Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/104307?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "libvncserver", "version": "0.9.15+dfsg-1+deb13u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.9.15+dfsg-3", "latest_non_vulnerable_version": "0.9.15+dfsg-5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77703?format=api", "vulnerability_id": "VCID-29gt-w9qk-a3ac", "summary": "LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A malicious VNC server can send a crafted FramebufferUpdate rectangle using Tight encoding with NoZlib | ExplicitFilter and the Gradient filter. When a LibVNCClient-based client connects, the client processes the server-controlled rectangle width and writes beyond fixed-size Gradient buffers. This vulnerability is fixed with commit 5b270544b85233668b98161323297d418a8f5fd1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13329", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13325", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44988", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44988" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138174", "reference_id": "1138174", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138174" }, { "reference_url": "https://github.com/LibVNC/libvncserver/commit/5b270544b85233668b98161323297d418a8f5fd1", "reference_id": "5b270544b85233668b98161323297d418a8f5fd1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T03:55:55Z/" } ], "url": "https://github.com/LibVNC/libvncserver/commit/5b270544b85233668b98161323297d418a8f5fd1" }, { "reference_url": "https://github.com/LibVNC/libvncserver/security/advisories/GHSA-jcc5-8wj4-7c58", "reference_id": "GHSA-jcc5-8wj4-7c58", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T03:55:55Z/" } ], "url": "https://github.com/LibVNC/libvncserver/security/advisories/GHSA-jcc5-8wj4-7c58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-44988" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29gt-w9qk-a3ac" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77680?format=api", "vulnerability_id": "VCID-13ws-y65t-ykbx", "summary": "LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6307.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6307.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09475", "scoring_system": "epss", "scoring_elements": "0.92978", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09475", "scoring_system": "epss", "scoring_elements": "0.92988", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.09475", "scoring_system": "epss", "scoring_elements": "0.92985", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6307" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661136", "reference_id": "1661136", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661136" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941", "reference_id": "916941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104312?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-6307" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13ws-y65t-ykbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77685?format=api", "vulnerability_id": "VCID-3938-7dgh-t7fc", "summary": "libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20788.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20788.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74333", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74366", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74371", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20788" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829870", "reference_id": "1829870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829870" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163", "reference_id": "954163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0913", "reference_id": "RHSA-2020:0913", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0920", "reference_id": "RHSA-2020:0920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0921", "reference_id": "RHSA-2020:0921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0921" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104315?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.12%2Bdfsg-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.12%252Bdfsg-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-20788" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3938-7dgh-t7fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77701?format=api", "vulnerability_id": "VCID-3gf3-zrf8-uuc5", "summary": "A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.74116", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.74149", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.74154", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25708" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25708" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896739", "reference_id": "1896739", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896739" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4636-1/", "reference_id": "USN-4636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4636-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-25708" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gf3-zrf8-uuc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6328?format=api", "vulnerability_id": "VCID-3m91-rw1t-5bh8", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7225.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7225.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03304", "scoring_system": "epss", "scoring_elements": "0.87461", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03304", "scoring_system": "epss", "scoring_elements": "0.87483", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03304", "scoring_system": "epss", "scoring_elements": "0.87482", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7225" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546858", "reference_id": "1546858", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546858" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894045", "reference_id": "894045", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894045" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784", "reference_id": "945784", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784" }, { "reference_url": "https://security.archlinux.org/AVG-628", "reference_id": "AVG-628", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-628" }, { "reference_url": "https://security.gentoo.org/glsa/201908-05", "reference_id": "GLSA-201908-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1055", "reference_id": "RHSA-2018:1055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1055" }, { "reference_url": "https://usn.ubuntu.com/3618-1/", "reference_id": "USN-3618-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3618-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104314?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-7225" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3m91-rw1t-5bh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77668?format=api", "vulnerability_id": "VCID-41xg-5knm-8udw", "summary": "LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20019.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20019.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.168", "scoring_system": "epss", "scoring_elements": "0.95072", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.168", "scoring_system": "epss", "scoring_elements": "0.95081", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.168", "scoring_system": "epss", "scoring_elements": "0.95082", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661114", "reference_id": "1661114", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661114" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941", "reference_id": "916941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941" }, { "reference_url": "https://security.gentoo.org/glsa/201908-05", "reference_id": "GLSA-201908-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-05" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104312?