Lookup for vulnerable packages by Package URL.
| Purl | pkg:rpm/redhat/libvncserver@0.9.7-7.el6_6?arch=1 |
|---|
| Type | rpm |
|---|
| Namespace | redhat |
|---|
| Name | libvncserver |
|---|
| Version | 0.9.7-7.el6_6 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | null |
|---|
| Latest_non_vulnerable_version | null |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-anph-aqhs-8qau |
| vulnerability_id |
VCID-anph-aqhs-8qau |
| summary |
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-6055
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-anph-aqhs-8qau |
|
| 1 |
| url |
VCID-cwdf-wcu5-n3gm |
| vulnerability_id |
VCID-cwdf-wcu5-n3gm |
| summary |
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6051 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07984 |
| scoring_system |
epss |
| scoring_elements |
0.9223 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.07984 |
| scoring_system |
epss |
| scoring_elements |
0.92242 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.07984 |
| scoring_system |
epss |
| scoring_elements |
0.9224 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.07984 |
| scoring_system |
epss |
| scoring_elements |
0.92238 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6051 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-6051
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cwdf-wcu5-n3gm |
|
| 2 |
| url |
VCID-e1ts-esgr-xfgj |
| vulnerability_id |
VCID-e1ts-esgr-xfgj |
| summary |
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6052 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0454 |
| scoring_system |
epss |
| scoring_elements |
0.89364 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0454 |
| scoring_system |
epss |
| scoring_elements |
0.89383 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0454 |
| scoring_system |
epss |
| scoring_elements |
0.89382 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0454 |
| scoring_system |
epss |
| scoring_elements |
0.89381 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6052 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-6052
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e1ts-esgr-xfgj |
|
| 3 |
| url |
VCID-n7ve-shr4-fuef |
| vulnerability_id |
VCID-n7ve-shr4-fuef |
| summary |
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6053 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.36865 |
| scoring_system |
epss |
| scoring_elements |
0.97236 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.36865 |
| scoring_system |
epss |
| scoring_elements |
0.97239 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.36865 |
| scoring_system |
epss |
| scoring_elements |
0.97241 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.36865 |
| scoring_system |
epss |
| scoring_elements |
0.97243 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6053 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-6053
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n7ve-shr4-fuef |
|
| 4 |
| url |
VCID-wzd7-av4a-g7bj |
| vulnerability_id |
VCID-wzd7-av4a-g7bj |
| summary |
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6054 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.37747 |
| scoring_system |
epss |
| scoring_elements |
0.97287 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.37747 |
| scoring_system |
epss |
| scoring_elements |
0.97292 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.37747 |
| scoring_system |
epss |
| scoring_elements |
0.97293 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.37747 |
| scoring_system |
epss |
| scoring_elements |
0.97294 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6054 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-6054
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wzd7-av4a-g7bj |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | 0.1 |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libvncserver@0.9.7-7.el6_6%3Farch=1 |
|---|