Search for packages
| purl | pkg:deb/ubuntu/libvncserver@0.9.11%2Bdfsg-1.3 |
| Next non-vulnerable version | 0.9.12+dfsg-9ubuntu0.3 |
| Latest non-vulnerable version | 0.9.12+dfsg-9ubuntu0.3 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2yuk-ws73-aaad
Aliases: CVE-2020-14396 |
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. |
Affected by 1 other vulnerability. |
|
VCID-4rxj-kz9j-aaac
Aliases: CVE-2019-20788 |
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. |
Affected by 12 other vulnerabilities. |
|
VCID-56ur-wkbb-aaam
Aliases: CVE-2019-15690 |
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution. |
Affected by 12 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-58u6-hetu-aaac
Aliases: CVE-2019-20839 |
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. |
Affected by 1 other vulnerability. |
|
VCID-dppj-meh7-aaaq
Aliases: CVE-2019-15680 |
TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. |
Affected by 12 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-dxca-z5tc-aaan
Aliases: CVE-2020-14398 |
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. |
Affected by 1 other vulnerability. |
|
VCID-frbk-ddpp-aaag
Aliases: CVE-2020-14400 |
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary |
Affected by 1 other vulnerability. |
|
VCID-k3m4-tbee-aaar
Aliases: CVE-2020-25708 |
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. |
Affected by 0 other vulnerabilities. |
|
VCID-pnk6-ygur-aaac
Aliases: CVE-2020-14403 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. |
Affected by 1 other vulnerability. |
|
VCID-rr1x-acxw-aaaj
Aliases: CVE-2020-14401 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. |
Affected by 1 other vulnerability. |
|
VCID-sfbs-7g9d-aaae
Aliases: CVE-2020-14405 |
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. |
Affected by 1 other vulnerability. |
|
VCID-tnv1-3t49-aaam
Aliases: CVE-2019-15681 |
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. |
Affected by 12 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-ug7x-edut-aaab
Aliases: CVE-2020-14404 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. |
Affected by 1 other vulnerability. |
|
VCID-vw2e-eqq7-aaap
Aliases: CVE-2020-14397 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. |
Affected by 1 other vulnerability. |
|
VCID-xfj3-nxu6-aaag
Aliases: CVE-2020-14399 |
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed. |
Affected by 1 other vulnerability. |
|
VCID-y75q-tuag-aaam
Aliases: CVE-2017-18922 |
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. |
Affected by 12 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-zd9h-ppfr-aaae
Aliases: CVE-2020-14402 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3pm1-7tfn-aaac | LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. |
CVE-2018-20748
|
| VCID-htpg-pvj7-aaac | LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. |
CVE-2018-20750
|
| VCID-rxdc-1h7a-aaak | LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. |
CVE-2018-20749
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|