CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-13033
https://notcve.org/view.php?id=CVE-2019-13033
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans. En CISOfy Lynis versiones 2.x hasta 2.7.5, la clave de licencia puede ser obtenida mediante la búsqueda de la lista de procesos cuando se lleva cabo una carga de datos. Esta licencia puede ser usada para cargar datos en un servidor central de Lynis. • https://cisofy.com/security/cve/cve-2019-13033 https://lists.debian.org/debian-lts-announce/2020/06/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDCHEKNR3HPJRNHE5PYKFH5GNBADTPA7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBFHIX6RTHCK37FXMAAXP4KGAMLUFDUD • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14396
https://notcve.org/view.php?id=CVE-2020-14396
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncclient/tls_openssl.c presenta una desreferencia del puntero NULL • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553 https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://usn.ubuntu.com/4434-1 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2020-14397 – libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-14397
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/rfbregion.c presenta una desreferencia del puntero NULL • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0 https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://lists.debian.org/debian-lts-announce/2020&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-14398
https://notcve.org/view.php?id=CVE-2020-14398
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Una conexión TCP cerrada inapropiadamente causa un bucle infinito en la biblioteca libvncclient/sockets.c • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://usn.ubuntu.com/4434-1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2020-14399
https://notcve.org/view.php?id=CVE-2020-14399
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed. **EN DISPUTA** Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Los datos Byte-aligned son accedidos por medio de punteros uint32_t en la biblioteca libvncclient/rfbproto.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://bugzilla.redhat.com/show_bug.cgi?id=1860354 https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://lists.debian.org/debian-lts-announce/2020/06/msg000 •