Vulnerabilites related to tightvnc - tightvnc
cve-2002-1511
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
EPSS score ?
Summary
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161 | vendor-advisory, x_refsource_SUNALERT | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 | vendor-advisory, x_refsource_CONECTIVA | |
| http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2003-041.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/11384.php | vdb-entry, x_refsource_XF | |
| http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 | vendor-advisory, x_refsource_MANDRAKE | |
| http://security.gentoo.org/glsa/glsa-200302-15.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.redhat.com/support/errata/RHSA-2003-068.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/6905 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56161",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161"
},
{
"name": "CLSA-2003:640",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog"
},
{
"name": "RHSA-2003:041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-041.html"
},
{
"name": "vnc-rand-weak-cookie(11384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11384.php"
},
{
"name": "MDKSA-2003:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022"
},
{
"name": "200302-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200302-15.xml"
},
{
"name": "RHSA-2003:068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-068.html"
},
{
"name": "6905",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "56161",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161"
},
{
"name": "CLSA-2003:640",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog"
},
{
"name": "RHSA-2003:041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-041.html"
},
{
"name": "vnc-rand-weak-cookie(11384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11384.php"
},
{
"name": "MDKSA-2003:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022"
},
{
"name": "200302-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200302-15.xml"
},
{
"name": "RHSA-2003:068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-068.html"
},
{
"name": "6905",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56161",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161"
},
{
"name": "CLSA-2003:640",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640"
},
{
"name": "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog",
"refsource": "CONFIRM",
"url": "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog"
},
{
"name": "RHSA-2003:041",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-041.html"
},
{
"name": "vnc-rand-weak-cookie(11384)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11384.php"
},
{
"name": "MDKSA-2003:022",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022"
},
{
"name": "200302-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200302-15.xml"
},
{
"name": "RHSA-2003:068",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-068.html"
},
{
"name": "6905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1511",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-19T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15680
Vulnerability from cvelistv5
Published
2019-10-29 16:45
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2018/12/10/5 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4407-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "USN-4407-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4407-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TightVNC",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "1.3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-09T16:19:04",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "USN-4407-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4407-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TightVNC",
"version": {
"version_data": [
{
"version_value": "1.3.10"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "USN-4407-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4407-1/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15680",
"datePublished": "2019-10-29T16:45:52",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15679
Vulnerability from cvelistv5
Published
2019-10-29 16:45
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2018/12/10/5 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TightVNC",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "1.3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-09T16:18:32",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TightVNC",
"version": {
"version_data": [
{
"version_value": "1.3.10"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15679",
"datePublished": "2019-10-29T16:45:04",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15678
Vulnerability from cvelistv5
Published
2019-10-29 16:44
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2018/12/10/5 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TightVNC",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "1.3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-09T16:17:28",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TightVNC",
"version": {
"version_data": [
{
"version_value": "1.3.10"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15678",
"datePublished": "2019-10-29T16:44:08",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27830
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2025-02-08 02:40
Severity ?
EPSS score ?
Summary
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:29.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tightvnc.com/whatsnew.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tightvnc.com/news.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27830",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-08T02:39:07.149897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-08T02:40:24.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.tightvnc.com/whatsnew.php"
},
{
"url": "https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce"
},
{
"url": "https://www.tightvnc.com/news.php"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-27830",
"datePublished": "2023-04-12T00:00:00.000Z",
"dateReserved": "2023-03-05T00:00:00.000Z",
"dateUpdated": "2025-02-08T02:40:24.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0971
Vulnerability from cvelistv5
Published
2002-08-23 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5530 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9979.php | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=102994289123085&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5530"
},
{
"name": "vnc-win32-messaging-privileges(9979)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9979.php"
},
{
"name": "20020821 Win32 API \u0027shatter\u0027 vulnerability found in VNC-based products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102994289123085\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the \"Add new clients\" dialogue box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5530"
},
{
"name": "vnc-win32-messaging-privileges(9979)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9979.php"
},
{
"name": "20020821 Win32 API \u0027shatter\u0027 vulnerability found in VNC-based products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102994289123085\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the \"Add new clients\" dialogue box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5530"
},
{
"name": "vnc-win32-messaging-privileges(9979)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9979.php"
},
{
"name": "20020821 Win32 API \u0027shatter\u0027 vulnerability found in VNC-based products",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102994289123085\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0971",
"datePublished": "2002-08-23T04:00:00",
"dateReserved": "2002-08-21T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1848
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tightvnc.com/changelog-win32.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4835 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tightvnc.com/changelog-win32.html"
},
{
"name": "4835",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4835"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tightvnc.com/changelog-win32.html"
},
{
"name": "4835",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4835"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tightvnc.com/changelog-win32.html",
"refsource": "CONFIRM",
"url": "http://www.tightvnc.com/changelog-win32.html"
},
{
"name": "4835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4835"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1848",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-16T20:27:48.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0388
Vulnerability from cvelistv5
Published
2009-02-04 19:00
Modified
2024-08-07 04:31
Severity ?
