CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0011
https://notcve.org/view.php?id=CVE-2014-0011
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering. Múltiples desbordamientos de búfer en la región heap de la memoria en la función ZRLE_DECODE en el archivo common/rfb/zrleDecode.h en TigerVNC versiones anteriores a la versión 1.3.1, cuando NDEBUG está habilitado, permite a servidores VNC remotos causar una denegación de servicio (bloqueo de vncviewer) y posiblemente ejecutar código arbitrario por medio de vectores relacionados con el renderizado de imágenes en pantalla. • https://bugzilla.redhat.com/show_bug.cgi?id=1050928 https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2014-8240 – tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
https://notcve.org/view.php?id=CVE-2014-8240
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051. Desbordamiento de enteros en TigerVNC permite a servidores remotos VNC causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores relacionados con el manejo de la pantalla, lo que provoca un desbordamiento de buffer basado en memoria , un fallo similar a CVE-2014-6051. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client. • http://seclists.org/oss-sec/2014/q4/278 http://seclists.org/oss-sec/2014/q4/300 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/70391 https://bugzilla.redhat.com/show_bug.cgi?id=1151307 https://exchange.xforce.ibmcloud.com/vulnerabilities/96947 https://security.gentoo.org/glsa/201612-36 https://access.redhat.com/security/cve/CVE-2014-8240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1775 – tigervnc: vncviewer can send password to server without proper validation of the X.509 certificate
https://notcve.org/view.php?id=CVE-2011-1775
The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate. La función CSecurityTLS::processMsg en common/rtb/CSecurityTLS.cxx en el componente vncviewer en tigervnc v1.1beta1 no verifica de forma adecuada el certificado X.509 del servidor, lo que permite a ataques de Hombre en medio (man-in-the-middle) para falsificar un servidor TSL VNC mediante un certificado de su elección. • http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060567.html http://openwall.com/lists/oss-security/2011/05/06/2 http://openwall.com/lists/oss-security/2011/05/09/7 http://secunia.com/advisories/44939 http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01342.html http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01345.html http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01347.html http://www.redhat.com/support • CWE-20: Improper Input Validation •