CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24750 – Low privilege user is able to exploit the service and gain SYSTEM privileges in UltraVNC server
https://notcve.org/view.php?id=CVE-2022-24750
10 Mar 2022 — UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.1. Users unable to upgrade should not install and run UltraVNC server as a service. • https://github.com/bowtiejicode/UltraVNC-DSMPlugin-LPE • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8270
https://notcve.org/view.php?id=CVE-2019-8270
08 Mar 2019 — UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211. UltraVNC, en su revisión 1210, tiene una vulnerabilidad de lectura fuera de límites en el código VNC del cliente dentro de "Ultra decoder", lo cual conduce a una condición de denegación de servicio (DoS). Este ataque parece ser explotable med... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-8264
https://notcve.org/view.php?id=CVE-2019-8264
08 Mar 2019 — UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. UltraVNC, en su revisión 1203, tiene una vulnerabilidad de acceso fuera de límites en el cliente VNC dentro del decodificador Ultra2, lo que podría, potencialmente, resultar en una ejecución de código. Este ataque parece ser explotable mediante la c... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-8266
https://notcve.org/view.php?id=CVE-2019-8266
08 Mar 2019 — UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulnerabilities have been fixed in revision 1208. UltraVNC, en su revisión 1207, tiene múltiples vulnerabilidades de acceso fuera de límites conectadas al uso incorrec... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2019-8273
https://notcve.org/view.php?id=CVE-2019-8273
08 Mar 2019 — UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. UltraVNX, en su revisión 1211, tiene una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el código del servidor VNC dentro de un manipulador de peticiones de trasferencia de archivos, lo que podrí... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-8268
https://notcve.org/view.php?id=CVE-2019-8268
08 Mar 2019 — UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207. UltraVNC, en su revisión 1206, tiene múltiples vulnerabilidades de error por un paso en el código del cliente VNC conectadas con el uso incorrecto de la función ClientConnection::ReadString, lo... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-193: Off-by-one Error •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2019-8274
https://notcve.org/view.php?id=CVE-2019-8274
08 Mar 2019 — UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. UltraVNC, en su revisión 1211, tiene una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el código del servidor VNC dentro de un manipulador de oferta de trasferencia de archivos, lo que podría resu... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-8272
https://notcve.org/view.php?id=CVE-2019-8272
08 Mar 2019 — UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. UltraVNC, en su revisión 1211, tiene una vulnerabilidad de error por un paso en el código del servidor VNC, lo que podría resultar, potencialmente, en la ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2019-8276
https://notcve.org/view.php?id=CVE-2019-8276
08 Mar 2019 — UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. UltraVNC, en su revisión 1211, tiene una vulnerabilidad de desbordamiento de búfer basado en pila en el código del servidor VNC dentro del manipulador de peticiones de trasferencia de datos, lo que puede resultar en una denegació... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2019-8271
https://notcve.org/view.php?id=CVE-2019-8271
08 Mar 2019 — UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. UltraVNC, en su revisión 1211, tiene una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el código VNC del servidor dentro de un manipulador de trasferencias de archivos, lo que, potencialmente, puede result... • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •