CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2019-8269
https://notcve.org/view.php?id=CVE-2019-8269
08 Mar 2019 — UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207. UltraVNC, en su revisión 1206, tiene un desbordamiento de búfer basado en pila en el código del cliente VNC dentro del módulo "FileTransfer", lo cual conduce a una condición de denegación de servicio (DoS). Este ataque parece ser... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-8277
https://notcve.org/view.php?id=CVE-2019-8277
08 Mar 2019 — UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. La revisión 1211 de UltraVNC contiene múltiples fugas de memoria en el código del servidor VNC, un atacante podría leer la pil... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8267
https://notcve.org/view.php?id=CVE-2019-8267
08 Mar 2019 — UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208. UltraVNC, en su revisión 1207, tiene una vulnerabilidad de lectura fuera de límites en el código VNC del cliente dentro del módulo "TextChat", lo que resulta en una condición de denegación de servicio (DoS). Este ataque parece ser explotab... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2019-8275
https://notcve.org/view.php?id=CVE-2019-8275
08 Mar 2019 — UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. UltraVNC, en su revisión 1211, tiene múltiples vulnerabilidades de terminación nulo en el código del servidor VNC, lo que podría resultar en un acceso de datos fuera de límites por parte de usuarios remotos. Este ataque parece s... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-170: Improper Null Termination •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-8280
https://notcve.org/view.php?id=CVE-2019-8280
08 Mar 2019 — UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. UltraVNC, en su revisión 1203, tiene una vulnerabilidad de acceso fuera de límites en el cliente VNC dentro del decodificador RAW, lo que podría conducir a una ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-8265
https://notcve.org/view.php?id=CVE-2019-8265
08 Mar 2019 — UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208. UltraVNC, en su revisión 1207, tiene múltiples vulnerabilidades de acceso fuera de límites conectadas al uso incorrecto del macro SETPIXELS en el código VNC del cliente, lo que podría, potencialmente, c... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2019-8258
https://notcve.org/view.php?id=CVE-2019-8258
05 Mar 2019 — UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. UltraVNC, en su revisión 1198, tiene una vulnerabilidad de desbordamiento de búfer de memoria dinámica (heap) en el código del cliente VNC, lo que resulta en la ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-8261
https://notcve.org/view.php?id=CVE-2019-8261
05 Mar 2019 — UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. UltraVNC, en su revisión 1199, contiene una vulnerabilidad de lectura fuera de límites en el código VNC dentro del decodificador del cliente CoRRE, provocado por el desbordamiento de multiplicaciones. Este ataque parece ser explotable mediante la conectivida... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-15361
https://notcve.org/view.php?id=CVE-2018-15361
05 Mar 2019 — UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. UltraVNC, en su revisión 1198, tiene una vulnerabilidad de subdesbordamiento de búfer en el código del cliente VNC que podría conducir a la ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-124: Buffer Underwrite ('Buffer Underflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-8259
https://notcve.org/view.php?id=CVE-2019-8259
05 Mar 2019 — UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199. UltraVNC, en su revisión 1198, contiene múltiples fugas de memoria (CWE-655) en el código del cliente VNC, lo que permite que u... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-401: Missing Release of Memory after Effective Lifetime CWE-665: Improper Initialization •