CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-8260
https://notcve.org/view.php?id=CVE-2019-8260
UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. UltraVNC, en su revisión 1198, contiene una vulnerabilidad de lectura fuera de límites en el código del decodificador RRE del cliente VNC, provocado por el desbordamiento de multiplicaciones. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-006-ultravnc-out-of-bound-read https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-8261
https://notcve.org/view.php?id=CVE-2019-8261
UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. UltraVNC, en su revisión 1199, contiene una vulnerabilidad de lectura fuera de límites en el código VNC dentro del decodificador del cliente CoRRE, provocado por el desbordamiento de multiplicaciones. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-007-ultravnc-out-of-bound-read https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-8263
https://notcve.org/view.php?id=CVE-2019-8263
UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206. UltraVNC, en su revisión 1205, tiene un desbordamiento de búfer basado en pila en el código del cliente VNC dentro de la rutina ShowConnInfo, lo cual conduce a una condición de denegación de servicio (DoS). • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow https://us-cert.cisa.gov/ics/advisories/icsa- • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 89%CPEs: 3EXPL: 4CVE-2009-0388 – TightVNC - Authentication Failure Integer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0388
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp. Errores múltiples de signo de entero en (1) UltraVNC v1.0.2 y v1.0.5 y (2) TightVnc v1.3.9 permiten a atacantes remotos provocar una denegación de servicio (corrupción de la cabecera y caída de la aplicación) o posiblemente ejecutar codigo de su elección mediante un valor de gran longitud en un mensaje, en relación con las funciones (a) ClientConnection::CheckBufferSize y (b) ClientConnection::CheckFileZipBufferSize en ClientConnection.cpp. • https://www.exploit-db.com/exploits/8024 https://www.exploit-db.com/exploits/7990 http://forum.ultravnc.info/viewtopic.php?t=14654 http://secunia.com/advisories/33807 http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564 http://www.coresecurity.com/content/vnc-integer-overflows http://www.securityfocus.com/archive/1/500632/100/0/threaded http://www.securityfocus.com/bid/33568 http://www.vupen.com/english/advisories/2009/0321 http://www.vupen.com/ • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 4%CPEs: 2EXPL: 0CVE-2008-5001
https://notcve.org/view.php?id=CVE-2008-5001
Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610. Múltiples desbordamientos basados en pila en múltiples funciones en vncviewer/FileTransfer.cpp en vncviewer para UltraVNC v1.0.2 y v1.0.4 versiones anteriores a v01252008, cuando en modo ESCUCHA o cuando utilizan el extensión (plugin) DSM, permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de vectores no especificados, una cuestión diferente a CVE-2008-0610. • http://forum.ultravnc.info/viewtopic.php?p=45150#45150 http://secunia.com/advisories/28804 http://sourceforge.net/project/shownotes.php?release_id=571174&group_id=63887 http://ultravnc.svn.sourceforge.net/viewvc/ultravnc/UltraVNC%20Project%20Root/UltraVNC/vncviewer/FileTransfer.cpp?view=log#rev183 http://www.securityfocus.com/bid/27687 http://www.vupen.com/english/advisories/2008/0486 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •