Page 3 of 13 results (0.004 seconds)

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204. UltraVNC, en su revisión 1203, tiene múltiples vulnerabilidades de desbordamiento de búfer de memoria dinámica (heap) en el código del cliente VNC dentro del decodificador Ultra, lo que resulta en la ejecución de código. Este ataque parece ser explotable mediante conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199. UltraVNC, en su revisión 1198, contiene múltiples fugas de memoria (CWE-655) en el código del cliente VNC, lo que permite que un atacante lea memoria de la pila y puede aprovecharse para divulgar información. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-665: Improper Initialization •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. UltraVNC, en su revisión 1198, tiene una vulnerabilidad de desbordamiento de búfer de memoria dinámica (heap) en el código del cliente VNC, lo que resulta en la ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •