CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 1CVE-2018-7225 – libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c
https://notcve.org/view.php?id=CVE-2018-7225
19 Feb 2018 — An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. Se ha descubierto un problema en LibVNCServer hasta la versión 0.9.11. rfbProcessClientNormalMessage() en rfbserver.c no sanea msg.cct.length, lo que conduce a un acceso a datos no inicializados y potencialmen... • http://www.openwall.com/lists/oss-security/2018/02/18/1 • CWE-190: Integer Overflow or Wraparound CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9942 – Debian Security Advisory 3753-1
https://notcve.org/view.php?id=CVE-2016-9942
31 Dec 2016 — Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. Desbordamiento de búfer basado en memoria dinámica en ultra.c en LibVNCClient en LibVNCServer en versiones anteriores a 0.9.11 permite a servidores remotos prov... • http://www.debian.org/security/2017/dsa-3753 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9941 – Debian Security Advisory 3753-1
https://notcve.org/view.php?id=CVE-2016-9941
31 Dec 2016 — Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. Desbordamiento de búfer basado en memoria dinámica en rfbproto.c en LibVNCClient en LibVNCServer en versiones anteriores a 0.9.11 permite a servidores remotos provocar una denegación de servicio (caída de aplicación) ... • http://www.debian.org/security/2017/dsa-3753 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2014-6055 – libvncserver: server stacked-based buffer overflow flaws in file transfer handling
https://notcve.org/view.php?id=CVE-2014-6055
25 Sep 2014 — Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message. Múltiples desbordamientos de buffer basado en pila en la caracteristica File Transfer en rfbserver.c en LibVNCServer 0.9.9 y anteriores permiten a usuarios remotos autenticados causar... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 12%CPEs: 4EXPL: 0CVE-2014-6053 – libvncserver: server NULL pointer dereference flaw in ClientCutText message handling
https://notcve.org/view.php?id=CVE-2014-6053
25 Sep 2014 — The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. La función rfbProcessClientNormalMessage en libvncserver/rfbserver.c en LibVNCServer 0.9.9 y anteriores no maneja correctamente los intentos de enviar una ... • http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html • CWE-19: Data Processing Errors CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2014-6051 – libvncserver: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
https://notcve.org/view.php?id=CVE-2014-6051
25 Sep 2014 — Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. Desbordamiento de enteros en la función MallocFrameBuffer en vncviewer.c en LibVNCServer 0.9.9 y anteriores permite a servidores remotos VNC causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrar... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 48%CPEs: 4EXPL: 0CVE-2014-6054 – libvncserver: server divide-by-zero flaw in scaling factor handling
https://notcve.org/view.php?id=CVE-2014-6054
25 Sep 2014 — The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. La función rfbProcessClientNormalMessage en libvncserver/rfbserver.c en LibVNCServer 0.9.9 y anteriores permite a atacantes remotos causar una denegación de servicio (error de la división por cero y caída del servidor) ... • http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html • CWE-189: Numeric Errors CWE-369: Divide By Zero •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2014-6052 – libvncserver: NULL pointer dereference flaw in framebuffer setup
https://notcve.org/view.php?id=CVE-2014-6052
25 Sep 2014 — The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. La función HandleRFBServerMessage en libvncclient/rfbproto.c en LibVNCServer 0.9.9 y anteriores no comprueba ciertos valores de ... • http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-2450
https://notcve.org/view.php?id=CVE-2006-2450
14 Jul 2006 — auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369. auth.c en LibVNCServer 0.7.1 permite a atacantes remotos evitar la validación a través de una respuesta en la cual el cliente especifica un tipo de seguridad insegura como por ejemplo "Tipo 1 - None", el cual es aceptado siempre aunque no es ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824 •