Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-0904 (GCVE-0-2011-0904)
Vulnerability from cvelistv5 – Published: 2011-05-10 18:00 – Updated: 2024-08-06 22:05
VLAI
EPSS
Summary
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
23 references
Date Public
2011-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vino-input-dos(67243)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"name": "USN-1128-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "MDVSA-2011:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"name": "44410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"name": "ADV-2011-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"name": "47681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47681"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"name": "DSA-2238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"name": "44463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44463"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vino-input-dos(67243)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"name": "USN-1128-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "MDVSA-2011:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"name": "44410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"name": "ADV-2011-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"name": "47681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47681"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"name": "DSA-2238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"name": "44463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44463"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vino-input-dos(67243)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"name": "USN-1128-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "MDVSA-2011:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"name": "RHSA-2013:0169",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"name": "44410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44410"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"name": "ADV-2011-1144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"name": "47681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47681"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"name": "DSA-2238",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=641802",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694455",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"name": "44463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44463"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"name": "http://git.gnome.org/browse/vino/tree/NEWS",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0904",
"datePublished": "2011-05-10T18:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:54.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2011-0904",
"date": "2026-06-01",
"epss": "0.00685",
"percentile": "0.72006"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41927755-3E1C-4177-8977-F52B38F3E053\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C4B1AEB-B4BA-4215-9F2C-1700CD3111E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF482208-D0E6-457E-953F-6E2361350565\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"552A7EEF-1909-4A23-98EF-81DF362C2248\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.4.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C62B9DA-E24F-4558-8B72-0C95A45A37BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.4.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"543D8E9D-70D7-436B-9BDC-8A826A2299C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"650B8890-EB29-4724-844F-4A32E050D08F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"730B2130-FB0E-48BA-B34A-C903ED08D76E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5337B18C-36F9-407F-B877-89D3D9F9B1BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E865590A-9C6D-44BE-A06F-C2EB89843654\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A04843B1-63EE-4A23-97C1-AB1E107EB7F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9764CB5E-B515-4996-AFDE-C0498F7E9008\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31133388-2D96-4524-99AD-AA68BA77241B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38EC1414-090D-4C68-87A7-27B008368EBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.13.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34F405B9-E543-40DB-8421-D529615FE3EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF93A176-DE41-4E97-9811-23C6D2E3FA4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00576CED-5848-4BD6-B243-47BC53DDAF97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F8F2CFF-1100-4F39-8081-04CDEAFA0A4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3B76C84-3BB3-4698-A65F-66DDF1EA7D80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.17.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF372DB5-2DC8-4D51-8238-91259B8F6DAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.17.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AD934ED-727D-4F76-BEFB-8BC6289E6C31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.17.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE80D282-639F-4B3B-917F-78C9E2DE9ACA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.17.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"477A4038-A94F-4D67-94A5-9AF755164B83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9ABA30A-CCEB-452C-8CDF-71BF8BA54328\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"618D194C-D298-4C09-9F60-35719011B7CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D61AFC5-B296-45C8-8032-DAAA77FF8B4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.19.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7914FF1F-E098-4359-A90E-6317648139C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.19.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7549E435-4C0B-461D-811F-7291540E28D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.19.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77F69530-C2BF-4EC5-A0B1-305C1EF734EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"518CBBF2-0F03-4700-A571-3F1FC7A36E8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D9200DB-5A3A-458D-A57E-176A6243ADDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B163B52F-7A94-4F7C-873D-61F031043701\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"823D1043-98CF-4406-AEA0-988A3139E753\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FEE04E0-8E35-4A20-972F-28AAEA033C70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ADDF708-0EC8-473A-9FA3-F94EE8939D08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6F65CD5-2ED0-4BFE-B267-04908843B752\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F2DD4B9-322D-4D05-A3E6-56BBA8C732F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5FFA5A6-5378-45CB-9360-FFEAC67DCCA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E18BEF6E-3749-4E7E-8A34-F6577204BC28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.22.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E077DC55-D51B-4408-9746-FA88DCA39938\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.22.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C0DAA31-709E-40D0-805C-01FE87CDCD26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1772115-C603-4A11-8489-321120B8A1B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.23.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"859A4E2E-BD8E-4787-8E10-DA420F4193BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.23.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"986576AE-C3B3-4161-BEDF-4CC9584EACC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.23.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9FCD3F9-AB94-4DD5-B6D0-CB8C66091134\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.23.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F07686-3E95-43DA-AD01-90E33D71AB66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC2CDDB3-ADFD-4B83-94ED-CB2A632956F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.24.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9107C16B-47A2-4906-BC07-F1FC869AFA3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2973DE8A-A346-44B5-B56D-EC33115FC548\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B854925C-5F29-491D-AC8B-87EC53EA2ABE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87C4C344-2028-453A-B66A-D7AE46C01C94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7310615E-BDC8-48D5-A8E4-53808E67AA76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A60F4AC-7C1D-4FD3-A4AF-872082093609\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5AA78F1-5331-4782-B158-CE1CEA929429\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E41EDE1-BCA4-4E2F-B655-DFF040DDABCA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42F6A115-01FB-4F44-880A-60DFEBFD7504\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.26.