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20019" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41xg-5knm-8udw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77702?format=api", "vulnerability_id": "VCID-5q7x-qej6-skap", "summary": "libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29260.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29260.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00939", "scoring_system": "epss", "scoring_elements": "0.76594", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00939", "scoring_system": "epss", "scoring_elements": "0.76624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00939", "scoring_system": "epss", "scoring_elements": "0.7663", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29260" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29260", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29260" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019228", "reference_id": "1019228", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019228" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124164", "reference_id": "2124164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104321?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-29260" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5q7x-qej6-skap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77689?format=api", "vulnerability_id": "VCID-72vg-qxu9-nkfy", "summary": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14397.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14397.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14397", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89236", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89253", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89254", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14397" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14397" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860344", "reference_id": "1860344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14397" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-72vg-qxu9-nkfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77655?format=api", "vulnerability_id": "VCID-78gh-2kxj-cygt", "summary": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0904.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00685", "scoring_system": "epss", "scoring_elements": "0.72073", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00685", "scoring_system": "epss", "scoring_elements": "0.72114", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00685", "scoring_system": "epss", "scoring_elements": "0.72121", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0904" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455", "reference_id": "694455", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455" }, { "reference_url": "https://security.gentoo.org/glsa/201412-09", "reference_id": "GLSA-201412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0169", "reference_id": "RHSA-2013:0169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0169" }, { "reference_url": "https://usn.ubuntu.com/1128-1/", "reference_id": "USN-1128-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1128-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104308?format=api", "purl": "pkg:deb/debian/libvncserver@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0904" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-78gh-2kxj-cygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64516?format=api", "vulnerability_id": "VCID-878j-2fje-33c9", "summary": "LibVNCServer: LibVNCServer: Information disclosure or Denial of Service via heap out-of-bounds read in UltraZip encoding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32853.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32853.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32853", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07191", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07185", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32853" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32853", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32853" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibVNC/libvncserver/commit/009008e2f4d5a54dd71f422070df3af7b3dbc931", "reference_id": "009008e2f4d5a54dd71f422070df3af7b3dbc931", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:41:12Z/" } ], "url": "https://github.com/LibVNC/libvncserver/commit/009008e2f4d5a54dd71f422070df3af7b3dbc931" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132016", "reference_id": "1132016", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450843", "reference_id": "2450843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450843" }, { "reference_url": "https://github.com/LibVNC/libvncserver/security/advisories/GHSA-87q7-v983-qwcj", "reference_id": "GHSA-87q7-v983-qwcj", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:41:12Z/" } ], "url": "https://github.com/LibVNC/libvncserver/security/advisories/GHSA-87q7-v983-qwcj" }, { "reference_url": "https://www.vulncheck.com/advisories/libvncserver-ultrazip-encoding-heap-out-of-bounds-read", "reference_id": "libvncserver-ultrazip-encoding-heap-out-of-bounds-read", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:41:12Z/" } ], "url": "https://www.vulncheck.com/advisories/libvncserver-ultrazip-encoding-heap-out-of-bounds-read" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104323?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-32853" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-878j-2fje-33c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77677?format=api", "vulnerability_id": "VCID-8hw6-pgk7-u3aq", "summary": "LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20749.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20749.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93337", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93348", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93349", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20749" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671403", "reference_id": "1671403", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671403" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941", "reference_id": "920941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104313?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20749" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hw6-pgk7-u3aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4665?format=api", "vulnerability_id": "VCID-925y-k5rf-nuf3", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9941.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9941.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01661", "scoring_system": "epss", "scoring_elements": "0.82403", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01661", "scoring_system": "epss", "scoring_elements": "0.82431", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01661", "scoring_system": "epss", "scoring_elements": "0.82429", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410166", "reference_id": "1410166", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410166" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850007", "reference_id": "850007", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850007" }, { "reference_url": "https://security.archlinux.org/ASA-201701-20", "reference_id": "ASA-201701-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-20" }, { "reference_url": "https://security.archlinux.org/AVG-124", "reference_id": "AVG-124", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-124" }, { "reference_url": "https://security.gentoo.org/glsa/201702-24", "reference_id": "GLSA-201702-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-24" }, { "reference_url": "https://usn.ubuntu.com/3171-1/", "reference_id": "USN-3171-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3171-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104310?