CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-8261
https://notcve.org/view.php?id=CVE-2019-8261
05 Mar 2019 — UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. UltraVNC, en su revisión 1199, contiene una vulnerabilidad de lectura fuera de límites en el código VNC dentro del decodificador del cliente CoRRE, provocado por el desbordamiento de multiplicaciones. Este ataque parece ser explotable mediante la conectivida... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2019-8258
https://notcve.org/view.php?id=CVE-2019-8258
05 Mar 2019 — UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. UltraVNC, en su revisión 1198, tiene una vulnerabilidad de desbordamiento de búfer de memoria dinámica (heap) en el código del cliente VNC, lo que resulta en la ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2019-8263
https://notcve.org/view.php?id=CVE-2019-8263
05 Mar 2019 — UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206. UltraVNC, en su revisión 1205, tiene un desbordamiento de búfer basado en pila en el código del cliente VNC dentro de la rutina ShowConnInfo, lo cual conduce a una cond... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 48%CPEs: 3EXPL: 5CVE-2009-0388 – TightVNC - Authentication Failure Integer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0388
03 Feb 2009 — Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp. Errores múltiples de signo de entero en (1) UltraVNC v1.0.2 y v1.0.5 y (2) TightVnc v1.3.9 permiten a atacantes remot... • https://packetstorm.news/files/id/74789 • CWE-189: Numeric Errors •