CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-0408 – Xorg-x11-server: selinux unlabeled glx pbuffer
https://notcve.org/view.php?id=CVE-2024-0408
17 Jan 2024 — A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL. Se encontró una falla en el servidor X.Org. El código GLX PBuffer no llama al gancho XACE al crear el bú... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-0409 – Xorg-x11-server: selinux context corruption
https://notcve.org/view.php?id=CVE-2024-0409
17 Jan 2024 — A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context. Se encontró una falla en el servidor X.Org. El código del cursor tanto en Xephyr como en Xwayland utiliza el tipo incorrecto de privado en el momento de la creación. • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26117 – tigervnc: certificate exceptions stored as authorities
https://notcve.org/view.php?id=CVE-2020-26117
27 Sep 2020 — In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. En los archivos rfb/CSecurityTLS.cxx y rfb/CSecurityTLS.java en TigerVNC versiones anteriores a 1.11.0, los espectadores manejan inapropiadamente las excepciones del certificado TLS. Almacenan los certificados como autoridades, lo q... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00025.html • CWE-295: Improper Certificate Validation CWE-296: Improper Following of a Certificate's Chain of Trust •
CVSS: 7.2EPSS: 6%CPEs: 2EXPL: 1CVE-2019-15695 – tigervnc: Stack buffer overflow in CMsgReader::readSetCursor
https://notcve.org/view.php?id=CVE-2019-15695
26 Dec 2019 — TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versión anterior a 1.10.1, es vulnerable al desbordam... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html • CWE-121: Stack-based Buffer Overflow CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 6%CPEs: 2EXPL: 2CVE-2019-15694 – tigervnc: Heap buffer overflow in DecodeManager::decodeRect
https://notcve.org/view.php?id=CVE-2019-15694
26 Dec 2019 — TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versiones anteriores a 1.10.1, es vulnerable al desbordamiento de búfer de la pila, que podría ser activada desde la función DecodeManager::decodeR... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 8%CPEs: 1EXPL: 1CVE-2019-15693 – tigervnc: Heap buffer overflow in TightDecoder::FilterGradient
https://notcve.org/view.php?id=CVE-2019-15693
26 Dec 2019 — TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versiones anteriores a 1.10.1, es vulnerable al desbordamiento de búfer de la pila, que se presenta en la función TightDecoder::FilterGradient. La explotación de esta vulnerabilidad podría resultar potencialmente en una ejecución de c... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 7%CPEs: 2EXPL: 1CVE-2019-15692 – tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks
https://notcve.org/view.php?id=CVE-2019-15692
26 Dec 2019 — TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versiones anteriores a 1.10.1, es vulnerable al desbordamiento de búfer de la pila. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1CVE-2019-15691 – tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder
https://notcve.org/view.php?id=CVE-2019-15691
26 Dec 2019 — TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versiones anteriores a 1.10.1, es vulnerable al us... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html • CWE-672: Operation on a Resource after Expiration or Release CWE-825: Expired Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7392 – tigervnc: SSecurityVeNCrypt memory leak
https://notcve.org/view.php?id=CVE-2017-7392
01 Apr 2017 — In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. En TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), un cliente no autenticado puede provocar una pequeña fuga de memoria en el servidor. A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causin... • http://www.securityfocus.com/bid/97305 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-7393 – tigervnc: Double free via crafted fences
https://notcve.org/view.php?id=CVE-2017-7393
01 Apr 2017 — In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. En TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), un cliente autenticado puede provocar una liberación doble, conduciendo a denegación de servicio o potencialmente ejecución de código. A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to m... • http://www.securityfocus.com/bid/97305 • CWE-415: Double Free CWE-416: Use After Free •