CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8264
https://notcve.org/view.php?id=CVE-2019-8264
UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. UltraVNC, en su revisión 1203, tiene una vulnerabilidad de acceso fuera de límites en el cliente VNC dentro del decodificador Ultra2, lo que podría, potencialmente, resultar en una ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-011-ultravnc-access-of-memory-location-after-end-of-buffer https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-8262
https://notcve.org/view.php?id=CVE-2019-8262
UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204. UltraVNC, en su revisión 1203, tiene múltiples vulnerabilidades de desbordamiento de búfer de memoria dinámica (heap) en el código del cliente VNC dentro del decodificador Ultra, lo que resulta en la ejecución de código. Este ataque parece ser explotable mediante conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15361
https://notcve.org/view.php?id=CVE-2018-15361
UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. UltraVNC, en su revisión 1198, tiene una vulnerabilidad de subdesbordamiento de búfer en el código del cliente VNC que podría conducir a la ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-124: Buffer Underwrite ('Buffer Underflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-8258
https://notcve.org/view.php?id=CVE-2019-8258
UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. UltraVNC, en su revisión 1198, tiene una vulnerabilidad de desbordamiento de búfer de memoria dinámica (heap) en el código del cliente VNC, lo que resulta en la ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-8259
https://notcve.org/view.php?id=CVE-2019-8259
UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199. UltraVNC, en su revisión 1198, contiene múltiples fugas de memoria (CWE-655) en el código del cliente VNC, lo que permite que un atacante lea memoria de la pila y puede aprovecharse para divulgar información. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-665: Improper Initialization •