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9941" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-925y-k5rf-nuf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77696?format=api", "vulnerability_id": "VCID-9d78-wqhh-pbcn", "summary": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.8582", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85842", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85843", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860367", "reference_id": "1860367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860367" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14402" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d78-wqhh-pbcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77664?format=api", "vulnerability_id": "VCID-9jwb-wjfy-cfgf", "summary": "LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15126.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.059", "scoring_system": "epss", "scoring_elements": "0.90766", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.059", "scoring_system": "epss", "scoring_elements": "0.9078", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661110", "reference_id": "1661110", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661110" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941", "reference_id": "916941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104312?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-15126" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9jwb-wjfy-cfgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77662?format=api", "vulnerability_id": "VCID-anph-aqhs-8qau", "summary": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6055.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6055.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11157", "scoring_system": "epss", "scoring_elements": "0.93626", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11157", "scoring_system": "epss", "scoring_elements": "0.93636", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6055" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144293", "reference_id": "1144293", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144293" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745", "reference_id": "762745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745" }, { "reference_url": "https://security.gentoo.org/glsa/201507-07", "reference_id": "GLSA-201507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201507-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1826", "reference_id": "RHSA-2014:1826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1827", "reference_id": "RHSA-2014:1827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0113", "reference_id": "RHSA-2015:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0113" }, { "reference_url": "https://usn.ubuntu.com/2365-1/", "reference_id": "USN-2365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2365-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104309?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.9%2Bdfsg-6.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.9%252Bdfsg-6.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-6055" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-anph-aqhs-8qau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77669?format=api", "vulnerability_id": "VCID-bvhy-zh6b-pkbs", "summary": "LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20020.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20020.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2103", "scoring_system": "epss", "scoring_elements": "0.95753", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.2103", "scoring_system": "epss", "scoring_elements": "0.95758", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.2103", "scoring_system": "epss", "scoring_elements": "0.95762", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661117", "reference_id": "1661117", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661117" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941", "reference_id": "916941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827", "reference_id": "945827", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827" }, { "reference_url": "https://security.gentoo.org/glsa/201908-05", "reference_id": "GLSA-201908-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-05" }, { "reference_url": "https://security.gentoo.org/glsa/202006-06", "reference_id": "GLSA-202006-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-06" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-2/", "reference_id": "USN-4547-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-2/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104312?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20020" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvhy-zh6b-pkbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77674?format=api", "vulnerability_id": "VCID-c2a5-uma8-x7hz", "summary": "LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20024.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20024.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03729", "scoring_system": "epss", "scoring_elements": "0.88197", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03729", "scoring_system": "epss", "scoring_elements": "0.88217", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03729", "scoring_system": "epss", "scoring_elements": "0.8822", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661132", "reference_id": "1661132", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661132" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941", "reference_id": "916941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827", "reference_id": "945827", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827" }, { "reference_url": "https://security.gentoo.org/glsa/201908-05", "reference_id": "GLSA-201908-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-05" }, { "reference_url": "https://security.gentoo.org/glsa/202006-06", "reference_id": "GLSA-202006-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-06" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-2/", "reference_id": "USN-4547-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-2/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104312?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20024" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2a5-uma8-x7hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77657?format=api", "vulnerability_id": "VCID-cwdf-wcu5-n3gm", "summary": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6051.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6051.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07984", "scoring_system": "epss", "scoring_elements": "0.9223", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07984", "scoring_system": "epss", "scoring_elements": "0.92242", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07984", "scoring_system": "epss", "scoring_elements": "0.9224", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144287", "reference_id": "1144287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144287" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745", "reference_id": "762745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745" }, { "reference_url": "https://security.gentoo.org/glsa/201507-07", "reference_id": "GLSA-201507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201507-07" }, { "reference_url": "https://security.gentoo.org/glsa/201612-36", "reference_id": "GLSA-201612-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1826", "reference_id": "RHSA-2014:1826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0113", "reference_id": "RHSA-2015:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0113" }, { "reference_url": "https://usn.ubuntu.com/2365-1/", "reference_id": "USN-2365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2365-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104309?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.9%2Bdfsg-6.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.9%252Bdfsg-6.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-6051" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cwdf-wcu5-n3gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77675?format=api", "vulnerability_id": "VCID-du17-2h7q-tbdw", "summary": "LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20748.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20748.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93408", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.9342", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93421", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20748" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671407", "reference_id": "1671407", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671407" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941", "reference_id": "920941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104313?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20748" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-du17-2h7q-tbdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77658?format=api", "vulnerability_id": "VCID-e1ts-esgr-xfgj", "summary": "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6052.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6052.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0454", "scoring_system": "epss", "scoring_elements": "0.89364", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0454", "scoring_system": "epss", "scoring_elements": "0.89383", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0454", "scoring_system": "epss", "scoring_elements": "0.89382", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144288", "reference_id": "1144288", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144288" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745", "reference_id": "762745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745" }, { "reference_url": "https://security.gentoo.org/glsa/201507-07", "reference_id": "GLSA-201507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201507-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1826", "reference_id": "RHSA-2014:1826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1826" }, { "reference_url": "https://usn.ubuntu.com/2365-1/", "reference_id": "USN-2365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2365-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104309?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.9%2Bdfsg-6.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.9%252Bdfsg-6.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-6052" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1ts-esgr-xfgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77654?format=api", "vulnerability_id": "VCID-ehuv-u6nc-hkf6", "summary": "auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as \"Type 1 - None\", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2450.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2450.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-2450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03222", "scoring_system": "epss", "scoring_elements": "0.8729", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03222", "scoring_system": "epss", "scoring_elements": "0.87312", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03222", "scoring_system": "epss", "scoring_elements": "0.87309", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-2450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2450" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824", "reference_id": "376824", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824" }, { "reference_url": "https://security.gentoo.org/glsa/200608-05", "reference_id": "GLSA-200608-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200608-05" }, { "reference_url": "https://security.gentoo.org/glsa/200608-12", "reference_id": "GLSA-200608-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200608-12" }, { "reference_url": "https://security.gentoo.org/glsa/200703-19", "reference_id": "GLSA-200703-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200703-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104304?format=api", "purl": "pkg:deb/debian/libvncserver@0.8.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.8.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-2450" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehuv-u6nc-hkf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77686?format=api", "vulnerability_id": "VCID-eks9-j9wf-q7cn", "summary": "libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20839.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04134", "scoring_system": "epss", "scoring_elements": "0.88842", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04134", "scoring_system": "epss", "scoring_elements": "0.88859", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20839" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849877", "reference_id": "1849877", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-20839" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eks9-j9wf-q7cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77663?format=api", "vulnerability_id": "VCID-fj5x-gk5u-9fcy", "summary": "It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18922.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18922.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91529", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91542", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91544", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18922" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852356", "reference_id": "1852356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852356" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3281", "reference_id": "RHSA-2020:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3385", "reference_id": "RHSA-2020:3385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3456", "reference_id": "RHSA-2020:3456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3588", "reference_id": "RHSA-2020:3588", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3588" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104311?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.12%2Bdfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.12%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-18922" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fj5x-gk5u-9fcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77666?format=api", "vulnerability_id": "VCID-gj1t-919b-abg3", "summary": "LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15127.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15127.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15138", "scoring_system": "epss", "scoring_elements": "0.9472", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15138", "scoring_system": "epss", "scoring_elements": "0.94728", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.15138", "scoring_system": "epss", "scoring_elements": "0.94729", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661102", "reference_id": "1661102", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661102" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941", "reference_id": "916941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0059", "reference_id": "RHSA-2019:0059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0059" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104312?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-15127" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gj1t-919b-abg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77697?format=api", "vulnerability_id": "VCID-hh4x-d9pd-ebe4", "summary": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14403.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14403.