CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-8269
https://notcve.org/view.php?id=CVE-2019-8269
UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207. UltraVNC, en su revisión 1206, tiene un desbordamiento de búfer basado en pila en el código del cliente VNC dentro del módulo "FileTransfer", lo cual conduce a una condición de denegación de servicio (DoS). Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-8268
https://notcve.org/view.php?id=CVE-2019-8268
UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207. UltraVNC, en su revisión 1206, tiene múltiples vulnerabilidades de error por un paso en el código del cliente VNC conectadas con el uso incorrecto de la función ClientConnection::ReadString, lo cual puede resultar, potencialmente, en la ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8267
https://notcve.org/view.php?id=CVE-2019-8267
UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208. UltraVNC, en su revisión 1207, tiene una vulnerabilidad de lectura fuera de límites en el código VNC del cliente dentro del módulo "TextChat", lo que resulta en una condición de denegación de servicio (DoS). Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-014-ultravnc-out-of-bounds-read https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8266
https://notcve.org/view.php?id=CVE-2019-8266
UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulnerabilities have been fixed in revision 1208. UltraVNC, en su revisión 1207, tiene múltiples vulnerabilidades de acceso fuera de límites conectadas al uso incorrecto de la función ClientConnection::Copybuffer en el código VNC del cliente, lo que podría resultar en una ejecución de código. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-013-ultravnc-access-of-memory-location-after-end-of-buffer https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8265
https://notcve.org/view.php?id=CVE-2019-8265
UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208. UltraVNC, en su revisión 1207, tiene múltiples vulnerabilidades de acceso fuera de límites conectadas al uso incorrecto del macro SETPIXELS en el código VNC del cliente, lo que podría, potencialmente, conducir a una ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-012-ultravnc-access-of-memory-location-after-end-of-buffer https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •