CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-8272
https://notcve.org/view.php?id=CVE-2019-8272
08 Mar 2019 — UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. UltraVNC, en su revisión 1211, tiene una vulnerabilidad de error por un paso en el código del servidor VNC, lo que podría resultar, potencialmente, en la ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2019-8269
https://notcve.org/view.php?id=CVE-2019-8269
08 Mar 2019 — UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207. UltraVNC, en su revisión 1206, tiene un desbordamiento de búfer basado en pila en el código del cliente VNC dentro del módulo "FileTransfer", lo cual conduce a una condición de denegación de servicio (DoS). Este ataque parece ser... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2019-8273
https://notcve.org/view.php?id=CVE-2019-8273
08 Mar 2019 — UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. UltraVNX, en su revisión 1211, tiene una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el código del servidor VNC dentro de un manipulador de peticiones de trasferencia de archivos, lo que podrí... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2019-8275
https://notcve.org/view.php?id=CVE-2019-8275
08 Mar 2019 — UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. UltraVNC, en su revisión 1211, tiene múltiples vulnerabilidades de terminación nulo en el código del servidor VNC, lo que podría resultar en un acceso de datos fuera de límites por parte de usuarios remotos. Este ataque parece s... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-170: Improper Null Termination •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2019-8276
https://notcve.org/view.php?id=CVE-2019-8276
08 Mar 2019 — UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. UltraVNC, en su revisión 1211, tiene una vulnerabilidad de desbordamiento de búfer basado en pila en el código del servidor VNC dentro del manipulador de peticiones de trasferencia de datos, lo que puede resultar en una denegació... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-8277
https://notcve.org/view.php?id=CVE-2019-8277
08 Mar 2019 — UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. La revisión 1211 de UltraVNC contiene múltiples fugas de memoria en el código del servidor VNC, un atacante podría leer la pil... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-8259
https://notcve.org/view.php?id=CVE-2019-8259
05 Mar 2019 — UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199. UltraVNC, en su revisión 1198, contiene múltiples fugas de memoria (CWE-655) en el código del cliente VNC, lo que permite que u... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-401: Missing Release of Memory after Effective Lifetime CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 6%CPEs: 4EXPL: 0CVE-2019-8262
https://notcve.org/view.php?id=CVE-2019-8262
05 Mar 2019 — UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204. UltraVNC, en su revisión 1203, tiene múltiples vulnerabilidades de desbordamiento de búfer de memoria dinámica (heap) en el código del cliente VNC dentro del decodificador Ultra, lo que resulta en la ejecución de código. Este ataque parece ser e... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-8260
https://notcve.org/view.php?id=CVE-2019-8260
05 Mar 2019 — UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. UltraVNC, en su revisión 1198, contiene una vulnerabilidad de lectura fuera de límites en el código del decodificador RRE del cliente VNC, provocado por el desbordamiento de multiplicaciones. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-15361
https://notcve.org/view.php?id=CVE-2018-15361
05 Mar 2019 — UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. UltraVNC, en su revisión 1198, tiene una vulnerabilidad de subdesbordamiento de búfer en el código del cliente VNC que podría conducir a la ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-124: Buffer Underwrite ('Buffer Underflow') CWE-787: Out-of-bounds Write •