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80295", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.8032", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80323", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860334", "reference_id": "1860334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860334" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14403" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hh4x-d9pd-ebe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77679?format=api", "vulnerability_id": "VCID-hu3m-g1h4-sufg", "summary": "An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21247.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21247.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-21247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01477", "scoring_system": "epss", "scoring_elements": "0.81308", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01477", "scoring_system": "epss", "scoring_elements": "0.81335", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01477", "scoring_system": "epss", "scoring_elements": "0.81338", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-21247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849886", "reference_id": "1849886", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104312?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-21247" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hu3m-g1h4-sufg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77691?format=api", "vulnerability_id": "VCID-j4zz-yk4y-y7ds", "summary": "An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly \"no trust boundary crossed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14399.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14399.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85524", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85547", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85552", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14399" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860354", "reference_id": "1860354", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860354" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14399" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4zz-yk4y-y7ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77687?format=api", "vulnerability_id": "VCID-jn8p-cbaf-uqc7", "summary": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20840.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86689", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86712", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.8671", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20840" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849881", "reference_id": "1849881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849881" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-20840" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jn8p-cbaf-uqc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77670?format=api", "vulnerability_id": "VCID-jvfk-sg6j-mfhc", "summary": "LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20021.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02552", "scoring_system": "epss", "scoring_elements": "0.85771", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02552", "scoring_system": "epss", "scoring_elements": "0.85793", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02552", "scoring_system": "epss", "scoring_elements": "0.85795", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661120", "reference_id": "1661120", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661120" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941", "reference_id": "916941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827", "reference_id": "945827", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827" }, { "reference_url": "https://security.gentoo.org/glsa/201908-05", "reference_id": "GLSA-201908-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-05" }, { "reference_url": "https://security.gentoo.org/glsa/202006-06", "reference_id": "GLSA-202006-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-06" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-2/", "reference_id": "USN-4547-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-2/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104312?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20021" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvfk-sg6j-mfhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77678?format=api", "vulnerability_id": "VCID-kt63-8u88-wkam", "summary": "LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04387", "scoring_system": "epss", "scoring_elements": "0.89172", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04387", "scoring_system": "epss", "scoring_elements": "0.89189", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04387", "scoring_system": "epss", "scoring_elements": "0.8919", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20750" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671405", "reference_id": "1671405", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671405" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941", "reference_id": "920941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104313?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20750" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kt63-8u88-wkam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77660?format=api", "vulnerability_id": "VCID-n7ve-shr4-fuef", "summary": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6053.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6053.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36865", "scoring_system": "epss", "scoring_elements": "0.97236", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.36865", "scoring_system": "epss", "scoring_elements": "0.97239", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.36865", "scoring_system": "epss", "scoring_elements": "0.97241", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144289", "reference_id": "1144289", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144289" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745", "reference_id": "762745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784", "reference_id": "945784", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784" }, { "reference_url": "https://security.gentoo.org/glsa/201507-07", "reference_id": "GLSA-201507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201507-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1826", "reference_id": "RHSA-2014:1826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1827", "reference_id": "RHSA-2014:1827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1827" }, { "reference_url": "https://usn.ubuntu.com/2365-1/", "reference_id": "USN-2365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2365-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104309?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.9%2Bdfsg-6.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.9%252Bdfsg-6.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-6053" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7ve-shr4-fuef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77671?format=api", "vulnerability_id": "VCID-r4yj-wxr9-fub5", "summary": "LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20022.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06177", "scoring_system": "epss", "scoring_elements": "0.90998", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06177", "scoring_system": "epss", "scoring_elements": "0.91012", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06177", "scoring_system": "epss", "scoring_elements": "0.91011", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661123", "reference_id": "1661123", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661123" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941", "reference_id": "916941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827", "reference_id": "945827", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827" }, { "reference_url": "https://security.gentoo.org/glsa/201908-05", "reference_id": "GLSA-201908-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-05" }, { "reference_url": "https://security.gentoo.org/glsa/202006-06", "reference_id": "GLSA-202006-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-06" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-2/", "reference_id": "USN-4547-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-2/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104312?