EPSS score ?
Summary
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forum.ultravnc.info/viewtopic.php?t=14654 | x_refsource_CONFIRM | |
| http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/0321 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/33568 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/500632/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.exploit-db.com/exploits/8024 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.coresecurity.com/content/vnc-integer-overflows | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2009/0322 | vdb-entry, x_refsource_VUPEN | |
| https://www.exploit-db.com/exploits/7990 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/33807 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.ultravnc.info/viewtopic.php?t=14654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev\u0026revision=3564"
},
{
"name": "ADV-2009-0321",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0321"
},
{
"name": "33568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33568"
},
{
"name": "20090203 CORE-2008-1009 - VNC Multiple Integer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500632/100/0/threaded"
},
{
"name": "8024",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8024"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/vnc-integer-overflows"
},
{
"name": "ADV-2009-0322",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0322"
},
{
"name": "7990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7990"
},
{
"name": "33807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.ultravnc.info/viewtopic.php?t=14654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev\u0026revision=3564"
},
{
"name": "ADV-2009-0321",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0321"
},
{
"name": "33568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33568"
},
{
"name": "20090203 CORE-2008-1009 - VNC Multiple Integer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500632/100/0/threaded"
},
{
"name": "8024",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8024"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/vnc-integer-overflows"
},
{
"name": "ADV-2009-0322",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0322"
},
{
"name": "7990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7990"
},
{
"name": "33807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.ultravnc.info/viewtopic.php?t=14654",
"refsource": "CONFIRM",
"url": "http://forum.ultravnc.info/viewtopic.php?t=14654"
},
{
"name": "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev\u0026revision=3564",
"refsource": "CONFIRM",
"url": "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev\u0026revision=3564"
},
{
"name": "ADV-2009-0321",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0321"
},
{
"name": "33568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33568"
},
{
"name": "20090203 CORE-2008-1009 - VNC Multiple Integer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500632/100/0/threaded"
},
{
"name": "8024",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8024"
},
{
"name": "http://www.coresecurity.com/content/vnc-integer-overflows",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/vnc-integer-overflows"
},
{
"name": "ADV-2009-0322",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0322"
},
{
"name": "7990",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7990"
},
{
"name": "33807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0388",
"datePublished": "2009-02-04T19:00:00",
"dateReserved": "2009-02-02T00:00:00",
"dateUpdated": "2024-08-07T04:31:25.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1336
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5992 | vdb-entry, x_refsource_XF | |
| http://www.redhat.com/support/errata/RHSA-2002-287.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=102753170201524&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2003-041.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 | vendor-advisory, x_refsource_MANDRAKE | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.tightvnc.com/WhatsNew.txt | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=102769183913594&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5296 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vnc-weak-authentication(5992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992"
},
{
"name": "RHSA-2002:287",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-287.html"
},
{
"name": "20020724 VNC authentication weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102753170201524\u0026w=2"
},
{
"name": "RHSA-2003:041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-041.html"
},
{
"name": "MDKSA-2003:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022"
},
{
"name": "CLA-2003:640",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tightvnc.com/WhatsNew.txt"
},
{
"name": "20020726 RE: VNC authentication weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102769183913594\u0026w=2"
},
{
"name": "5296",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5296"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vnc-weak-authentication(5992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992"
},
{
"name": "RHSA-2002:287",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-287.html"
},
{
"name": "20020724 VNC authentication weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102753170201524\u0026w=2"
},
{
"name": "RHSA-2003:041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-041.html"
},
{
"name": "MDKSA-2003:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022"
},
{
"name": "CLA-2003:640",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tightvnc.com/WhatsNew.txt"
},
{
"name": "20020726 RE: VNC authentication weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102769183913594\u0026w=2"
},
{
"name": "5296",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5296"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vnc-weak-authentication(5992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992"
},
{
"name": "RHSA-2002:287",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-287.html"
},
{
"name": "20020724 VNC authentication weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102753170201524\u0026w=2"
},
{
"name": "RHSA-2003:041",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-041.html"
},
{
"name": "MDKSA-2003:022",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022"
},
{
"name": "CLA-2003:640",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640"
},
{
"name": "http://www.tightvnc.com/WhatsNew.txt",
"refsource": "CONFIRM",
"url": "http://www.tightvnc.com/WhatsNew.txt"
},
{
"name": "20020726 RE: VNC authentication weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102769183913594\u0026w=2"
},
{
"name": "5296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5296"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1336",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-12-02T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42785
Vulnerability from cvelistv5
Published
2021-11-23 21:37
Modified
2024-08-04 03:38
Severity ?
EPSS score ?
Summary
Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tightvnc.com/whatsnew.php | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GlavSoft LLC | TightVNC Viewer |
Version: 2.8.59 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tightvnc.com/whatsnew.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TightVNC Viewer",
"vendor": "GlavSoft LLC",
"versions": [
{
"lessThanOrEqual": "2.8.59",
"status": "affected",
"version": "2.8.59",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Eugene Lim from Government Technology Agency of Singapore"
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-23T21:37:07",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tightvnc.com/whatsnew.php"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow in tvnviewer.exe via Crafted Packet in TightVNC Viewer 2.8.59",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"ID": "CVE-2021-42785",
"STATE": "PUBLIC",
"TITLE": "Buffer Overflow in tvnviewer.exe via Crafted Packet in TightVNC Viewer 2.8.59"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TightVNC Viewer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.8.59",
"version_value": "2.8.59"
}
]
}
}
]
},
"vendor_name": "GlavSoft LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eugene Lim from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tightvnc.com/whatsnew.php",
"refsource": "MISC",
"url": "https://www.tightvnc.com/whatsnew.php"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2021-42785",
"datePublished": "2021-11-23T21:37:07",
"dateReserved": "2021-10-21T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-8287
Vulnerability from cvelistv5
Published
2019-10-29 16:43
Modified
2024-08-04 21:17
Severity ?
EPSS score ?
Summary
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2018/12/10/5 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TightVNC",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "1.3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-09T16:19:33",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-8287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TightVNC",
"version": {
"version_data": [
{
"version_value": "1.3.10"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8287",
"datePublished": "2019-10-29T16:43:30",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:49
Severity ?
Summary
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37E2BF43-0B3B-4BDD-B145-62E7333F4A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
},
{
"lang": "es",
"value": "El c\u00f3digo de TightVNC versi\u00f3n 1.3.10, contiene un desbordamiento del b\u00fafer global en la funci\u00f3n macro HandleCoRREBBP, que puede resultar potencialmente en una ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable mediante la conectividad de red."
}
],
"id": "CVE-2019-8287",
"lastModified": "2024-11-21T04:49:39.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:22.640",
"references": [
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-09-24 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:att:winvnc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA6820A-D28A-49C6-A6D6-D54F95274FE3",
"versionEndIncluding": "3.3.3_r9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:att:winvnc_server:3.3.3_r7:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEAAE30-8DA0-4C04-B745-FECCEA0685ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F4EE57-DA68-4438-A401-BAC82B7242D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E11A57-016E-4720-A266-A53743629CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD5B03E-D897-4A06-A3EF-62B13B46B7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridia:tridiavnc:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E2C09A-A649-4E4C-BC75-45F456546B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridia:tridiavnc:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39675379-9A88-40AE-85A1-F0E4ADEA1A17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridia:tridiavnc:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40879BF2-41EB-4170-A7EC-223CB22A83ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridia:tridiavnc:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13622F73-D0BF-41DD-976F-4926FA5744CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the \"Add new clients\" dialogue box."
},
{
"lang": "es",
"value": "Vulnerabilidad en VNC, TightVNC, y TridiaVNC permite a usuarios locales ejecutar c\u00f3digo arbitrario como LocalSystem usando el sistema de mensajes de Win32 para evitar el GUI (Interfaz Gr\u00e1fico de \u00dasuario) y acceder al cuadro de di\u00e1logo \"A\u00f1adir nuevos clientes\""
}
],
"id": "CVE-2002-0971",
"lastModified": "2024-11-20T23:40:17.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-09-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102994289123085\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9979.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102994289123085\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9979.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5530"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:29
Severity ?
Summary
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37E2BF43-0B3B-4BDD-B145-62E7333F4A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
},
{
"lang": "es",
"value": "El c\u00f3digo de TightVNC versi\u00f3n 1.3.10, contiene un desbordamiento del b\u00fafer de la pila en la funci\u00f3n InitialiseRFBConnection, lo que puede resultar potencialmente en una ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable por medio de la conectividad de red."
}
],
"id": "CVE-2019-15679",
"lastModified": "2024-11-21T04:29:14.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:17.953",
"references": [
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:29
Severity ?
Summary
TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37E2BF43-0B3B-4BDD-B145-62E7333F4A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity."
},
{
"lang": "es",
"value": "El c\u00f3digo de TightVNC versi\u00f3n 1.3.10, contiene un desbordamiento del b\u00fafer de la pila en el manejador rfbServerCutText, lo que puede resultar potencialmente en una ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable por medio de la conectividad de red."
}
],
"id": "CVE-2019-15678",
"lastModified": "2024-11-21T04:29:14.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:17.860",
"references": [
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0DE39B-0852-4BDC-9592-56004DC9A2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E11A57-016E-4720-A266-A53743629CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F84CBC3F-6A63-4ED0-803E-5D008845A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF990CCF-70BE-46F6-9360-ECC39B6D6F3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords."
}
],
"id": "CVE-2002-1848",
"lastModified": "2024-11-20T23:42:16.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4835"
},
{
"source": "cve@mitre.org",
"url": "http://www.tightvnc.com/changelog-win32.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.tightvnc.com/changelog-win32.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-12 15:15
Modified
2025-02-08 03:15
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.tightvnc.com/news.php | Product, Release Notes | |
| cve@mitre.org | https://www.tightvnc.com/whatsnew.php | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tightvnc.com/news.php | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tightvnc.com/whatsnew.php | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "521FB7FE-6DDF-44F9-BDFD-0785D8E0093F",
"versionEndExcluding": "2.8.75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account."
}
],
"id": "CVE-2023-27830",
"lastModified": "2025-02-08T03:15:10.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-12T15:15:12.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://www.tightvnc.com/news.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://www.tightvnc.com/whatsnew.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://www.tightvnc.com/news.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://www.tightvnc.com/whatsnew.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F4EE57-DA68-4438-A401-BAC82B7242D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E11A57-016E-4720-A266-A53743629CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF990CCF-70BE-46F6-9360-ECC39B6D6F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0274E35A-ACAB-43F5-A4F3-383CA9EEA1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD5B03E-D897-4A06-A3EF-62B13B46B7EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users."
},
{
"lang": "es",
"value": "TightVNC anterior a 1.2.6 genera la misma cadena de desaf\u00edo a m\u00faltiples conexiones, lo que permite a atacantes remotos evitar la autenticaci\u00f3n VNC espiando el desafio y la respuesta de otros usuarios."
}
],
"id": "CVE-2002-1336",
"lastModified": "2024-11-20T23:41:03.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102753170201524\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102769183913594\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-287.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-041.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5296"
},
{
"source": "cve@mitre.org",
"url": "http://www.tightvnc.com/WhatsNew.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102753170201524\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102769183913594\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-287.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.tightvnc.com/WhatsNew.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-04 19:30
Modified
2024-11-21 00:59
Severity ?
Summary
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6E472222-224B-41BD-A788-F6D6AF96430B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ultravnc:ultravnc:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C556A1A6-30ED-4988-B66B-CF823B297CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ultravnc:ultravnc:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "835FD162-1BE0-43C6-93A5-1E450505D2A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp."
},
{
"lang": "es",
"value": "Errores m\u00faltiples de signo de entero en (1) UltraVNC v1.0.2 y v1.0.5 y (2) TightVnc v1.3.9 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de la cabecera y ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar codigo de su elecci\u00f3n mediante un valor de gran longitud en un mensaje, en relaci\u00f3n con las funciones (a) ClientConnection::CheckBufferSize y (b) ClientConnection::CheckFileZipBufferSize en ClientConnection.cpp."
}
],
"id": "CVE-2009-0388",
"lastModified": "2024-11-21T00:59:47.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-04T19:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.ultravnc.info/viewtopic.php?t=14654"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33807"
},
{
"source": "cve@mitre.org",
"url": "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev\u0026revision=3564"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/vnc-integer-overflows"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500632/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33568"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0321"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0322"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7990"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.ultravnc.info/viewtopic.php?t=14654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev\u0026revision=3564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/vnc-integer-overflows"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500632/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:att:vnc:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B625061A-5EE0-4D91-AD09-4B36BAD0C01B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:att:vnc:3.3.3r2:*:*:*:*:*:*:*",
"matchCriteriaId": "4338D951-2867-4C82-A292-AC42CD1CCE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:att:vnc:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6730C1-8048-4CC5-9E78-4B8F1EF96197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:att:vnc:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C77E92FE-24D1-46C9-BBDE-4CD93162D5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:att:vnc:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1ADE3F-DCD1-429E-AE4F-F768C43B74C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F4EE57-DA68-4438-A401-BAC82B7242D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E11A57-016E-4720-A266-A53743629CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F84CBC3F-6A63-4ED0-803E-5D008845A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF990CCF-70BE-46F6-9360-ECC39B6D6F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0274E35A-ACAB-43F5-A4F3-383CA9EEA1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD5B03E-D897-4A06-A3EF-62B13B46B7EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies."
}
],
"id": "CVE-2002-1511",
"lastModified": "2024-11-20T23:41:28.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200302-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11384.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-041.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-068.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200302-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11384.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6905"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:29
Severity ?
Summary
TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37E2BF43-0B3B-4BDD-B145-62E7333F4A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity."
},
{
"lang": "es",
"value": "El c\u00f3digo de TightVNC versi\u00f3n 1.3.10, contiene una desreferencia del puntero null en la funci\u00f3n HandleZlibBPP, lo que resulta en una Denegaci\u00f3n del Sistema (DoS). Este ataque parece ser explotable por medio de la conectividad de red."
}
],
"id": "CVE-2019-15680",
"lastModified": "2024-11-21T04:29:14.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:18.033",
"references": [
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://usn.ubuntu.com/4407-1/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4407-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-23 22:15
Modified
2024-11-21 06:28
Severity ?
Summary
Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve_disclosure@tech.gov.sg | https://www.tightvnc.com/whatsnew.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tightvnc.com/whatsnew.php | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tightvnc:tightvnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9227D38-8A36-4104-8703-77E0B93E1E43",
"versionEndIncluding": "2.8.59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento del b\u00fafer en el archivo tvnviewer.exe de TightVNC Viewer permite a un atacante remoto ejecutar instrucciones arbitrarias por medio de un paquete FramebufferUpdate dise\u00f1ado desde un servidor VNC"
}
],
"id": "CVE-2021-42785",
"lastModified": "2024-11-21T06:28:10.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-23T22:15:08.133",
"references": [
{
"source": "cve_disclosure@tech.gov.sg",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.tightvnc.com/whatsnew.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.tightvnc.com/whatsnew.php"
}
],
"sourceIdentifier": "cve_disclosure@tech.gov.sg",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "cve_disclosure@tech.gov.sg",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}