CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27830
https://notcve.org/view.php?id=CVE-2023-27830
12 Apr 2023 — TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account. • https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-42785 – Buffer Overflow in tvnviewer.exe via Crafted Packet in TightVNC Viewer 2.8.59
https://notcve.org/view.php?id=CVE-2021-42785
23 Nov 2021 — Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server. Una vulnerabilidad de desbordamiento del búfer en el archivo tvnviewer.exe de TightVNC Viewer permite a un atacante remoto ejecutar instrucciones arbitrarias por medio de un paquete FramebufferUpdate diseñado desde un servidor VNC • https://www.tightvnc.com/whatsnew.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15680 – Ubuntu Security Notice USN-4407-1
https://notcve.org/view.php?id=CVE-2019-15680
29 Oct 2019 — TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. El código de TightVNC versión 1.3.10, contiene una desreferencia del puntero null en la función HandleZlibBPP, lo que resulta en una Denegación del Sistema (DoS). Este ataque parece ser explotable por medio de la conectividad de red. It was discovered that LibVNCServer incorrectly handled decompressing data. • https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-15679
https://notcve.org/view.php?id=CVE-2019-15679
29 Oct 2019 — TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. El código de TightVNC versión 1.3.10, contiene un desbordamiento del búfer de la pila en la función InitialiseRFBConnection, lo que puede resultar potencialmente en una ejecución de código. Este ataque parece ser explotable por medio de la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-15678
https://notcve.org/view.php?id=CVE-2019-15678
29 Oct 2019 — TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. El código de TightVNC versión 1.3.10, contiene un desbordamiento del búfer de la pila en el manejador rfbServerCutText, lo que puede resultar potencialmente en una ejecución de código. Este ataque parece ser explotable por medio de la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-8287
https://notcve.org/view.php?id=CVE-2019-8287
29 Oct 2019 — TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. El código de TightVNC versión 1.3.10, contiene un desbordamiento del búfer global en la función macro HandleCoRREBBP, que puede resultar potencialmente en una ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 48%CPEs: 3EXPL: 4CVE-2009-0388 – TightVNC - Authentication Failure Integer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0388
04 Feb 2009 — Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp. Errores múltiples de signo de entero en (1) UltraVNC v1.0.2 y v1.0.5 y (2) TightVnc v1.3.9 permiten a atacantes remot... • https://www.exploit-db.com/exploits/8024 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2002-1511
https://notcve.org/view.php?id=CVE-2002-1511
03 Mar 2003 — The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. • http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1848
https://notcve.org/view.php?id=CVE-2002-1848
31 Dec 2002 — TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords. • http://www.securityfocus.com/bid/4835 •
CVSS: 9.1EPSS: 1%CPEs: 5EXPL: 0CVE-2002-1336
https://notcve.org/view.php?id=CVE-2002-1336
11 Dec 2002 — TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. TightVNC anterior a 1.2.6 genera la misma cadena de desafío a múltiples conexiones, lo que permite a atacantes remotos evitar la autenticación VNC espiando el desafio y la respuesta de otros usuarios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 •