1.7.1 permite a servidores remotos ejecutar código arbitrario a través de un mensaje RRE con un subrectangulo fuera de los límites del marco del búfer. A buffer overflow flaw, leading to memory corr... • http://rhn.redhat.com/errata/RHSA-2017-0630.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8241 – tigervnc: NULL pointer dereference flaw in XRegion
https://notcve.org/view.php?id=CVE-2014-8241
20 Nov 2015 — XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052. XRegion en TigerVNC permite a servidores VNC remotos provocar una denegación de servicio (referencia al puntero NULO) aprovechando un fallo en la comprobación de un valor de retorno malloc, un problema similar a CVE-2014-6052. A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could u... • http://seclists.org/oss-sec/2014/q4/278 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0011 – Gentoo Linux Security Advisory 201411-03
https://notcve.org/view.php?id=CVE-2014-0011
06 Nov 2014 — Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering. Múltiples desbordamientos de búfer en la región heap de la memoria en la función ZRLE_DECODE en el archivo common/rfb/zrleDecode.h en TigerVNC versiones anteriores a la versión 1.3.1, cuando NDEBUG está habilitado, ... • https://bugzilla.redhat.com/show_bug.cgi?id=1050928 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8240 – tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
https://notcve.org/view.php?id=CVE-2014-8240
16 Oct 2014 — Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051. Desbordamiento de enteros en TigerVNC permite a servidores remotos VNC causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores relacionados con el manejo de la pantalla, lo que provoca un desbordamiento de buffe... • http://seclists.org/oss-sec/2014/q4/278 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •