Page 5 of 4598 results (0.013 seconds)

CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0

CVE-2020-14405 – libvncserver: libvncclient/rfbproto.c does not limit TextChat size

https://notcve.org/view.php?id=CVE-2020-14405

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncclient/rfbproto.c no limita el tamaño de TextChat • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365 https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html https://usn.ubuntu.com/4434-1 https://access.redhat.com/security/cve/CVE-2020-14405 https://bugzilla.redhat.com/show_bug • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0

CVE-2019-20839 – libvncserver: buffer overflow in ConnectClientToUnixSock()

https://notcve.org/view.php?id=CVE-2019-20839

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. La biblioteca libvncclient/sockets.c en LibVNCServer versiones anteriores a 0.9.13, presenta un desbordamiento de búfer por medio de un nombre de archivo socket largo • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1 https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://lists.debian.org/debian-lts-announce/2020&#x • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2019-20840

https://notcve.org/view.php?id=CVE-2019-20840

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/ws_decode.c puede conllevar a un bloqueo debido a accesos no alineados en la función hybiReadAndDecode • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76 https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://lists.fedoraproject.org/archives/list/package&# • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0

CVE-2018-21247 – libvncserver: uninitialized memory contents are vulnerable to Information Leak

https://notcve.org/view.php?id=CVE-2018-21247

An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Se presenta una pérdida de memoria en la biblioteca libvncclient/rfbproto.c en la función ConnectToRFBRepeater • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://github.com/LibVNC/libvncserver/issues/253 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-909: Missing Initialization of Resource •

CVSS: 8.1EPSS: 3%CPEs: 21EXPL: 1

CVE-2020-14195 – jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory

https://notcve.org/view.php?id=CVE-2020-14195

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionada con org.jsecurity.realm.jndi.JndiRealmFactory (también se conoce como org.jsecurity) A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/Al1ex/CVE-2020-14195 https://github.com/FasterXML/jackson-databind/issues/2765 https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html https://security.netapp.com/advisory/ntap-20200702-0003 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpuoct2021. • CWE-502: Deserialization of Untrusted Data •