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20022" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4yj-wxr9-fub5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77688?format=api", "vulnerability_id": "VCID-rb8e-gsev-7kaw", "summary": "An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14396.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14396.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81919", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81953", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14396" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860340", "reference_id": "1860340", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860340" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14396" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rb8e-gsev-7kaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77690?format=api", "vulnerability_id": "VCID-rqua-ax7d-w7ae", "summary": "An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14398.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14398.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84951", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84975", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8498", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14398" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860348", "reference_id": "1860348", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860348" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14398" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rqua-ax7d-w7ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77656?format=api", "vulnerability_id": "VCID-rtxf-8hvb-s7f8", "summary": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0905.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0905.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0905", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01211", "scoring_system": "epss", "scoring_elements": "0.79319", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01211", "scoring_system": "epss", "scoring_elements": "0.79345", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01211", "scoring_system": "epss", "scoring_elements": "0.7935", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0905" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456", "reference_id": "694456", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456" }, { "reference_url": "https://security.gentoo.org/glsa/201412-09", "reference_id": "GLSA-201412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0169", "reference_id": "RHSA-2013:0169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0169" }, { "reference_url": "https://usn.ubuntu.com/1128-1/", "reference_id": "USN-1128-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1128-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104308?format=api", "purl": "pkg:deb/debian/libvncserver@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0905" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rtxf-8hvb-s7f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77693?format=api", "vulnerability_id": "VCID-t4ke-zyfm-nqd3", "summary": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14401.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01299", "scoring_system": "epss", "scoring_elements": "0.80062", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01299", "scoring_system": "epss", "scoring_elements": "0.80088", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01299", "scoring_system": "epss", "scoring_elements": "0.80092", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14401" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860364", "reference_id": "1860364", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860364" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14401" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4ke-zyfm-nqd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77684?format=api", "vulnerability_id": "VCID-uv5b-pus6-afa9", "summary": "LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.89114", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.89097", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.89115", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15690" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811948", "reference_id": "1811948", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811948" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163", "reference_id": "954163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163" }, { "reference_url": "https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/", "reference_id": "klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-24T18:22:46Z/" } ], "url": "https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0913", "reference_id": "RHSA-2020:0913", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0920", "reference_id": "RHSA-2020:0920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0921", "reference_id": "RHSA-2020:0921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0921" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104315?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.12%2Bdfsg-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.12%252Bdfsg-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-15690" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uv5b-pus6-afa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77699?format=api", "vulnerability_id": "VCID-uw43-p37a-syec", "summary": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80295", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.8032", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80323", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860337", "reference_id": "1860337", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860337" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14404" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uw43-p37a-syec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77700?format=api", "vulnerability_id": "VCID-vdnw-c2k8-pfdy", "summary": "An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14405.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14405.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01401", "scoring_system": "epss", "scoring_elements": "0.80763", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01401", "scoring_system": "epss", "scoring_elements": "0.80791", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01401", "scoring_system": "epss", "scoring_elements": "0.80792", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14405" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860325", "reference_id": "1860325", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14405" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vdnw-c2k8-pfdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77661?format=api", "vulnerability_id": "VCID-wzd7-av4a-g7bj", "summary": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6054.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6054.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37747", "scoring_system": "epss", "scoring_elements": "0.97287", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.37747", "scoring_system": "epss", "scoring_elements": "0.97292", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.37747", "scoring_system": "epss", "scoring_elements": "0.97293", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144291", "reference_id": "1144291", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144291" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745", "reference_id": "762745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745" }, { "reference_url": "https://security.gentoo.org/glsa/201507-07", "reference_id": "GLSA-201507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201507-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1826", "reference_id": "RHSA-2014:1826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1827", "reference_id": "RHSA-2014:1827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1827" }, { "reference_url": "https://usn.ubuntu.com/2365-1/", "reference_id": "USN-2365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2365-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104309?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.9%2Bdfsg-6.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.9%252Bdfsg-6.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-6054" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzd7-av4a-g7bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4664?format=api", "vulnerability_id": "VCID-xjak-aj11-5ugb", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9942.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9942.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01661", "scoring_system": "epss", "scoring_elements": "0.82403", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01661", "scoring_system": "epss", "scoring_elements": "0.82431", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01661", "scoring_system": "epss", "scoring_elements": "0.82429", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410168", "reference_id": "1410168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410168" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850008", "reference_id": "850008", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850008" }, { "reference_url": "https://security.archlinux.org/ASA-201701-20", "reference_id": "ASA-201701-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-20" }, { "reference_url": "https://security.archlinux.org/AVG-124", "reference_id": "AVG-124", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-124" }, { "reference_url": "https://security.gentoo.org/glsa/201702-24", "reference_id": "GLSA-201702-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-24" }, { "reference_url": "https://usn.ubuntu.com/3171-1/", "reference_id": "USN-3171-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3171-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104310?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9942" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xjak-aj11-5ugb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77682?format=api", "vulnerability_id": "VCID-ykkk-3xmt-d7g7", "summary": "LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15681.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15681.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0937", "scoring_system": "epss", "scoring_elements": "0.9293", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0937", "scoring_system": "epss", "scoring_elements": "0.92941", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0937", "scoring_system": "epss", "scoring_elements": "0.92938", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15681" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854761", "reference_id": "1854761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854761" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943793", "reference_id": "943793", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943793" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784", "reference_id": "945784", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104311?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.12%2Bdfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.12%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-15681" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykkk-3xmt-d7g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77692?format=api", "vulnerability_id": "VCID-yzge-5eyr-3kc8", "summary": "An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14400.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14400.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85524", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85547", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85552", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860361", "reference_id": "1860361", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860361" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104316?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14400" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yzge-5eyr-3kc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64515?format=api", "vulnerability_id": "VCID-znxq-kbyc-h7cd", "summary": "LibVNCServer: LibVNCServer: Denial of Service via specially crafted HTTP requests", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32854.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32854.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75959", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.7596", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32854" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132017", "reference_id": "1132017", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450845", "reference_id": "2450845", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450845" }, { "reference_url": "https://github.com/LibVNC/libvncserver/commit/dc78dee51a7e270e537a541a17befdf2073f5314", "reference_id": "dc78dee51a7e270e537a541a17befdf2073f5314", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T03:52:09Z/" } ], "url": "https://github.com/LibVNC/libvncserver/commit/dc78dee51a7e270e537a541a17befdf2073f5314" }, { "reference_url": "https://github.com/LibVNC/libvncserver/security/advisories/GHSA-xjp8-4qqv-5x4x", "reference_id": "GHSA-xjp8-4qqv-5x4x", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T03:52:09Z/" } ], "url": "https://github.com/LibVNC/libvncserver/security/advisories/GHSA-xjp8-4qqv-5x4x" }, { "reference_url": "https://www.vulncheck.com/advisories/libvncserver-httpd-proxy-null-pointer-dereference", "reference_id": "libvncserver-httpd-proxy-null-pointer-dereference", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T03:52:09Z/" } ], "url": "https://www.vulncheck.com/advisories/libvncserver-httpd-proxy-null-pointer-dereference" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104323?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-32854" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znxq-kbyc-h7cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77672?format=api", "vulnerability_id": "VCID-zy7m-4sfy-1fad", "summary": "LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00856", "scoring_system": "epss", "scoring_elements": "0.75324", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00856", "scoring_system": "epss", "scoring_elements": "0.75353", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00856", "scoring_system": "epss", "scoring_elements": "0.75357", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661128", "reference_id": "1661128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661128" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941", "reference_id": "916941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941" }, { "reference_url": "https://security.gentoo.org/glsa/201908-05", "reference_id": "GLSA-201908-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-05" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104312?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104305?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" }, { "vulnerability": "VCID-878j-2fje-33c9" }, { "vulnerability": "VCID-znxq-kbyc-h7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104303?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104307?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gt-w9qk-a3ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104306?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20023" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy7m-4sfy-1fad" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }