CVSS: 9.8EPSS: 4%CPEs: 21EXPL: 0CVE-2017-18922 – libvncserver: websocket decoding buffer overflow
https://notcve.org/view.php?id=CVE-2017-18922
30 Jun 2020 — It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. Se detectó que el archivo websockets.c en LibVNCServer versiones anteriores a 0.9.12, no decodificaba apropiadamente determinados tramas de WebSocket. Un atacante malicioso podría explotar esto mediante el envío de tramas de WebSocket especialmente diseñada... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-14396 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14396
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncclient/tls_openssl.c presenta una desreferencia del puntero NULL Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It ... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 22EXPL: 0CVE-2020-14397 – libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-14397
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/rfbregion.c presenta una desreferencia del puntero NULL Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It was ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2020-14398 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14398
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Una conexión TCP cerrada inapropiadamente causa un bucle infinito en la biblioteca libvncclient/sockets.c Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 1%CPEs: 17EXPL: 0CVE-2020-14401 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14401
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/scale.c presenta un desbordamiento de enteros en la función pixel_value Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitra... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-14402 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14402
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/corre.c permite un acceso fuera de límites por medio de codificaciones Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute a... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14403 – Ubuntu Security Notice USN-4573-1
https://notcve.org/view.php?id=CVE-2020-14403
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/hextile.c permite un acceso fuera de límites por medio de codificaciones Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorr... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-14404 – Ubuntu Security Notice USN-4573-1
https://notcve.org/view.php?id=CVE-2020-14404
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/rre.c permite un acceso fuera de límites por medio de codificaciones Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly ha... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 20EXPL: 0CVE-2020-14405 – libvncserver: libvncclient/rfbproto.c does not limit TextChat size
https://notcve.org/view.php?id=CVE-2020-14405
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncclient/rfbproto.c no limita el tamaño de TextChat Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It was discovered that ... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 3%CPEs: 22EXPL: 0CVE-2019-20839 – libvncserver: buffer overflow in ConnectClientToUnixSock()
https://notcve.org/view.php?id=CVE-2019-20839
17 Jun 2020 — libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. La biblioteca libvncclient/sockets.c en LibVNCServer versiones anteriores a 0.9.13, presenta un desbordamiento de búfer por medio de un nombre de archivo socket largo Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •