Vulnerabilites related to tightvnc - tightvnc
cve-2002-1511
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
EPSS score ?
Summary
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161 | vendor-advisory, x_refsource_SUNALERT | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 | vendor-advisory, x_refsource_CONECTIVA | |
| http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2003-041.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/11384.php | vdb-entry, x_refsource_XF | |
| http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 | vendor-advisory, x_refsource_MANDRAKE | |
| http://security.gentoo.org/glsa/glsa-200302-15.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.redhat.com/support/errata/RHSA-2003-068.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/6905 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:26:28.781Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "56161", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161", }, { name: "CLSA-2003:640", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog", }, { name: "RHSA-2003:041", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-041.html", }, { name: "vnc-rand-weak-cookie(11384)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/11384.php", }, { name: "MDKSA-2003:022", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022", }, { name: "200302-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200302-15.xml", }, { name: "RHSA-2003:068", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-068.html", }, { name: "6905", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/6905", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-10-11T00:00:00", descriptions: [ { lang: "en", value: "The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-05-21T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "56161", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161", }, { name: "CLSA-2003:640", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog", }, { name: "RHSA-2003:041", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-041.html", }, { name: "vnc-rand-weak-cookie(11384)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/11384.php", }, { name: "MDKSA-2003:022", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022", }, { name: "200302-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200302-15.xml", }, { name: "RHSA-2003:068", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-068.html", }, { name: "6905", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/6905", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1511", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "56161", refsource: "SUNALERT", url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161", }, { name: "CLSA-2003:640", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640", }, { name: "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog", refsource: "CONFIRM", url: "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog", }, { name: "RHSA-2003:041", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-041.html", }, { name: "vnc-rand-weak-cookie(11384)", refsource: "XF", url: "http://www.iss.net/security_center/static/11384.php", }, { name: "MDKSA-2003:022", refsource: "MANDRAKE", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022", }, { name: "200302-15", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200302-15.xml", }, { name: "RHSA-2003:068", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-068.html", }, { name: "6905", refsource: "BID", url: "http://www.securityfocus.com/bid/6905", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1511", datePublished: "2004-09-01T04:00:00", dateReserved: "2003-02-19T00:00:00", dateUpdated: "2024-08-08T03:26:28.781Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-0388
Vulnerability from cvelistv5
Published
2009-02-04 19:00
Modified
2024-08-07 04:31
Severity ?
EPSS score ?
Summary
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forum.ultravnc.info/viewtopic.php?t=14654 | x_refsource_CONFIRM | |
| http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/0321 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/33568 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/500632/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.exploit-db.com/exploits/8024 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.coresecurity.com/content/vnc-integer-overflows | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2009/0322 | vdb-entry, x_refsource_VUPEN | |
| https://www.exploit-db.com/exploits/7990 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/33807 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:31:25.854Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://forum.ultravnc.info/viewtopic.php?t=14654", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564", }, { name: "ADV-2009-0321", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0321", }, { name: "33568", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33568", }, { name: "20090203 CORE-2008-1009 - VNC Multiple Integer Overflows", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/500632/100/0/threaded", }, { name: "8024", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/8024", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.coresecurity.com/content/vnc-integer-overflows", }, { name: "ADV-2009-0322", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0322", }, { name: "7990", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/7990", }, { name: "33807", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33807", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-21T00:00:00", descriptions: [ { lang: "en", value: "Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://forum.ultravnc.info/viewtopic.php?t=14654", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564", }, { name: "ADV-2009-0321", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0321", }, { name: "33568", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33568", }, { name: "20090203 CORE-2008-1009 - VNC Multiple Integer Overflows", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/500632/100/0/threaded", }, { name: "8024", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/8024", }, { tags: [ "x_refsource_MISC", ], url: "http://www.coresecurity.com/content/vnc-integer-overflows", }, { name: "ADV-2009-0322", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0322", }, { name: "7990", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/7990", }, { name: "33807", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33807", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-0388", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://forum.ultravnc.info/viewtopic.php?t=14654", refsource: "CONFIRM", url: "http://forum.ultravnc.info/viewtopic.php?t=14654", }, { name: "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564", refsource: "CONFIRM", url: "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564", }, { name: "ADV-2009-0321", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0321", }, { name: "33568", refsource: "BID", url: "http://www.securityfocus.com/bid/33568", }, { name: "20090203 CORE-2008-1009 - VNC Multiple Integer Overflows", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/500632/100/0/threaded", }, { name: "8024", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/8024", }, { name: "http://www.coresecurity.com/content/vnc-integer-overflows", refsource: "MISC", url: "http://www.coresecurity.com/content/vnc-integer-overflows", }, { name: "ADV-2009-0322", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0322", }, { name: "7990", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/7990", }, { name: "33807", refsource: "SECUNIA", url: "http://secunia.com/advisories/33807", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-0388", datePublished: "2009-02-04T19:00:00", dateReserved: "2009-02-02T00:00:00", dateUpdated: "2024-08-07T04:31:25.854Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15680
Vulnerability from cvelistv5
Published
2019-10-29 16:45
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2018/12/10/5 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4407-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:56:22.088Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { name: "USN-4407-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4407-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "TightVNC", vendor: "Kaspersky", versions: [ { status: "affected", version: "1.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-09T16:19:04", orgId: "e45d732a-8f6b-4b6b-be76-7420f6a2b988", shortName: "Kaspersky", }, references: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { name: "USN-4407-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4407-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnerability@kaspersky.com", ID: "CVE-2019-15680", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "TightVNC", version: { version_data: [ { version_value: "1.3.10", }, ], }, }, ], }, vendor_name: "Kaspersky", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476: NULL Pointer Dereference", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", refsource: "MLIST", url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { name: "USN-4407-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4407-1/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e45d732a-8f6b-4b6b-be76-7420f6a2b988", assignerShortName: "Kaspersky", cveId: "CVE-2019-15680", datePublished: "2019-10-29T16:45:52", dateReserved: "2019-08-27T00:00:00", dateUpdated: "2024-08-05T00:56:22.088Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0971
Vulnerability from cvelistv5
Published
2002-08-23 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5530 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9979.php | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=102994289123085&w=2 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:12:16.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "5530", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5530", }, { name: "vnc-win32-messaging-privileges(9979)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/9979.php", }, { name: "20020821 Win32 API 'shatter' vulnerability found in VNC-based products", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=102994289123085&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-08-21T00:00:00", descriptions: [ { lang: "en", value: "Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the \"Add new clients\" dialogue box.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "5530", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5530", }, { name: "vnc-win32-messaging-privileges(9979)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/9979.php", }, { name: "20020821 Win32 API 'shatter' vulnerability found in VNC-based products", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=102994289123085&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0971", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the \"Add new clients\" dialogue box.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "5530", refsource: "BID", url: "http://www.securityfocus.com/bid/5530", }, { name: "vnc-win32-messaging-privileges(9979)", refsource: "XF", url: "http://www.iss.net/security_center/static/9979.php", }, { name: "20020821 Win32 API 'shatter' vulnerability found in VNC-based products", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=102994289123085&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0971", datePublished: "2002-08-23T04:00:00", dateReserved: "2002-08-21T00:00:00", dateUpdated: "2024-08-08T03:12:16.453Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42785
Vulnerability from cvelistv5
Published
2021-11-23 21:37
Modified
2024-08-04 03:38
Severity ?
EPSS score ?
Summary
Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tightvnc.com/whatsnew.php | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GlavSoft LLC | TightVNC Viewer |
Version: 2.8.59 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:38:50.226Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tightvnc.com/whatsnew.php", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "TightVNC Viewer", vendor: "GlavSoft LLC", versions: [ { lessThanOrEqual: "2.8.59", status: "affected", version: "2.8.59", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Eugene Lim from Government Technology Agency of Singapore", }, ], descriptions: [ { lang: "en", value: "Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-23T21:37:07", orgId: "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", shortName: "GovTech CSG", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tightvnc.com/whatsnew.php", }, ], source: { discovery: "EXTERNAL", }, title: "Buffer Overflow in tvnviewer.exe via Crafted Packet in TightVNC Viewer 2.8.59", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve_disclosure@tech.gov.sg", ID: "CVE-2021-42785", STATE: "PUBLIC", TITLE: "Buffer Overflow in tvnviewer.exe via Crafted Packet in TightVNC Viewer 2.8.59", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "TightVNC Viewer", version: { version_data: [ { version_affected: "<=", version_name: "2.8.59", version_value: "2.8.59", }, ], }, }, ], }, vendor_name: "GlavSoft LLC", }, ], }, }, credit: [ { lang: "eng", value: "Eugene Lim from Government Technology Agency of Singapore", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-120 Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tightvnc.com/whatsnew.php", refsource: "MISC", url: "https://www.tightvnc.com/whatsnew.php", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", assignerShortName: "GovTech CSG", cveId: "CVE-2021-42785", datePublished: "2021-11-23T21:37:07", dateReserved: "2021-10-21T00:00:00", dateUpdated: "2024-08-04T03:38:50.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15679
Vulnerability from cvelistv5
Published
2019-10-29 16:45
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2018/12/10/5 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:56:22.416Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "TightVNC", vendor: "Kaspersky", versions: [ { status: "affected", version: "1.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-09T16:18:32", orgId: "e45d732a-8f6b-4b6b-be76-7420f6a2b988", shortName: "Kaspersky", }, references: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnerability@kaspersky.com", ID: "CVE-2019-15679", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "TightVNC", version: { version_data: [ { version_value: "1.3.10", }, ], }, }, ], }, vendor_name: "Kaspersky", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-122: Heap-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", refsource: "MLIST", url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e45d732a-8f6b-4b6b-be76-7420f6a2b988", assignerShortName: "Kaspersky", cveId: "CVE-2019-15679", datePublished: "2019-10-29T16:45:04", dateReserved: "2019-08-27T00:00:00", dateUpdated: "2024-08-05T00:56:22.416Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-1848
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tightvnc.com/changelog-win32.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4835 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:43:33.249Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.tightvnc.com/changelog-win32.html", }, { name: "4835", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/4835", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2005-06-28T04:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.tightvnc.com/changelog-win32.html", }, { name: "4835", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/4835", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1848", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.tightvnc.com/changelog-win32.html", refsource: "CONFIRM", url: "http://www.tightvnc.com/changelog-win32.html", }, { name: "4835", refsource: "BID", url: "http://www.securityfocus.com/bid/4835", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1848", datePublished: "2005-06-28T04:00:00Z", dateReserved: "2005-06-28T04:00:00Z", dateUpdated: "2024-09-16T20:27:48.696Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27830
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2025-02-08 02:40
Severity ?
EPSS score ?
Summary
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:29.465Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.tightvnc.com/whatsnew.php", }, { tags: [ "x_transferred", ], url: "https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce", }, { tags: [ "x_transferred", ], url: "https://www.tightvnc.com/news.php", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-27830", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-08T02:39:07.149897Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-08T02:40:24.901Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-12T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.tightvnc.com/whatsnew.php", }, { url: "https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce", }, { url: "https://www.tightvnc.com/news.php", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-27830", datePublished: "2023-04-12T00:00:00.000Z", dateReserved: "2023-03-05T00:00:00.000Z", dateUpdated: "2025-02-08T02:40:24.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-8287
Vulnerability from cvelistv5
Published
2019-10-29 16:43
Modified
2024-08-04 21:17
Severity ?
EPSS score ?
Summary
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2018/12/10/5 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:17:31.162Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "TightVNC", vendor: "Kaspersky", versions: [ { status: "affected", version: "1.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-09T16:19:33", orgId: "e45d732a-8f6b-4b6b-be76-7420f6a2b988", shortName: "Kaspersky", }, references: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnerability@kaspersky.com", ID: "CVE-2019-8287", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "TightVNC", version: { version_data: [ { version_value: "1.3.10", }, ], }, }, ], }, vendor_name: "Kaspersky", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", refsource: "MLIST", url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e45d732a-8f6b-4b6b-be76-7420f6a2b988", assignerShortName: "Kaspersky", cveId: "CVE-2019-8287", datePublished: "2019-10-29T16:43:30", dateReserved: "2019-02-12T00:00:00", dateUpdated: "2024-08-04T21:17:31.162Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15678
Vulnerability from cvelistv5
Published
2019-10-29 16:44
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2018/12/10/5 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:56:22.434Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "TightVNC", vendor: "Kaspersky", versions: [ { status: "affected", version: "1.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-09T16:17:28", orgId: "e45d732a-8f6b-4b6b-be76-7420f6a2b988", shortName: "Kaspersky", }, references: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnerability@kaspersky.com", ID: "CVE-2019-15678", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "TightVNC", version: { version_data: [ { version_value: "1.3.10", }, ], }, }, ], }, vendor_name: "Kaspersky", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-122: Heap-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", refsource: "MLIST", url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { name: "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e45d732a-8f6b-4b6b-be76-7420f6a2b988", assignerShortName: "Kaspersky", cveId: "CVE-2019-15678", datePublished: "2019-10-29T16:44:08", dateReserved: "2019-08-27T00:00:00", dateUpdated: "2024-08-05T00:56:22.434Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-1336
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5992 | vdb-entry, x_refsource_XF | |
| http://www.redhat.com/support/errata/RHSA-2002-287.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=102753170201524&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2003-041.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 | vendor-advisory, x_refsource_MANDRAKE | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.tightvnc.com/WhatsNew.txt | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=102769183913594&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5296 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:19:28.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "vnc-weak-authentication(5992)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992", }, { name: "RHSA-2002:287", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2002-287.html", }, { name: "20020724 VNC authentication weakness", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=102753170201524&w=2", }, { name: "RHSA-2003:041", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-041.html", }, { name: "MDKSA-2003:022", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022", }, { name: "CLA-2003:640", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.tightvnc.com/WhatsNew.txt", }, { name: "20020726 RE: VNC authentication weakness", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=102769183913594&w=2", }, { name: "5296", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5296", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-07-26T00:00:00", descriptions: [ { lang: "en", value: "TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-05-21T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "vnc-weak-authentication(5992)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992", }, { name: "RHSA-2002:287", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2002-287.html", }, { name: "20020724 VNC authentication weakness", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=102753170201524&w=2", }, { name: "RHSA-2003:041", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-041.html", }, { name: "MDKSA-2003:022", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022", }, { name: "CLA-2003:640", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.tightvnc.com/WhatsNew.txt", }, { name: "20020726 RE: VNC authentication weakness", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=102769183913594&w=2", }, { name: "5296", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5296", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1336", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "vnc-weak-authentication(5992)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992", }, { name: "RHSA-2002:287", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2002-287.html", }, { name: "20020724 VNC authentication weakness", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=102753170201524&w=2", }, { name: "RHSA-2003:041", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-041.html", }, { name: "MDKSA-2003:022", refsource: "MANDRAKE", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022", }, { name: "CLA-2003:640", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640", }, { name: "http://www.tightvnc.com/WhatsNew.txt", refsource: "CONFIRM", url: "http://www.tightvnc.com/WhatsNew.txt", }, { name: "20020726 RE: VNC authentication weakness", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=102769183913594&w=2", }, { name: "5296", refsource: "BID", url: "http://www.securityfocus.com/bid/5296", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1336", datePublished: "2004-09-01T04:00:00", dateReserved: "2002-12-02T00:00:00", dateUpdated: "2024-08-08T03:19:28.608Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-04-12 15:15
Modified
2025-02-08 03:15
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.tightvnc.com/news.php | Product, Release Notes | |
| cve@mitre.org | https://www.tightvnc.com/whatsnew.php | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tightvnc.com/news.php | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tightvnc.com/whatsnew.php | Product, Release Notes |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tightvnc:tightvnc:*:*:*:*:*:*:*:*", matchCriteriaId: "521FB7FE-6DDF-44F9-BDFD-0785D8E0093F", versionEndExcluding: "2.8.75", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.", }, ], id: "CVE-2023-27830", lastModified: "2025-02-08T03:15:10.200", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-12T15:15:12.830", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce", }, { source: "cve@mitre.org", tags: [ "Product", "Release Notes", ], url: "https://www.tightvnc.com/news.php", }, { source: "cve@mitre.org", tags: [ "Product", "Release Notes", ], url: "https://www.tightvnc.com/whatsnew.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Release Notes", ], url: "https://www.tightvnc.com/news.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Release Notes", ], url: "https://www.tightvnc.com/whatsnew.php", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:att:vnc:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "B625061A-5EE0-4D91-AD09-4B36BAD0C01B", vulnerable: true, }, { criteria: "cpe:2.3:a:att:vnc:3.3.3r2:*:*:*:*:*:*:*", matchCriteriaId: "4338D951-2867-4C82-A292-AC42CD1CCE0F", vulnerable: true, }, { criteria: "cpe:2.3:a:att:vnc:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "8D6730C1-8048-4CC5-9E78-4B8F1EF96197", vulnerable: true, }, { criteria: "cpe:2.3:a:att:vnc:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "C77E92FE-24D1-46C9-BBDE-4CD93162D5FC", vulnerable: true, }, { criteria: "cpe:2.3:a:att:vnc:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "4C1ADE3F-DCD1-429E-AE4F-F768C43B74C5", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B2F4EE57-DA68-4438-A401-BAC82B7242D2", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F9E11A57-016E-4720-A266-A53743629CD8", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "F84CBC3F-6A63-4ED0-803E-5D008845A856", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "AF990CCF-70BE-46F6-9360-ECC39B6D6F3B", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "0274E35A-ACAB-43F5-A4F3-383CA9EEA1CC", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "0FD5B03E-D897-4A06-A3EF-62B13B46B7EF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.", }, ], id: "CVE-2002-1511", lastModified: "2024-11-20T23:41:28.773", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-03-03T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog", }, { source: "cve@mitre.org", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200302-15.xml", }, { source: "cve@mitre.org", url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/11384.php", }, { source: "cve@mitre.org", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2003-041.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2003-068.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/6905", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200302-15.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/11384.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2003-041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2003-068.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/6905", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:29
Severity ?
Summary
TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*", matchCriteriaId: "37E2BF43-0B3B-4BDD-B145-62E7333F4A93", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.", }, { lang: "es", value: "El código de TightVNC versión 1.3.10, contiene un desbordamiento del búfer de la pila en el manejador rfbServerCutText, lo que puede resultar potencialmente en una ejecución de código. Este ataque parece ser explotable por medio de la conectividad de red.", }, ], id: "CVE-2019-15678", lastModified: "2024-11-21T04:29:14.710", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-29T19:15:17.860", references: [ { source: "vulnerability@kaspersky.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { source: "vulnerability@kaspersky.com", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { source: "vulnerability@kaspersky.com", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, { source: "vulnerability@kaspersky.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, ], sourceIdentifier: "vulnerability@kaspersky.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "vulnerability@kaspersky.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-23 22:15
Modified
2024-11-21 06:28
Severity ?
Summary
Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve_disclosure@tech.gov.sg | https://www.tightvnc.com/whatsnew.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tightvnc.com/whatsnew.php | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tightvnc:tightvnc:*:*:*:*:*:*:*:*", matchCriteriaId: "E9227D38-8A36-4104-8703-77E0B93E1E43", versionEndIncluding: "2.8.59", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.", }, { lang: "es", value: "Una vulnerabilidad de desbordamiento del búfer en el archivo tvnviewer.exe de TightVNC Viewer permite a un atacante remoto ejecutar instrucciones arbitrarias por medio de un paquete FramebufferUpdate diseñado desde un servidor VNC", }, ], id: "CVE-2021-42785", lastModified: "2024-11-21T06:28:10.337", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-23T22:15:08.133", references: [ { source: "cve_disclosure@tech.gov.sg", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.tightvnc.com/whatsnew.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.tightvnc.com/whatsnew.php", }, ], sourceIdentifier: "cve_disclosure@tech.gov.sg", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "cve_disclosure@tech.gov.sg", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:29
Severity ?
Summary
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*", matchCriteriaId: "37E2BF43-0B3B-4BDD-B145-62E7333F4A93", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.", }, { lang: "es", value: "El código de TightVNC versión 1.3.10, contiene un desbordamiento del búfer de la pila en la función InitialiseRFBConnection, lo que puede resultar potencialmente en una ejecución de código. Este ataque parece ser explotable por medio de la conectividad de red.", }, ], id: "CVE-2019-15679", lastModified: "2024-11-21T04:29:14.827", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-29T19:15:17.953", references: [ { source: "vulnerability@kaspersky.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { source: "vulnerability@kaspersky.com", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { source: "vulnerability@kaspersky.com", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, { source: "vulnerability@kaspersky.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, ], sourceIdentifier: "vulnerability@kaspersky.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "vulnerability@kaspersky.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-02-04 19:30
Modified
2024-11-21 00:59
Severity ?
Summary
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.3.9:*:*:*:*:*:*:*", matchCriteriaId: "6E472222-224B-41BD-A788-F6D6AF96430B", vulnerable: true, }, { criteria: "cpe:2.3:a:ultravnc:ultravnc:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C556A1A6-30ED-4988-B66B-CF823B297CF3", vulnerable: true, }, { criteria: "cpe:2.3:a:ultravnc:ultravnc:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "835FD162-1BE0-43C6-93A5-1E450505D2A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.", }, { lang: "es", value: "Errores múltiples de signo de entero en (1) UltraVNC v1.0.2 y v1.0.5 y (2) TightVnc v1.3.9 permiten a atacantes remotos provocar una denegación de servicio (corrupción de la cabecera y caída de la aplicación) o posiblemente ejecutar codigo de su elección mediante un valor de gran longitud en un mensaje, en relación con las funciones (a) ClientConnection::CheckBufferSize y (b) ClientConnection::CheckFileZipBufferSize en ClientConnection.cpp.", }, ], id: "CVE-2009-0388", lastModified: "2024-11-21T00:59:47.453", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-02-04T19:30:00.530", references: [ { source: "cve@mitre.org", url: "http://forum.ultravnc.info/viewtopic.php?t=14654", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33807", }, { source: "cve@mitre.org", url: "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.coresecurity.com/content/vnc-integer-overflows", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/500632/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/33568", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2009/0321", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2009/0322", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/7990", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/8024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://forum.ultravnc.info/viewtopic.php?t=14654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33807", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.coresecurity.com/content/vnc-integer-overflows", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/500632/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/33568", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0321", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/7990", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/8024", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:49
Severity ?
Summary
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*", matchCriteriaId: "37E2BF43-0B3B-4BDD-B145-62E7333F4A93", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.", }, { lang: "es", value: "El código de TightVNC versión 1.3.10, contiene un desbordamiento del búfer global en la función macro HandleCoRREBBP, que puede resultar potencialmente en una ejecución de código. Este ataque parece ser explotable mediante la conectividad de red.", }, ], id: "CVE-2019-8287", lastModified: "2024-11-21T04:49:39.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-29T19:15:22.640", references: [ { source: "vulnerability@kaspersky.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { source: "vulnerability@kaspersky.com", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { source: "vulnerability@kaspersky.com", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, { source: "vulnerability@kaspersky.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, ], sourceIdentifier: "vulnerability@kaspersky.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "vulnerability@kaspersky.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B2F4EE57-DA68-4438-A401-BAC82B7242D2", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F9E11A57-016E-4720-A266-A53743629CD8", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "AF990CCF-70BE-46F6-9360-ECC39B6D6F3B", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "0274E35A-ACAB-43F5-A4F3-383CA9EEA1CC", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "0FD5B03E-D897-4A06-A3EF-62B13B46B7EF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.", }, { lang: "es", value: "TightVNC anterior a 1.2.6 genera la misma cadena de desafío a múltiples conexiones, lo que permite a atacantes remotos evitar la autenticación VNC espiando el desafio y la respuesta de otros usuarios.", }, ], id: "CVE-2002-1336", lastModified: "2024-11-20T23:41:03.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-11T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=102753170201524&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=102769183913594&w=2", }, { source: "cve@mitre.org", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2002-287.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2003-041.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/5296", }, { source: "cve@mitre.org", url: "http://www.tightvnc.com/WhatsNew.txt", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=102753170201524&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=102769183913594&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2002-287.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2003-041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/5296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.tightvnc.com/WhatsNew.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2:*:*:*:*:*:*:*", matchCriteriaId: "1A0DE39B-0852-4BDC-9592-56004DC9A2ED", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F9E11A57-016E-4720-A266-A53743629CD8", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "F84CBC3F-6A63-4ED0-803E-5D008845A856", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "AF990CCF-70BE-46F6-9360-ECC39B6D6F3B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.", }, ], id: "CVE-2002-1848", lastModified: "2024-11-20T23:42:16.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/4835", }, { source: "cve@mitre.org", url: "http://www.tightvnc.com/changelog-win32.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/4835", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.tightvnc.com/changelog-win32.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:29
Severity ?
Summary
TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*", matchCriteriaId: "37E2BF43-0B3B-4BDD-B145-62E7333F4A93", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.", }, { lang: "es", value: "El código de TightVNC versión 1.3.10, contiene una desreferencia del puntero null en la función HandleZlibBPP, lo que resulta en una Denegación del Sistema (DoS). Este ataque parece ser explotable por medio de la conectividad de red.", }, ], id: "CVE-2019-15680", lastModified: "2024-11-21T04:29:14.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-29T19:15:18.033", references: [ { source: "vulnerability@kaspersky.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { source: "vulnerability@kaspersky.com", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { source: "vulnerability@kaspersky.com", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, { source: "vulnerability@kaspersky.com", url: "https://usn.ubuntu.com/4407-1/", }, { source: "vulnerability@kaspersky.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4407-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2018/12/10/5", }, ], sourceIdentifier: "vulnerability@kaspersky.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "vulnerability@kaspersky.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-09-24 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:att:winvnc_server:*:*:*:*:*:*:*:*", matchCriteriaId: "3CA6820A-D28A-49C6-A6D6-D54F95274FE3", versionEndIncluding: "3.3.3_r9", vulnerable: true, }, { criteria: "cpe:2.3:a:att:winvnc_server:3.3.3_r7:*:*:*:*:*:*:*", matchCriteriaId: "4FEAAE30-8DA0-4C04-B745-FECCEA0685ED", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B2F4EE57-DA68-4438-A401-BAC82B7242D2", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F9E11A57-016E-4720-A266-A53743629CD8", vulnerable: true, }, { criteria: "cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "0FD5B03E-D897-4A06-A3EF-62B13B46B7EF", vulnerable: true, }, { criteria: "cpe:2.3:a:tridia:tridiavnc:1.5:*:*:*:*:*:*:*", matchCriteriaId: "D1E2C09A-A649-4E4C-BC75-45F456546B72", vulnerable: true, }, { criteria: "cpe:2.3:a:tridia:tridiavnc:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "39675379-9A88-40AE-85A1-F0E4ADEA1A17", vulnerable: true, }, { criteria: "cpe:2.3:a:tridia:tridiavnc:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40879BF2-41EB-4170-A7EC-223CB22A83ED", vulnerable: true, }, { criteria: "cpe:2.3:a:tridia:tridiavnc:1.5.4:*:*:*:*:*:*:*", matchCriteriaId: "13622F73-D0BF-41DD-976F-4926FA5744CC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the \"Add new clients\" dialogue box.", }, { lang: "es", value: "Vulnerabilidad en VNC, TightVNC, y TridiaVNC permite a usuarios locales ejecutar código arbitrario como LocalSystem usando el sistema de mensajes de Win32 para evitar el GUI (Interfaz Gráfico de Úsuario) y acceder al cuadro de diálogo \"Añadir nuevos clientes\"", }, ], id: "CVE-2002-0971", lastModified: "2024-11-20T23:40:17.867", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-09-24T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=102994289123085&w=2", }, { source: "cve@mitre.org", url: "http://www.iss.net/security_center/static/9979.php", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/5530", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=102994289123085&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.iss.net/security_center/static/9979.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/5530", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }