CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7392 – tigervnc: SSecurityVeNCrypt memory leak
https://notcve.org/view.php?id=CVE-2017-7392
In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. En TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), un cliente no autenticado puede provocar una pequeña fuga de memoria en el servidor. A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. • http://www.securityfocus.com/bid/97305 https://access.redhat.com/errata/RHSA-2017:2000 https://github.com/TigerVNC/tigervnc/pull/441 https://security.gentoo.org/glsa/201801-13 https://access.redhat.com/security/cve/CVE-2017-7392 https://bugzilla.redhat.com/show_bug.cgi?id=1438694 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7393 – tigervnc: Double free via crafted fences
https://notcve.org/view.php?id=CVE-2017-7393
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. En TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), un cliente autenticado puede provocar una liberación doble, conduciendo a denegación de servicio o potencialmente ejecución de código. A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service. • http://www.securityfocus.com/bid/97305 https://access.redhat.com/errata/RHSA-2017:2000 https://github.com/TigerVNC/tigervnc/pull/438 https://security.gentoo.org/glsa/201801-13 https://access.redhat.com/security/cve/CVE-2017-7393 https://bugzilla.redhat.com/show_bug.cgi?id=1438697 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7394 – tigervnc: Server crash via long usernames
https://notcve.org/view.php?id=CVE-2017-7394
In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. En TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), usuarios no autenticados pueden bloquear el servidor enviando nombres de usuario largos. A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service. • http://www.securityfocus.com/bid/97305 https://access.redhat.com/errata/RHSA-2017:2000 https://github.com/TigerVNC/tigervnc/pull/440 https://security.gentoo.org/glsa/201801-13 https://access.redhat.com/security/cve/CVE-2017-7394 https://bugzilla.redhat.com/show_bug.cgi?id=1438700 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7395 – tigervnc: Integer overflow in SMsgReader::readClientCutText
https://notcve.org/view.php?id=CVE-2017-7395
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. En TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), provocando un desbordamiento de entero, un cliente autenticado puede bloquear el servidor. An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service. • http://www.securityfocus.com/bid/97305 https://access.redhat.com/errata/RHSA-2017:2000 https://github.com/TigerVNC/tigervnc/pull/436 https://github.com/TigerVNC/tigervnc/pull/436/commits/bf3bdac082978ca32895a4b6a123016094905689 https://security.gentoo.org/glsa/201801-13 https://access.redhat.com/security/cve/CVE-2017-7395 https://bugzilla.redhat.com/show_bug.cgi?id=1438701 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7396 – tigervnc: SecurityServer and ClientServer memory leaks
https://notcve.org/view.php?id=CVE-2017-7396
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. En TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), un cliente no autenticado puede provocar una fuga pequeña fuga de memoria en el servidor. A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. • http://www.securityfocus.com/bid/97305 https://access.redhat.com/errata/RHSA-2017:2000 https://github.com/TigerVNC/tigervnc/pull/436 https://github.com/TigerVNC/tigervnc/pull/436/commits/dccb5f7d776e93863ae10bbff56a45c523c6eeb0 https://security.gentoo.org/glsa/201801-13 https://access.redhat.com/security/cve/CVE-2017-7396 https://bugzilla.redhat.com/show_bug.cgi?id=1438703 • CWE-772: Missing Release of Resource after Effective Lifetime •