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9C9856E-B1E6-4E36-9758-8CFA9ADD9303\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.26.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C762D77-E35F-4F0F-BAB3-D325D769DBA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DBA2BE3-439E-4F5F-9AFE-F02BE8882F9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.27.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8037FB93-8B30-4AFA-A391-2110D40CFF62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.27.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCC199D2-B527-484A-9215-6490952E1865\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.27.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"929A2439-2644-4F92-9873-A2D1041C6C4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.27.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"972490D5-7AF3-4EB2-B6C1-8A9C66F6889E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71E9E6F4-FF60-4DDB-9F65-10D0B973E633\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.28.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AE96879-862B-4D72-9194-9278B88D3B9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.28.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"936EAF0C-141D-4DC1-92AD-EA4D34EEC2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.32.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65FE82D9-9B70-4D30-B64A-DAE742734719\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.32.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DBD543C-19C0-4AF2-9E87-28758BD865D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CBD087C-2AEC-4343-BD74-0F35C7BAD35A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EE1E16E-9022-4B32-A726-9184BE99A323\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B47D886F-F6D1-46F4-8E91-8EBA00D43505\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n rfbSendFramebufferUpdate en server/libvncserver/rfbserver.c en vino-server en Vino v2.x antes de v2.28.3, v2.32.x antes de v2.32.2, v3.0.x antes de v3.0.2, y v3.1.x antes de v3.1.1, cuando se utiliza la codificaci\\u00f3n \\\"raw\\\", permite a usuarios autenticados remotamente causar una denegaci\\u00f3n de servicio (ca\\u00edda del demonio) a trav\\u00e9s de un gran tama\\u00f1o en el valor de (1) la posici\\u00f3n X o (2) la posici\\u00f3n Y en una solicitud de actualizaci\\u00f3n de uso de este dispositivo que provoca un acceso a memoria fuera de l\\u00edmites, relacionado con las funciones rfbTranslateNone y rfbSendRectEncodingRaw.\"}]",
"id": "CVE-2011-0904",
"lastModified": "2024-11-21T01:25:07.937",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:N/A:P\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2011-05-10T18:55:01.263",
"references": "[{\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/log/?h=gnome-2-30\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/tree/NEWS\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0169.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/44410\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44463\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2011/dsa-2238\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:087\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/47681\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-1128-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/1144\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.gnome.org/show_bug.cgi?id=641802\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=694455\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67243\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/log/?h=gnome-2-30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/tree/NEWS\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0169.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/44410\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44463\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2011/dsa-2238\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:087\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/47681\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-1128-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/1144\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.gnome.org/show_bug.cgi?id=641802\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=694455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67243\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2011-0904\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-05-10T18:55:01.263\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n rfbSendFramebufferUpdate en server/libvncserver/rfbserver.c en vino-server en Vino v2.x antes de v2.28.3, v2.32.x antes de v2.32.2, v3.0.x antes de v3.0.2, y v3.1.x antes de v3.1.1, cuando se utiliza la codificaci\u00f3n \\\"raw\\\", permite a usuarios autenticados remotamente causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un gran tama\u00f1o en el valor de (1) la posici\u00f3n X o (2) la posici\u00f3n Y en una solicitud de actualizaci\u00f3n de uso de este dispositivo que provoca un acceso a memoria fuera de l\u00edmites, relacionado con las funciones rfbTranslateNone y rfbSendRectEncodingRaw.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:N/A:P\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41927755-3E1C-4177-8977-F52B38F3E053\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C4B1AEB-B4BA-4215-9F2C-1700CD3111E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF482208-D0E6-457E-953F-6E2361350565\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"552A7EEF-1909-4A23-98EF-81DF362C2248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.4.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C62B9DA-E24F-4558-8B72-0C95A45A37BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.4.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"543D8E9D-70D7-436B-9BDC-8A826A2299C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"650B8890-EB29-4724-844F-4A32E050D08F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"730B2130-FB0E-48BA-B34A-C903ED08D76E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5337B18C-36F9-407F-B877-89D3D9F9B1BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E865590A-9C6D-44BE-A06F-C2EB89843654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A04843B1-63EE-4A23-97C1-AB1E107EB7F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9764CB5E-B515-4996-AFDE-C0498F7E9008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31133388-2D96-4524-99AD-AA68BA77241B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38EC1414-090D-4C68-87A7-27B008368EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.13.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34F405B9-E543-40DB-8421-D529615FE3EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF93A176-DE41-4E97-9811-23C6D2E3FA4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00576CED-5848-4BD6-B243-47BC53DDAF97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F8F2CFF-1100-4F39-8081-04CDEAFA0A4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3B76C84-3BB3-4698-A65F-66DDF1EA7D80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF372DB5-2DC8-4D51-8238-91259B8F6DAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.17.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AD934ED-727D-4F76-BEFB-8BC6289E6C31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.17.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE80D282-639F-4B3B-917F-78C9E2DE9ACA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.17.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477A4038-A94F-4D67-94A5-9AF755164B83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9ABA30A-CCEB-452C-8CDF-71BF8BA54328\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"618D194C-D298-4C09-9F60-35719011B7CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D61AFC5-B296-45C8-8032-DAAA77FF8B4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.19.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7914FF1F-E098-4359-A90E-6317648139C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.19.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7549E435-4C0B-461D-811F-7291540E28D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.19.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77F69530-C2BF-4EC5-A0B1-305C1EF734EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"518CBBF2-0F03-4700-A571-3F1FC7A36E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D9200DB-5A3A-458D-A57E-176A6243ADDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B163B52F-7A94-4F7C-873D-61F031043701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"823D1043-98CF-4406-AEA0-988A3139E753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FEE04E0-8E35-4A20-972F-28AAEA033C70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADDF708-0EC8-473A-9FA3-F94EE8939D08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6F65CD5-2ED0-4BFE-B267-04908843B752\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F2DD4B9-322D-4D05-A3E6-56BBA8C732F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5FFA5A6-5378-45CB-9360-FFEAC67DCCA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E18BEF6E-3749-4E7E-8A34-F6577204BC28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.22.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E077DC55-D51B-4408-9746-FA88DCA39938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.22.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C0DAA31-709E-40D0-805C-01FE87CDCD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1772115-C603-4A11-8489-321120B8A1B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.23.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"859A4E2E-BD8E-4787-8E10-DA420F4193BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.23.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"986576AE-C3B3-4161-BEDF-4CC9584EACC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.23.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9FCD3F9-AB94-4DD5-B6D0-CB8C66091134\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.23.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F07686-3E95-43DA-AD01-90E33D71AB66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC2CDDB3-ADFD-4B83-94ED-CB2A632956F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.24.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9107C16B-47A2-4906-BC07-F1FC869AFA3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2973DE8A-A346-44B5-B56D-EC33115FC548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B854925C-5F29-491D-AC8B-87EC53EA2ABE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C4C344-2028-453A-B66A-D7AE46C01C94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7310615E-BDC8-48D5-A8E4-53808E67AA76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A60F4AC-7C1D-4FD3-A4AF-872082093609\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5AA78F1-5331-4782-B158-CE1CEA929429\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E41EDE1-BCA4-4E2F-B655-DFF040DDABCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42F6A115-01FB-4F44-880A-60DFEBFD7504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.26.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9C9856E-B1E6-4E36-9758-8CFA9ADD9303\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.26.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C762D77-E35F-4F0F-BAB3-D325D769DBA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DBA2BE3-439E-4F5F-9AFE-F02BE8882F9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.27.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8037FB93-8B30-4AFA-A391-2110D40CFF62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.27.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC199D2-B527-484A-9215-6490952E1865\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.27.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"929A2439-2644-4F92-9873-A2D1041C6C4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.27.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"972490D5-7AF3-4EB2-B6C1-8A9C66F6889E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71E9E6F4-FF60-4DDB-9F65-10D0B973E633\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.28.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AE96879-862B-4D72-9194-9278B88D3B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.28.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"936EAF0C-141D-4DC1-92AD-EA4D34EEC2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.32.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65FE82D9-9B70-4D30-B64A-DAE742734719\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.32.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DBD543C-19C0-4AF2-9E87-28758BD865D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CBD087C-2AEC-4343-BD74-0F35C7BAD35A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EE1E16E-9022-4B32-A726-9184BE99A323\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B47D886F-F6D1-46F4-8E91-8EBA00D43505\"}]}]}],\"references\":[{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/log/?h=gnome-2-30\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/tree/NEWS\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0169.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/44410\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44463\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2238\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:087\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/47681\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-1128-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1144\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.gnome.org/show_bug.cgi?id=641802\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=694455\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67243\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/log/?h=gnome-2-30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/tree/NEWS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0169.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/44410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44463\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/47681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-1128-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.gnome.org/show_bug.cgi?id=641802\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=694455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67243\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTA-2011-AVI-273
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité permettant à une personne malintentionnée de déclencher un déni de service a été découverte dans Vino.
Description
Une vulnérabilité a été découverte dans Vino. Elle permet à un utilisateur malintentionné d'effectuer un déni de service via l'envoi de paquets spécialement conçus.
Solution
La version 2.32.1-0ubuntu2.1 du paquet Vino corrige ce problème pour
Ubuntu 11.04.
La version 2.32.0-0ubuntu1.2 du paquet Vino corrige ce problème pour
Ubuntu 10.10.
La version 2.28.2-0ubuntu2.1 du paquet Vino corrige ce problème pour
Ubuntu 10.04 LTS.
La version 2.22.2-0ubuntu1.1 du paquet Vino corrige ce problème pour
Ubuntu 8.04 LTS.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des
correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 10.04 LTS ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 10.10 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 11.4 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 8.04 LTS.",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Vino. Elle permet \u00e0 un\nutilisateur malintentionn\u00e9 d\u0027effectuer un d\u00e9ni de service via l\u0027envoi de\npaquets sp\u00e9cialement con\u00e7us.\n\n## Solution\n\nLa version 2.32.1-0ubuntu2.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 11.04. \nLa version 2.32.0-0ubuntu1.2 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 10.10. \nLa version 2.28.2-0ubuntu2.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 10.04 LTS. \nLa version 2.22.2-0ubuntu1.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 8.04 LTS. \nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0905"
},
{
"name": "CVE-2011-0904",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0904"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1128-1 du 04 mai 2011 :",
"url": "http://www.ubuntulinux.org/usn/usn-1128-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-6773 du 17 mai 2011 (vino-2.32.3-1.fc14) :",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060225.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-6778 du 17 mai 2011 (vino-2.28.3-1.fc13) :",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060233.html"
}
],
"reference": "CERTA-2011-AVI-273",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-05-04T00:00:00.000000"
},
{
"description": "ajout des correctifs Fedora.",
"revision_date": "2011-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 permettant \u00e0 une personne malintentionn\u00e9e de\nd\u00e9clencher un d\u00e9ni de service a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eVino\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Vino",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1128-1 du 2 mai 2011",
"url": null
}
]
}
CERTA-2011-AVI-273
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité permettant à une personne malintentionnée de déclencher un déni de service a été découverte dans Vino.
Description
Une vulnérabilité a été découverte dans Vino. Elle permet à un utilisateur malintentionné d'effectuer un déni de service via l'envoi de paquets spécialement conçus.
Solution
La version 2.32.1-0ubuntu2.1 du paquet Vino corrige ce problème pour
Ubuntu 11.04.
La version 2.32.0-0ubuntu1.2 du paquet Vino corrige ce problème pour
Ubuntu 10.10.
La version 2.28.2-0ubuntu2.1 du paquet Vino corrige ce problème pour
Ubuntu 10.04 LTS.
La version 2.22.2-0ubuntu1.1 du paquet Vino corrige ce problème pour
Ubuntu 8.04 LTS.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des
correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 10.04 LTS ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 10.10 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 11.4 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 8.04 LTS.",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Vino. Elle permet \u00e0 un\nutilisateur malintentionn\u00e9 d\u0027effectuer un d\u00e9ni de service via l\u0027envoi de\npaquets sp\u00e9cialement con\u00e7us.\n\n## Solution\n\nLa version 2.32.1-0ubuntu2.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 11.04. \nLa version 2.32.0-0ubuntu1.2 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 10.10. \nLa version 2.28.2-0ubuntu2.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 10.04 LTS. \nLa version 2.22.2-0ubuntu1.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 8.04 LTS. \nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0905"
},
{
"name": "CVE-2011-0904",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0904"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1128-1 du 04 mai 2011 :",
"url": "http://www.ubuntulinux.org/usn/usn-1128-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-6773 du 17 mai 2011 (vino-2.32.3-1.fc14) :",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060225.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-6778 du 17 mai 2011 (vino-2.28.3-1.fc13) :",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060233.html"
}
],
"reference": "CERTA-2011-AVI-273",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-05-04T00:00:00.000000"
},
{
"description": "ajout des correctifs Fedora.",
"revision_date": "2011-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 permettant \u00e0 une personne malintentionn\u00e9e de\nd\u00e9clencher un d\u00e9ni de service a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eVino\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Vino",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1128-1 du 2 mai 2011",
"url": null
}
]
}
FKIE_CVE-2011-0904
Vulnerability from fkie_nvd - Published: 2011-05-10 18:55 - Updated: 2026-04-29 01:13
Severity
Summary
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:david_king:vino:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "41927755-3E1C-4177-8977-F52B38F3E053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4B1AEB-B4BA-4215-9F2C-1700CD3111E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF482208-D0E6-457E-953F-6E2361350565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552A7EEF-1909-4A23-98EF-81DF362C2248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.7.4.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62B9DA-E24F-4558-8B72-0C95A45A37BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.7.4.91:*:*:*:*:*:*:*",
"matchCriteriaId": "543D8E9D-70D7-436B-9BDC-8A826A2299C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.7.92:*:*:*:*:*:*:*",
"matchCriteriaId": "650B8890-EB29-4724-844F-4A32E050D08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "730B2130-FB0E-48BA-B34A-C903ED08D76E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5337B18C-36F9-407F-B877-89D3D9F9B1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E865590A-9C6D-44BE-A06F-C2EB89843654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A04843B1-63EE-4A23-97C1-AB1E107EB7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9764CB5E-B515-4996-AFDE-C0498F7E9008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31133388-2D96-4524-99AD-AA68BA77241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "38EC1414-090D-4C68-87A7-27B008368EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "34F405B9-E543-40DB-8421-D529615FE3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DF93A176-DE41-4E97-9811-23C6D2E3FA4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "00576CED-5848-4BD6-B243-47BC53DDAF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8F2CFF-1100-4F39-8081-04CDEAFA0A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B76C84-3BB3-4698-A65F-66DDF1EA7D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF372DB5-2DC8-4D51-8238-91259B8F6DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD934ED-727D-4F76-BEFB-8BC6289E6C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CE80D282-639F-4B3B-917F-78C9E2DE9ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.17.92:*:*:*:*:*:*:*",
"matchCriteriaId": "477A4038-A94F-4D67-94A5-9AF755164B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F9ABA30A-CCEB-452C-8CDF-71BF8BA54328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "618D194C-D298-4C09-9F60-35719011B7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4D61AFC5-B296-45C8-8032-DAAA77FF8B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7914FF1F-E098-4359-A90E-6317648139C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.19.90:*:*:*:*:*:*:*",
"matchCriteriaId": "7549E435-4C0B-461D-811F-7291540E28D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.19.92:*:*:*:*:*:*:*",
"matchCriteriaId": "77F69530-C2BF-4EC5-A0B1-305C1EF734EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "518CBBF2-0F03-4700-A571-3F1FC7A36E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9200DB-5A3A-458D-A57E-176A6243ADDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B163B52F-7A94-4F7C-873D-61F031043701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "823D1043-98CF-4406-AEA0-988A3139E753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEE04E0-8E35-4A20-972F-28AAEA033C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADDF708-0EC8-473A-9FA3-F94EE8939D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.21.90:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F65CD5-2ED0-4BFE-B267-04908843B752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.21.91:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2DD4B9-322D-4D05-A3E6-56BBA8C732F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.21.92:*:*:*:*:*:*:*",
"matchCriteriaId": "D5FFA5A6-5378-45CB-9360-FFEAC67DCCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E18BEF6E-3749-4E7E-8A34-F6577204BC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E077DC55-D51B-4408-9746-FA88DCA39938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0DAA31-709E-40D0-805C-01FE87CDCD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "C1772115-C603-4A11-8489-321120B8A1B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.23.5:*:*:*:*:*:*:*",
"matchCriteriaId": "859A4E2E-BD8E-4787-8E10-DA420F4193BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.23.90:*:*:*:*:*:*:*",
"matchCriteriaId": "986576AE-C3B3-4161-BEDF-4CC9584EACC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.23.91:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FCD3F9-AB94-4DD5-B6D0-CB8C66091134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.23.92:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F07686-3E95-43DA-AD01-90E33D71AB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2CDDB3-ADFD-4B83-94ED-CB2A632956F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9107C16B-47A2-4906-BC07-F1FC869AFA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2973DE8A-A346-44B5-B56D-EC33115FC548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.25.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B854925C-5F29-491D-AC8B-87EC53EA2ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.25.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87C4C344-2028-453A-B66A-D7AE46C01C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.25.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7310615E-BDC8-48D5-A8E4-53808E67AA76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.25.90:*:*:*:*:*:*:*",
"matchCriteriaId": "1A60F4AC-7C1D-4FD3-A4AF-872082093609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.25.91:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AA78F1-5331-4782-B158-CE1CEA929429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.25.92:*:*:*:*:*:*:*",
"matchCriteriaId": "2E41EDE1-BCA4-4E2F-B655-DFF040DDABCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "42F6A115-01FB-4F44-880A-60DFEBFD7504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C9856E-B1E6-4E36-9758-8CFA9ADD9303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C762D77-E35F-4F0F-BAB3-D325D769DBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBA2BE3-439E-4F5F-9AFE-F02BE8882F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.27.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8037FB93-8B30-4AFA-A391-2110D40CFF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.27.90:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC199D2-B527-484A-9215-6490952E1865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.27.91:*:*:*:*:*:*:*",
"matchCriteriaId": "929A2439-2644-4F92-9873-A2D1041C6C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.27.92:*:*:*:*:*:*:*",
"matchCriteriaId": "972490D5-7AF3-4EB2-B6C1-8A9C66F6889E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "71E9E6F4-FF60-4DDB-9F65-10D0B973E633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE96879-862B-4D72-9194-9278B88D3B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "936EAF0C-141D-4DC1-92AD-EA4D34EEC2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65FE82D9-9B70-4D30-B64A-DAE742734719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:2.32.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBD543C-19C0-4AF2-9E87-28758BD865D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBD087C-2AEC-4343-BD74-0F35C7BAD35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE1E16E-9022-4B32-A726-9184BE99A323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_king:vino:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B47D886F-F6D1-46F4-8E91-8EBA00D43505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
},
{
"lang": "es",
"value": "La funci\u00f3n rfbSendFramebufferUpdate en server/libvncserver/rfbserver.c en vino-server en Vino v2.x antes de v2.28.3, v2.32.x antes de v2.32.2, v3.0.x antes de v3.0.2, y v3.1.x antes de v3.1.1, cuando se utiliza la codificaci\u00f3n \"raw\", permite a usuarios autenticados remotamente causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un gran tama\u00f1o en el valor de (1) la posici\u00f3n X o (2) la posici\u00f3n Y en una solicitud de actualizaci\u00f3n de uso de este dispositivo que provoca un acceso a memoria fuera de l\u00edmites, relacionado con las funciones rfbTranslateNone y rfbSendRectEncodingRaw."
}
],
"id": "CVE-2011-0904",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-10T18:55:01.263",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"source": "cve@mitre.org",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"source": "cve@mitre.org",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"source": "cve@mitre.org",
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44410"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44463"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47681"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5C7F-3FP9-P3V4
Vulnerability from github – Published: 2022-05-17 02:01 – Updated: 2025-04-11 03:46
VLAI
Details
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
{
"affected": [],
"aliases": [
"CVE-2011-0904"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-05-10T18:55:00Z",
"severity": "LOW"
},
"details": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
"id": "GHSA-5c7f-3fp9-p3v4",
"modified": "2025-04-11T03:46:49Z",
"published": "2022-05-17T02:01:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904"
},
{
"type": "WEB",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
},
{
"type": "WEB",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"type": "WEB",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"type": "WEB",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"type": "WEB",
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"type": "WEB",
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"type": "WEB",
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"type": "WEB",
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"type": "WEB",
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"type": "WEB",
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"type": "WEB",
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"type": "WEB",
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44410"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44463"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/47681"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-1128-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/1144"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2011-0904
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-0904",
"description": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
"id": "GSD-2011-0904",
"references": [
"https://www.suse.com/security/cve/CVE-2011-0904.html",
"https://www.debian.org/security/2011/dsa-2238",
"https://access.redhat.com/errata/RHSA-2013:0169",
"https://linux.oracle.com/cve/CVE-2011-0904.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-0904"
],
"details": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
"id": "GSD-2011-0904",
"modified": "2023-12-13T01:19:04.567103Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vino-input-dos(67243)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"name": "USN-1128-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "MDVSA-2011:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"name": "RHSA-2013:0169",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"name": "44410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44410"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"name": "ADV-2011-1144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"name": "47681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47681"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"name": "DSA-2238",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=641802",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694455",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"name": "44463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44463"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"name": "http://git.gnome.org/browse/vino/tree/NEWS",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.28.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.92:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.24.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.26.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.27.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.17.92:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.23.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.23.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.22.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.28.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.27.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.27.91:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.27.92:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.17.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.19.92:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.22.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.4.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.4.91:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.91:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.32.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.32.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.19.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.19.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.92:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.91:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.23.92:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.92:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.26.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.13.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.17.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:david_king:vino:2.23.91:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0904"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1144",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"name": "44463",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44463"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
"refsource": "CONFIRM",
"tags": [],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694455",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
"refsource": "CONFIRM",
"tags": [],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=641802",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
},
{
"name": "USN-1128-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"name": "http://git.gnome.org/browse/vino/tree/NEWS",
"refsource": "CONFIRM",
"tags": [],
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
},
{
"name": "44410",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44410"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
"refsource": "CONFIRM",
"tags": [],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"name": "47681",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/47681"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"name": "DSA-2238",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"name": "MDVSA-2011:087",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"name": "RHSA-2013:0169",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "vino-input-dos(67243)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-08-17T01:33Z",
"publishedDate": "2011-05-10T18:55Z"
}
}
}
OPENSUSE-SU-2024:10047-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
vino-3.22.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: vino-3.22.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the vino-3.22.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10047
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "vino-3.22.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the vino-3.22.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10047",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10047-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-0904 page",
"url": "https://www.suse.com/security/cve/CVE-2011-0904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-0905 page",
"url": "https://www.suse.com/security/cve/CVE-2011-0905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1164 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1164/"
}
],
"title": "vino-3.22.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10047-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vino-3.22.0-1.1.aarch64",
"product": {
"name": "vino-3.22.0-1.1.aarch64",
"product_id": "vino-3.22.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vino-lang-3.22.0-1.1.aarch64",
"product": {
"name": "vino-lang-3.22.0-1.1.aarch64",
"product_id": "vino-lang-3.22.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-3.22.0-1.1.ppc64le",
"product": {
"name": "vino-3.22.0-1.1.ppc64le",
"product_id": "vino-3.22.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vino-lang-3.22.0-1.1.ppc64le",
"product": {
"name": "vino-lang-3.22.0-1.1.ppc64le",
"product_id": "vino-lang-3.22.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-3.22.0-1.1.s390x",
"product": {
"name": "vino-3.22.0-1.1.s390x",
"product_id": "vino-3.22.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "vino-lang-3.22.0-1.1.s390x",
"product": {
"name": "vino-lang-3.22.0-1.1.s390x",
"product_id": "vino-lang-3.22.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-3.22.0-1.1.x86_64",
"product": {
"name": "vino-3.22.0-1.1.x86_64",
"product_id": "vino-3.22.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vino-lang-3.22.0-1.1.x86_64",
"product": {
"name": "vino-lang-3.22.0-1.1.x86_64",
"product_id": "vino-lang-3.22.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-3.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64"
},
"product_reference": "vino-3.22.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-3.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le"
},
"product_reference": "vino-3.22.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-3.22.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vino-3.22.0-1.1.s390x"
},
"product_reference": "vino-3.22.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-3.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64"
},
"product_reference": "vino-3.22.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-lang-3.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64"
},
"product_reference": "vino-lang-3.22.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-lang-3.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le"
},
"product_reference": "vino-lang-3.22.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-lang-3.22.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x"
},
"product_reference": "vino-lang-3.22.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-lang-3.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
},
"product_reference": "vino-lang-3.22.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-0904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-0904"
}
],
"notes": [
{
"category": "general",
"text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-0904",
"url": "https://www.suse.com/security/cve/CVE-2011-0904"
},
{
"category": "external",
"summary": "SUSE Bug 690238 for CVE-2011-0904",
"url": "https://bugzilla.suse.com/690238"
},
{
"category": "external",
"summary": "SUSE Bug 691207 for CVE-2011-0904",
"url": "https://bugzilla.suse.com/691207"
},
{
"category": "external",
"summary": "SUSE Bug 691356 for CVE-2011-0904",
"url": "https://bugzilla.suse.com/691356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2011-0904"
},
{
"cve": "CVE-2011-0905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-0905"
}
],
"notes": [
{
"category": "general",
"text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-0905",
"url": "https://www.suse.com/security/cve/CVE-2011-0905"
},
{
"category": "external",
"summary": "SUSE Bug 690238 for CVE-2011-0905",
"url": "https://bugzilla.suse.com/690238"
},
{
"category": "external",
"summary": "SUSE Bug 691207 for CVE-2011-0905",
"url": "https://bugzilla.suse.com/691207"
},
{
"category": "external",
"summary": "SUSE Bug 691356 for CVE-2011-0905",
"url": "https://bugzilla.suse.com/691356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2011-0905"
},
{
"cve": "CVE-2011-1164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1164"
}
],
"notes": [
{
"category": "general",
"text": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1164",
"url": "https://www.suse.com/security/cve/CVE-2011-1164"
},
{
"category": "external",
"summary": "SUSE Bug 680072 for CVE-2011-1164",
"url": "https://bugzilla.suse.com/680072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
"openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-1164"
}
]
}
RHSA-2013:0169
Vulnerability from csaf_redhat - Published: 2013-01-21 22:31 - Updated: 2026-01-13 22:34Summary
Red Hat Security Advisory: vino security update
Severity
Moderate
Notes
Topic: An updated vino package that fixes several security issues is now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: Vino is a Virtual Network Computing (VNC) server for GNOME. It allows
remote users to connect to a running GNOME session using VNC.
It was found that Vino transmitted all clipboard activity on the system
running Vino to all clients connected to port 5900, even those who had not
authenticated. A remote attacker who is able to access port 5900 on a
system running Vino could use this flaw to read clipboard data without
authenticating. (CVE-2012-4429)
Two out-of-bounds memory read flaws were found in the way Vino processed
client framebuffer requests in certain encodings. An authenticated client
could use these flaws to send a specially-crafted request to Vino, causing
it to crash. (CVE-2011-0904, CVE-2011-0905)
In certain circumstances, the vino-preferences dialog box incorrectly
indicated that Vino was only accessible from the local network. This could
confuse a user into believing connections from external networks are not
allowed (even when they are allowed). With this update, vino-preferences no
longer displays connectivity and reachable information. (CVE-2011-1164)
There was no warning that Universal Plug and Play (UPnP) was used to open
ports on a user's network router when the "Configure network automatically
to accept connections" option was enabled (it is disabled by default) in
the Vino preferences. This update changes the option's description to avoid
the risk of a UPnP router configuration change without the user's consent.
(CVE-2011-1165)
All Vino users should upgrade to this updated package, which contains
backported patches to resolve these issues. The GNOME session must be
restarted (log out, then log back in) for this update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
3.5 ()
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
3.5 ()
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
4.6 ()
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.
4.6 ()
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.
5.0 ()
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated vino package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Vino is a Virtual Network Computing (VNC) server for GNOME. It allows\nremote users to connect to a running GNOME session using VNC.\n\nIt was found that Vino transmitted all clipboard activity on the system\nrunning Vino to all clients connected to port 5900, even those who had not\nauthenticated. A remote attacker who is able to access port 5900 on a\nsystem running Vino could use this flaw to read clipboard data without\nauthenticating. (CVE-2012-4429)\n\nTwo out-of-bounds memory read flaws were found in the way Vino processed\nclient framebuffer requests in certain encodings. An authenticated client\ncould use these flaws to send a specially-crafted request to Vino, causing\nit to crash. (CVE-2011-0904, CVE-2011-0905)\n\nIn certain circumstances, the vino-preferences dialog box incorrectly\nindicated that Vino was only accessible from the local network. This could\nconfuse a user into believing connections from external networks are not\nallowed (even when they are allowed). With this update, vino-preferences no\nlonger displays connectivity and reachable information. (CVE-2011-1164)\n\nThere was no warning that Universal Plug and Play (UPnP) was used to open\nports on a user\u0027s network router when the \"Configure network automatically\nto accept connections\" option was enabled (it is disabled by default) in\nthe Vino preferences. This update changes the option\u0027s description to avoid\nthe risk of a UPnP router configuration change without the user\u0027s consent.\n(CVE-2011-1165)\n\nAll Vino users should upgrade to this updated package, which contains\nbackported patches to resolve these issues. The GNOME session must be\nrestarted (log out, then log back in) for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0169",
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "553477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
},
{
"category": "external",
"summary": "678846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
},
{
"category": "external",
"summary": "694455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"category": "external",
"summary": "694456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
},
{
"category": "external",
"summary": "857250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=857250"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0169.json"
}
],
"title": "Red Hat Security Advisory: vino security update",
"tracking": {
"current_release_date": "2026-01-13T22:34:34+00:00",
"generator": {
"date": "2026-01-13T22:34:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2013:0169",
"initial_release_date": "2013-01-21T22:31:00+00:00",
"revision_history": [
{
"date": "2013-01-21T22:31:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-01-21T22:34:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:34:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"product": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"product_id": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vino-0:2.28.1-8.el6_3.x86_64",
"product": {
"name": "vino-0:2.28.1-8.el6_3.x86_64",
"product_id": "vino-0:2.28.1-8.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"product": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"product_id": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "vino-0:2.28.1-8.el6_3.i686",
"product": {
"name": "vino-0:2.28.1-8.el6_3.i686",
"product_id": "vino-0:2.28.1-8.el6_3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-0:2.28.1-8.el6_3.src",
"product": {
"name": "vino-0:2.28.1-8.el6_3.src",
"product_id": "vino-0:2.28.1-8.el6_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"product": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"product_id": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "vino-0:2.28.1-8.el6_3.s390x",
"product": {
"name": "vino-0:2.28.1-8.el6_3.s390x",
"product_id": "vino-0:2.28.1-8.el6_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"product": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"product_id": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "vino-0:2.28.1-8.el6_3.ppc64",
"product": {
"name": "vino-0:2.28.1-8.el6_3.ppc64",
"product_id": "vino-0:2.28.1-8.el6_3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src"
},
"product_reference": "vino-0:2.28.1-8.el6_3.src",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src"
},
"product_reference": "vino-0:2.28.1-8.el6_3.src",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src"
},
"product_reference": "vino-0:2.28.1-8.el6_3.src",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Workstation-6.3.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-0904",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2011-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "694455"
}
],
"notes": [
{
"category": "description",
"text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0904"
},
{
"category": "external",
"summary": "RHBZ#694455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0904",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904"
}
],
"release_date": "2011-05-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-21T22:31:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests"
},
{
"cve": "CVE-2011-0905",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2011-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "694456"
}
],
"notes": [
{
"category": "description",
"text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0905"
},
{
"category": "external",
"summary": "RHBZ#694456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0905"
}
],
"release_date": "2011-05-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-21T22:31:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests"
},
{
"cve": "CVE-2011-1164",
"discovery_date": "2010-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "553477"
}
],
"notes": [
{
"category": "description",
"text": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vino: vino-preferences incorrectly indicates that computer is only reachable over local network",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP). A future update in Red Hat Enterprise Linux 6 may address this flaw. To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled. This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-1164"
},
{
"category": "external",
"summary": "RHBZ#553477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-1164",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1164"
}
],
"release_date": "2009-03-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-21T22:31:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vino: vino-preferences incorrectly indicates that computer is only reachable over local network"
},
{
"cve": "CVE-2011-1165",
"discovery_date": "2011-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "678846"
}
],
"notes": [
{
"category": "description",
"text": "Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the \"Configure network to automatically accept connections\" setting is enabled, which might make it easier for remote attackers to perform further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vino-preferences does not warn about UPnP especially with no password and no confirmation.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP). A future update in Red Hat Enterprise Linux 6 may address this flaw. To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled. This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-1165"
},
{
"category": "external",
"summary": "RHBZ#678846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-1165",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1165"
}
],
"release_date": "2009-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-21T22:31:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vino-preferences does not warn about UPnP especially with no password and no confirmation."
},
{
"cve": "CVE-2012-4429",
"discovery_date": "2012-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "857250"
}
],
"notes": [
{
"category": "description",
"text": "Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vino: information leak and authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4429"
},
{
"category": "external",
"summary": "RHBZ#857250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=857250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4429",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4429"
}
],
"release_date": "2012-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-21T22:31:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vino: information leak and authentication bypass"
}
]
}
RHSA-2013_0169
Vulnerability from csaf_redhat - Published: 2013-01-21 22:31 - Updated: 2024-11-22 06:03Summary
Red Hat Security Advisory: vino security update
Severity
Moderate
Notes
Topic: An updated vino package that fixes several security issues is now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: Vino is a Virtual Network Computing (VNC) server for GNOME. It allows
remote users to connect to a running GNOME session using VNC.
It was found that Vino transmitted all clipboard activity on the system
running Vino to all clients connected to port 5900, even those who had not
authenticated. A remote attacker who is able to access port 5900 on a
system running Vino could use this flaw to read clipboard data without
authenticating. (CVE-2012-4429)
Two out-of-bounds memory read flaws were found in the way Vino processed
client framebuffer requests in certain encodings. An authenticated client
could use these flaws to send a specially-crafted request to Vino, causing
it to crash. (CVE-2011-0904, CVE-2011-0905)
In certain circumstances, the vino-preferences dialog box incorrectly
indicated that Vino was only accessible from the local network. This could
confuse a user into believing connections from external networks are not
allowed (even when they are allowed). With this update, vino-preferences no
longer displays connectivity and reachable information. (CVE-2011-1164)
There was no warning that Universal Plug and Play (UPnP) was used to open
ports on a user's network router when the "Configure network automatically
to accept connections" option was enabled (it is disabled by default) in
the Vino preferences. This update changes the option's description to avoid
the risk of a UPnP router configuration change without the user's consent.
(CVE-2011-1165)
All Vino users should upgrade to this updated package, which contains
backported patches to resolve these issues. The GNOME session must be
restarted (log out, then log back in) for this update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
3.5 ()
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
3.5 ()
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
4.6 ()
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.
4.6 ()
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.
5.0 ()
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated vino package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Vino is a Virtual Network Computing (VNC) server for GNOME. It allows\nremote users to connect to a running GNOME session using VNC.\n\nIt was found that Vino transmitted all clipboard activity on the system\nrunning Vino to all clients connected to port 5900, even those who had not\nauthenticated. A remote attacker who is able to access port 5900 on a\nsystem running Vino could use this flaw to read clipboard data without\nauthenticating. (CVE-2012-4429)\n\nTwo out-of-bounds memory read flaws were found in the way Vino processed\nclient framebuffer requests in certain encodings. An authenticated client\ncould use these flaws to send a specially-crafted request to Vino, causing\nit to crash. (CVE-2011-0904, CVE-2011-0905)\n\nIn certain circumstances, the vino-preferences dialog box incorrectly\nindicated that Vino was only accessible from the local network. This could\nconfuse a user into believing connections from external networks are not\nallowed (even when they are allowed). With this update, vino-preferences no\nlonger displays connectivity and reachable information. (CVE-2011-1164)\n\nThere was no warning that Universal Plug and Play (UPnP) was used to open\nports on a user\u0027s network router when the \"Configure network automatically\nto accept connections\" option was enabled (it is disabled by default) in\nthe Vino preferences. This update changes the option\u0027s description to avoid\nthe risk of a UPnP router configuration change without the user\u0027s consent.\n(CVE-2011-1165)\n\nAll Vino users should upgrade to this updated package, which contains\nbackported patches to resolve these issues. The GNOME session must be\nrestarted (log out, then log back in) for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0169",
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "553477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
},
{
"category": "external",
"summary": "678846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
},
{
"category": "external",
"summary": "694455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"category": "external",
"summary": "694456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
},
{
"category": "external",
"summary": "857250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=857250"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0169.json"
}
],
"title": "Red Hat Security Advisory: vino security update",
"tracking": {
"current_release_date": "2024-11-22T06:03:45+00:00",
"generator": {
"date": "2024-11-22T06:03:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0169",
"initial_release_date": "2013-01-21T22:31:00+00:00",
"revision_history": [
{
"date": "2013-01-21T22:31:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-01-21T22:34:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:03:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"product": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"product_id": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vino-0:2.28.1-8.el6_3.x86_64",
"product": {
"name": "vino-0:2.28.1-8.el6_3.x86_64",
"product_id": "vino-0:2.28.1-8.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"product": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"product_id": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "vino-0:2.28.1-8.el6_3.i686",
"product": {
"name": "vino-0:2.28.1-8.el6_3.i686",
"product_id": "vino-0:2.28.1-8.el6_3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-0:2.28.1-8.el6_3.src",
"product": {
"name": "vino-0:2.28.1-8.el6_3.src",
"product_id": "vino-0:2.28.1-8.el6_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"product": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"product_id": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "vino-0:2.28.1-8.el6_3.s390x",
"product": {
"name": "vino-0:2.28.1-8.el6_3.s390x",
"product_id": "vino-0:2.28.1-8.el6_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"product": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"product_id": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "vino-0:2.28.1-8.el6_3.ppc64",
"product": {
"name": "vino-0:2.28.1-8.el6_3.ppc64",
"product_id": "vino-0:2.28.1-8.el6_3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src"
},
"product_reference": "vino-0:2.28.1-8.el6_3.src",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src"
},
"product_reference": "vino-0:2.28.1-8.el6_3.src",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Server-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src"
},
"product_reference": "vino-0:2.28.1-8.el6_3.src",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
},
"product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"relates_to_product_reference": "6Workstation-6.3.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-0904",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2011-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "694455"
}
],
"notes": [
{
"category": "description",
"text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0904"
},
{
"category": "external",
"summary": "RHBZ#694455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0904",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904"
}
],
"release_date": "2011-05-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-21T22:31:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests"
},
{
"cve": "CVE-2011-0905",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2011-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "694456"
}
],
"notes": [
{
"category": "description",
"text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0905"
},
{
"category": "external",
"summary": "RHBZ#694456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0905"
}
],
"release_date": "2011-05-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-21T22:31:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests"
},
{
"cve": "CVE-2011-1164",
"discovery_date": "2010-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "553477"
}
],
"notes": [
{
"category": "description",
"text": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vino: vino-preferences incorrectly indicates that computer is only reachable over local network",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP). A future update in Red Hat Enterprise Linux 6 may address this flaw. To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled. This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-1164"
},
{
"category": "external",
"summary": "RHBZ#553477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-1164",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1164"
}
],
"release_date": "2009-03-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-21T22:31:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vino: vino-preferences incorrectly indicates that computer is only reachable over local network"
},
{
"cve": "CVE-2011-1165",
"discovery_date": "2011-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "678846"
}
],
"notes": [
{
"category": "description",
"text": "Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the \"Configure network to automatically accept connections\" setting is enabled, which might make it easier for remote attackers to perform further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vino-preferences does not warn about UPnP especially with no password and no confirmation.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP). A future update in Red Hat Enterprise Linux 6 may address this flaw. To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled. This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-1165"
},
{
"category": "external",
"summary": "RHBZ#678846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-1165",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1165"
}
],
"release_date": "2009-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-21T22:31:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vino-preferences does not warn about UPnP especially with no password and no confirmation."
},
{
"cve": "CVE-2012-4429",
"discovery_date": "2012-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "857250"
}
],
"notes": [
{
"category": "description",
"text": "Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vino: information leak and authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4429"
},
{
"category": "external",
"summary": "RHBZ#857250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=857250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4429",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4429"
}
],
"release_date": "2012-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-21T22:31:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0169"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
"6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
"6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vino: information leak and authentication bypass"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…