CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-8287
https://notcve.org/view.php?id=CVE-2019-8287
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. El código de TightVNC versión 1.3.10, contiene un desbordamiento del búfer global en la función macro HandleCoRREBBP, que puede resultar potencialmente en una ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08 https://www.openwall.com/lists/oss-security/2018/12/10/5 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 89%CPEs: 3EXPL: 4CVE-2009-0388 – TightVNC - Authentication Failure Integer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0388
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp. Errores múltiples de signo de entero en (1) UltraVNC v1.0.2 y v1.0.5 y (2) TightVnc v1.3.9 permiten a atacantes remotos provocar una denegación de servicio (corrupción de la cabecera y caída de la aplicación) o posiblemente ejecutar codigo de su elección mediante un valor de gran longitud en un mensaje, en relación con las funciones (a) ClientConnection::CheckBufferSize y (b) ClientConnection::CheckFileZipBufferSize en ClientConnection.cpp. • https://www.exploit-db.com/exploits/8024 https://www.exploit-db.com/exploits/7990 http://forum.ultravnc.info/viewtopic.php?t=14654 http://secunia.com/advisories/33807 http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564 http://www.coresecurity.com/content/vnc-integer-overflows http://www.securityfocus.com/archive/1/500632/100/0/threaded http://www.securityfocus.com/bid/33568 http://www.vupen.com/english/advisories/2009/0321 http://www.vupen.com/ • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2002-1511
https://notcve.org/view.php?id=CVE-2002-1511
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. • http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 http://security.gentoo.org/glsa/glsa-200302-15.xml http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161 http://www.iss.net/security_center/static/11384.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 http://www.redhat.com/support/errata/RHSA-2003-041.html http://www.redhat.com/support/errata/RHSA •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1848
https://notcve.org/view.php?id=CVE-2002-1848
TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords. • http://www.securityfocus.com/bid/4835 http://www.tightvnc.com/changelog-win32.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2002-1336
https://notcve.org/view.php?id=CVE-2002-1336
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. TightVNC anterior a 1.2.6 genera la misma cadena de desafío a múltiples conexiones, lo que permite a atacantes remotos evitar la autenticación VNC espiando el desafio y la respuesta de otros usuarios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 http://marc.info/?l=bugtraq&m=102753170201524&w=2 http://marc.info/?l=bugtraq&m=102769183913594&w=2 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 http://www.redhat.com/support/errata/RHSA-2002-287.html http://www.redhat.com/support/errata/RHSA-2003-041.html http://www.securityfocus.com/bid/5296 http://www.tightvnc.com/WhatsNew.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/5992 •