Filtered by vendor Libvncserver Project
Subscribe
Search
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20840 | 3 Debian, Libvncserver Project, Opensuse | 3 Debian Linux, Libvncserver, Leap | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. | |||||
| CVE-2019-20839 | 4 Debian, Fedoraproject, Libvncserver Project and 1 more | 4 Debian Linux, Fedora, Libvncserver and 1 more | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | |||||
| CVE-2020-14397 | 3 Debian, Libvncserver Project, Opensuse | 3 Debian Linux, Libvncserver, Leap | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | |||||
| CVE-2020-14396 | 1 Libvncserver Project | 1 Libvncserver | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. | |||||
| CVE-2018-21247 | 3 Fedoraproject, Libvncserver Project, Opensuse | 3 Fedora, Libvncserver, Leap | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | |||||
| CVE-2019-15681 | 4 Canonical, Debian, Libvncserver Project and 1 more | 4 Ubuntu Linux, Debian Linux, Libvncserver and 1 more | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. | |||||
| CVE-2020-14398 | 2 Libvncserver Project, Opensuse | 2 Libvncserver, Leap | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. | |||||
| CVE-2020-25708 | 2 Libvncserver Project, Redhat | 2 Libvncserver, Enterprise Linux | 2020-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. | |||||
| CVE-2020-14399 | 3 Debian, Libvncserver Project, Opensuse | 3 Debian Linux, Libvncserver, Leap | 2020-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed." | |||||
| CVE-2020-14400 | 3 Debian, Libvncserver Project, Opensuse | 3 Debian Linux, Libvncserver, Leap | 2020-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary. | |||||
| CVE-2010-5304 | 2 Fedoraproject, Libvncserver Project | 2 Fedora, Libvncserver | 2020-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. | |||||