CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-25708 – libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS
https://notcve.org/view.php?id=CVE-2020-25708
18 Nov 2020 — A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. Se encontró un problema de división por cero en libvncserver-0.9.12. Un cliente malicioso podría usar este fallo para enviar un mensaje especialmente diseñado que, cuando se procesaba mediante el servidor VNC, conduciría a una excepción de punto flot... • https://bugzilla.redhat.com/show_bug.cgi?id=1896739 • CWE-369: Divide By Zero •
CVSS: 9.8EPSS: 4%CPEs: 21EXPL: 0CVE-2017-18922 – libvncserver: websocket decoding buffer overflow
https://notcve.org/view.php?id=CVE-2017-18922
30 Jun 2020 — It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. Se detectó que el archivo websockets.c en LibVNCServer versiones anteriores a 0.9.12, no decodificaba apropiadamente determinados tramas de WebSocket. Un atacante malicioso podría explotar esto mediante el envío de tramas de WebSocket especialmente diseñada... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-14396 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14396
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncclient/tls_openssl.c presenta una desreferencia del puntero NULL Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It ... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 22EXPL: 0CVE-2020-14397 – libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-14397
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/rfbregion.c presenta una desreferencia del puntero NULL Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It was ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2020-14398 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14398
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Una conexión TCP cerrada inapropiadamente causa un bucle infinito en la biblioteca libvncclient/sockets.c Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2020-14399
https://notcve.org/view.php?id=CVE-2020-14399
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed. **EN DISPUTA** Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Los datos Byte-aligned son accedidos por medio de punteros uint32_t en la biblioteca libvncclient/rfbproto.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2020-14400 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14400
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary ** EN DISPUTA ** Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Los datos Byte-aligned son accedidos por medio de punteros uint16_t en la biblioteca libvncserver/translate.c. NOTA: Los terceros no consideran que se ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html •
CVSS: 6.5EPSS: 1%CPEs: 17EXPL: 0CVE-2020-14401 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14401
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/scale.c presenta un desbordamiento de enteros en la función pixel_value Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitra... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-14402 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14402
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/corre.c permite un acceso fuera de límites por medio de codificaciones Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute a... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14403 – Ubuntu Security Notice USN-4573-1
https://notcve.org/view.php?id=CVE-2020-14403
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/hextile.c permite un acceso fuera de límites por medio de codificaciones Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorr... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •