cvelistv5 - cve-2011-0904

CVE-2011-0904 (GCVE-0-2011-0904)

Vulnerability from cvelistv5 – Published: 2011-05-10 18:00 – Updated: 2024-08-06 22:05

Summary

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://git.gnome.org/browse/vino/commit/?id=0c2c9…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/usn-1128-1/	vendor-advisoryx_refsource_UBUNTU
	http://git.gnome.org/browse/vino/commit/?id=d050a…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://rhn.redhat.com/errata/RHSA-2013-0169.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/44410	third-party-advisoryx_refsource_SECUNIA
	http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/1144	vdb-entryx_refsource_VUPEN
	http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/47681	vdb-entryx_refsource_BID
	http://git.gnome.org/browse/vino/commit/?id=456da…	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/log/?h=gnome-2-30	x_refsource_CONFIRM
	http://www.debian.org/security/2011/dsa-2238	vendor-advisoryx_refsource_DEBIAN
	http://git.gnome.org/browse/vino/commit/?id=e17bd…	x_refsource_CONFIRM
	https://bugzilla.gnome.org/show_bug.cgi?id=641802	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/commit/?id=dff52…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=694455	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/commit/?id=8beef…	x_refsource_CONFIRM
	http://secunia.com/advisories/44463	third-party-advisoryx_refsource_SECUNIA
	http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/v…	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/tree/NEWS	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:05:54.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "vino-input-dos(67243)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
          },
          {
            "name": "USN-1128-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-1128-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
          },
          {
            "name": "SUSE-SR:2011:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "name": "MDVSA-2011:087",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
          },
          {
            "name": "RHSA-2013:0169",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
          },
          {
            "name": "44410",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44410"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
          },
          {
            "name": "ADV-2011-1144",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
          },
          {
            "name": "47681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47681"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
          },
          {
            "name": "DSA-2238",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2238"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
          },
          {
            "name": "44463",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44463"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/tree/NEWS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "vino-input-dos(67243)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
        },
        {
          "name": "USN-1128-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-1128-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
        },
        {
          "name": "SUSE-SR:2011:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
        },
        {
          "name": "MDVSA-2011:087",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
        },
        {
          "name": "RHSA-2013:0169",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
        },
        {
          "name": "44410",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44410"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
        },
        {
          "name": "ADV-2011-1144",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
        },
        {
          "name": "47681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47681"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
        },
        {
          "name": "DSA-2238",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2238"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
        },
        {
          "name": "44463",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44463"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/tree/NEWS"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0904",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "vino-input-dos(67243)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
            },
            {
              "name": "USN-1128-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-1128-1/"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
            },
            {
              "name": "SUSE-SR:2011:009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            },
            {
              "name": "MDVSA-2011:087",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
            },
            {
              "name": "RHSA-2013:0169",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "name": "44410",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44410"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
            },
            {
              "name": "ADV-2011-1144",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1144"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
            },
            {
              "name": "47681",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47681"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
            },
            {
              "name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
            },
            {
              "name": "DSA-2238",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2238"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
            },
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=641802",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694455",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
            },
            {
              "name": "44463",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44463"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
            },
            {
              "name": "http://git.gnome.org/browse/vino/tree/NEWS",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/tree/NEWS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0904",
    "datePublished": "2011-05-10T18:00:00",
    "dateReserved": "2011-02-08T00:00:00",
    "dateUpdated": "2024-08-06T22:05:54.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41927755-3E1C-4177-8977-F52B38F3E053\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C4B1AEB-B4BA-4215-9F2C-1700CD3111E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF482208-D0E6-457E-953F-6E2361350565\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"552A7EEF-1909-4A23-98EF-81DF362C2248\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.4.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C62B9DA-E24F-4558-8B72-0C95A45A37BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.4.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"543D8E9D-70D7-436B-9BDC-8A826A2299C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.7.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"650B8890-EB29-4724-844F-4A32E050D08F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"730B2130-FB0E-48BA-B34A-C903ED08D76E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5337B18C-36F9-407F-B877-89D3D9F9B1BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E865590A-9C6D-44BE-A06F-C2EB89843654\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A04843B1-63EE-4A23-97C1-AB1E107EB7F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9764CB5E-B515-4996-AFDE-C0498F7E9008\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31133388-2D96-4524-99AD-AA68BA77241B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38EC1414-090D-4C68-87A7-27B008368EBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.13.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34F405B9-E543-40DB-8421-D529615FE3EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF93A176-DE41-4E97-9811-23C6D2E3FA4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00576CED-5848-4BD6-B243-47BC53DDAF97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F8F2CFF-1100-4F39-8081-04CDEAFA0A4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3B76C84-3BB3-4698-A65F-66DDF1EA7D80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.17.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF372DB5-2DC8-4D51-8238-91259B8F6DAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.17.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AD934ED-727D-4F76-BEFB-8BC6289E6C31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.17.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE80D282-639F-4B3B-917F-78C9E2DE9ACA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.17.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"477A4038-A94F-4D67-94A5-9AF755164B83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9ABA30A-CCEB-452C-8CDF-71BF8BA54328\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"618D194C-D298-4C09-9F60-35719011B7CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D61AFC5-B296-45C8-8032-DAAA77FF8B4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.19.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7914FF1F-E098-4359-A90E-6317648139C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.19.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7549E435-4C0B-461D-811F-7291540E28D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.19.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77F69530-C2BF-4EC5-A0B1-305C1EF734EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"518CBBF2-0F03-4700-A571-3F1FC7A36E8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D9200DB-5A3A-458D-A57E-176A6243ADDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B163B52F-7A94-4F7C-873D-61F031043701\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"823D1043-98CF-4406-AEA0-988A3139E753\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FEE04E0-8E35-4A20-972F-28AAEA033C70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ADDF708-0EC8-473A-9FA3-F94EE8939D08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6F65CD5-2ED0-4BFE-B267-04908843B752\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F2DD4B9-322D-4D05-A3E6-56BBA8C732F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.21.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5FFA5A6-5378-45CB-9360-FFEAC67DCCA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E18BEF6E-3749-4E7E-8A34-F6577204BC28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.22.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E077DC55-D51B-4408-9746-FA88DCA39938\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.22.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C0DAA31-709E-40D0-805C-01FE87CDCD26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1772115-C603-4A11-8489-321120B8A1B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.23.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"859A4E2E-BD8E-4787-8E10-DA420F4193BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.23.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"986576AE-C3B3-4161-BEDF-4CC9584EACC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.23.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9FCD3F9-AB94-4DD5-B6D0-CB8C66091134\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.23.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F07686-3E95-43DA-AD01-90E33D71AB66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC2CDDB3-ADFD-4B83-94ED-CB2A632956F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.24.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9107C16B-47A2-4906-BC07-F1FC869AFA3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2973DE8A-A346-44B5-B56D-EC33115FC548\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B854925C-5F29-491D-AC8B-87EC53EA2ABE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87C4C344-2028-453A-B66A-D7AE46C01C94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7310615E-BDC8-48D5-A8E4-53808E67AA76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A60F4AC-7C1D-4FD3-A4AF-872082093609\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5AA78F1-5331-4782-B158-CE1CEA929429\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.25.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E41EDE1-BCA4-4E2F-B655-DFF040DDABCA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42F6A115-01FB-4F44-880A-60DFEBFD7504\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.26.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9C9856E-B1E6-4E36-9758-8CFA9ADD9303\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.26.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C762D77-E35F-4F0F-BAB3-D325D769DBA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DBA2BE3-439E-4F5F-9AFE-F02BE8882F9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.27.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8037FB93-8B30-4AFA-A391-2110D40CFF62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.27.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCC199D2-B527-484A-9215-6490952E1865\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.27.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"929A2439-2644-4F92-9873-A2D1041C6C4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.27.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"972490D5-7AF3-4EB2-B6C1-8A9C66F6889E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71E9E6F4-FF60-4DDB-9F65-10D0B973E633\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.28.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AE96879-862B-4D72-9194-9278B88D3B9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.28.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"936EAF0C-141D-4DC1-92AD-EA4D34EEC2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.32.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65FE82D9-9B70-4D30-B64A-DAE742734719\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:2.32.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DBD543C-19C0-4AF2-9E87-28758BD865D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CBD087C-2AEC-4343-BD74-0F35C7BAD35A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EE1E16E-9022-4B32-A726-9184BE99A323\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_king:vino:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B47D886F-F6D1-46F4-8E91-8EBA00D43505\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n rfbSendFramebufferUpdate en server/libvncserver/rfbserver.c en vino-server en Vino v2.x antes de v2.28.3, v2.32.x antes de v2.32.2, v3.0.x antes de v3.0.2, y v3.1.x antes de v3.1.1, cuando se utiliza la codificaci\\u00f3n \\\"raw\\\", permite a usuarios autenticados remotamente causar una denegaci\\u00f3n de servicio (ca\\u00edda del demonio) a trav\\u00e9s de un gran tama\\u00f1o en el valor de (1) la posici\\u00f3n X o (2) la posici\\u00f3n Y en una solicitud de actualizaci\\u00f3n de uso de este dispositivo que provoca un acceso a memoria fuera de l\\u00edmites, relacionado con las funciones rfbTranslateNone y rfbSendRectEncodingRaw.\"}]",
      "id": "CVE-2011-0904",
      "lastModified": "2024-11-21T01:25:07.937",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:N/A:P\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-05-10T18:55:01.263",
      "references": "[{\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/log/?h=gnome-2-30\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/tree/NEWS\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0169.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/44410\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44463\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2011/dsa-2238\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:087\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/47681\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-1128-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/1144\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.gnome.org/show_bug.cgi?id=641802\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=694455\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67243\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/log/?h=gnome-2-30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.gnome.org/browse/vino/tree/NEWS\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0169.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/44410\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44463\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2011/dsa-2238\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:087\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/47681\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-1128-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/1144\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.gnome.org/show_bug.cgi?id=641802\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=694455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67243\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0904\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-05-10T18:55:01.263\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n rfbSendFramebufferUpdate en server/libvncserver/rfbserver.c en vino-server en Vino v2.x antes de v2.28.3, v2.32.x antes de v2.32.2, v3.0.x antes de v3.0.2, y v3.1.x antes de v3.1.1, cuando se utiliza la codificaci\u00f3n \\\"raw\\\", permite a usuarios autenticados remotamente causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un gran tama\u00f1o en el valor de (1) la posici\u00f3n X o (2) la posici\u00f3n Y en una solicitud de actualizaci\u00f3n de uso de este dispositivo que provoca un acceso a memoria fuera de l\u00edmites, relacionado con las funciones rfbTranslateNone y rfbSendRectEncodingRaw.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:N/A:P\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41927755-3E1C-4177-8977-F52B38F3E053\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C4B1AEB-B4BA-4215-9F2C-1700CD3111E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF482208-D0E6-457E-953F-6E2361350565\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"552A7EEF-1909-4A23-98EF-81DF362C2248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.4.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C62B9DA-E24F-4558-8B72-0C95A45A37BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.4.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"543D8E9D-70D7-436B-9BDC-8A826A2299C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.7.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"650B8890-EB29-4724-844F-4A32E050D08F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"730B2130-FB0E-48BA-B34A-C903ED08D76E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5337B18C-36F9-407F-B877-89D3D9F9B1BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E865590A-9C6D-44BE-A06F-C2EB89843654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A04843B1-63EE-4A23-97C1-AB1E107EB7F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9764CB5E-B515-4996-AFDE-C0498F7E9008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31133388-2D96-4524-99AD-AA68BA77241B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38EC1414-090D-4C68-87A7-27B008368EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.13.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34F405B9-E543-40DB-8421-D529615FE3EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF93A176-DE41-4E97-9811-23C6D2E3FA4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00576CED-5848-4BD6-B243-47BC53DDAF97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F8F2CFF-1100-4F39-8081-04CDEAFA0A4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3B76C84-3BB3-4698-A65F-66DDF1EA7D80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF372DB5-2DC8-4D51-8238-91259B8F6DAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.17.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AD934ED-727D-4F76-BEFB-8BC6289E6C31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.17.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE80D282-639F-4B3B-917F-78C9E2DE9ACA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.17.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477A4038-A94F-4D67-94A5-9AF755164B83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9ABA30A-CCEB-452C-8CDF-71BF8BA54328\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"618D194C-D298-4C09-9F60-35719011B7CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D61AFC5-B296-45C8-8032-DAAA77FF8B4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.19.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7914FF1F-E098-4359-A90E-6317648139C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.19.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7549E435-4C0B-461D-811F-7291540E28D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.19.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77F69530-C2BF-4EC5-A0B1-305C1EF734EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"518CBBF2-0F03-4700-A571-3F1FC7A36E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D9200DB-5A3A-458D-A57E-176A6243ADDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B163B52F-7A94-4F7C-873D-61F031043701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"823D1043-98CF-4406-AEA0-988A3139E753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FEE04E0-8E35-4A20-972F-28AAEA033C70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADDF708-0EC8-473A-9FA3-F94EE8939D08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6F65CD5-2ED0-4BFE-B267-04908843B752\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F2DD4B9-322D-4D05-A3E6-56BBA8C732F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.21.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5FFA5A6-5378-45CB-9360-FFEAC67DCCA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E18BEF6E-3749-4E7E-8A34-F6577204BC28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.22.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E077DC55-D51B-4408-9746-FA88DCA39938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.22.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C0DAA31-709E-40D0-805C-01FE87CDCD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1772115-C603-4A11-8489-321120B8A1B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.23.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"859A4E2E-BD8E-4787-8E10-DA420F4193BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.23.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"986576AE-C3B3-4161-BEDF-4CC9584EACC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.23.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9FCD3F9-AB94-4DD5-B6D0-CB8C66091134\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.23.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F07686-3E95-43DA-AD01-90E33D71AB66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC2CDDB3-ADFD-4B83-94ED-CB2A632956F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.24.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9107C16B-47A2-4906-BC07-F1FC869AFA3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2973DE8A-A346-44B5-B56D-EC33115FC548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B854925C-5F29-491D-AC8B-87EC53EA2ABE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C4C344-2028-453A-B66A-D7AE46C01C94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7310615E-BDC8-48D5-A8E4-53808E67AA76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A60F4AC-7C1D-4FD3-A4AF-872082093609\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5AA78F1-5331-4782-B158-CE1CEA929429\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.25.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E41EDE1-BCA4-4E2F-B655-DFF040DDABCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42F6A115-01FB-4F44-880A-60DFEBFD7504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.26.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9C9856E-B1E6-4E36-9758-8CFA9ADD9303\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.26.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C762D77-E35F-4F0F-BAB3-D325D769DBA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DBA2BE3-439E-4F5F-9AFE-F02BE8882F9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.27.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8037FB93-8B30-4AFA-A391-2110D40CFF62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.27.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC199D2-B527-484A-9215-6490952E1865\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.27.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"929A2439-2644-4F92-9873-A2D1041C6C4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.27.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"972490D5-7AF3-4EB2-B6C1-8A9C66F6889E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71E9E6F4-FF60-4DDB-9F65-10D0B973E633\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.28.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AE96879-862B-4D72-9194-9278B88D3B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.28.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"936EAF0C-141D-4DC1-92AD-EA4D34EEC2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.32.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65FE82D9-9B70-4D30-B64A-DAE742734719\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:2.32.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DBD543C-19C0-4AF2-9E87-28758BD865D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CBD087C-2AEC-4343-BD74-0F35C7BAD35A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EE1E16E-9022-4B32-A726-9184BE99A323\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_king:vino:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B47D886F-F6D1-46F4-8E91-8EBA00D43505\"}]}]}],\"references\":[{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/log/?h=gnome-2-30\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/tree/NEWS\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0169.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/44410\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44463\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2238\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:087\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/47681\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-1128-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1144\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.gnome.org/show_bug.cgi?id=641802\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=694455\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67243\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/log/?h=gnome-2-30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/vino/tree/NEWS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0169.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/44410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44463\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/47681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-1128-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.gnome.org/show_bug.cgi?id=641802\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=694455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67243\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2011-0904

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-0904

Aliases

CVE-2011-0904

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0904",
    "description": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
    "id": "GSD-2011-0904",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-0904.html",
      "https://www.debian.org/security/2011/dsa-2238",
      "https://access.redhat.com/errata/RHSA-2013:0169",
      "https://linux.oracle.com/cve/CVE-2011-0904.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0904"
      ],
      "details": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
      "id": "GSD-2011-0904",
      "modified": "2023-12-13T01:19:04.567103Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-0904",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "vino-input-dos(67243)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
          },
          {
            "name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
            "refsource": "CONFIRM",
            "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
          },
          {
            "name": "USN-1128-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-1128-1/"
          },
          {
            "name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
            "refsource": "CONFIRM",
            "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
          },
          {
            "name": "SUSE-SR:2011:009",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "name": "MDVSA-2011:087",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
          },
          {
            "name": "RHSA-2013:0169",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
          },
          {
            "name": "44410",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44410"
          },
          {
            "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
            "refsource": "CONFIRM",
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
          },
          {
            "name": "ADV-2011-1144",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/1144"
          },
          {
            "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
            "refsource": "CONFIRM",
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
          },
          {
            "name": "47681",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/47681"
          },
          {
            "name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
            "refsource": "CONFIRM",
            "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
          },
          {
            "name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
            "refsource": "CONFIRM",
            "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
          },
          {
            "name": "DSA-2238",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2011/dsa-2238"
          },
          {
            "name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
            "refsource": "CONFIRM",
            "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
          },
          {
            "name": "https://bugzilla.gnome.org/show_bug.cgi?id=641802",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
          },
          {
            "name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
            "refsource": "CONFIRM",
            "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694455",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
          },
          {
            "name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
            "refsource": "CONFIRM",
            "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
          },
          {
            "name": "44463",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44463"
          },
          {
            "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
            "refsource": "CONFIRM",
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
          },
          {
            "name": "http://git.gnome.org/browse/vino/tree/NEWS",
            "refsource": "CONFIRM",
            "url": "http://git.gnome.org/browse/vino/tree/NEWS"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.28.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.24.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.26.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.27.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.17.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.17.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.23.90:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.23.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.22.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.28.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.27.90:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.27.91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.27.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.17.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.19.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.20.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.22.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.4.90:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.7.4.91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.90:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.32.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.32.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.19.90:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.19.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.23.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.25.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.26.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.13.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.17.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.18.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.21.90:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_king:vino:2.23.91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0904"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-1144",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/1144"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
            },
            {
              "name": "44463",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/44463"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694455",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
            },
            {
              "name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
            },
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=641802",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
            },
            {
              "name": "USN-1128-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-1128-1/"
            },
            {
              "name": "http://git.gnome.org/browse/vino/tree/NEWS",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://git.gnome.org/browse/vino/tree/NEWS"
            },
            {
              "name": "44410",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/44410"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
            },
            {
              "name": "47681",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/47681"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
            },
            {
              "name": "DSA-2238",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2011/dsa-2238"
            },
            {
              "name": "MDVSA-2011:087",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
            },
            {
              "name": "RHSA-2013:0169",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "name": "SUSE-SR:2011:009",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            },
            {
              "name": "vino-input-dos(67243)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:33Z",
      "publishedDate": "2011-05-10T18:55Z"
    }
  }
}

FKIE_CVE-2011-0904

Vulnerability from fkie_nvd - Published: 2011-05-10 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news
cve@mitre.org	http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news
cve@mitre.org	http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news
cve@mitre.org	http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0	Patch
cve@mitre.org	http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f	Patch
cve@mitre.org	http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279	Patch
cve@mitre.org	http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a	Patch
cve@mitre.org	http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4	Patch
cve@mitre.org	http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d	Patch
cve@mitre.org	http://git.gnome.org/browse/vino/log/?h=gnome-2-30	Patch
cve@mitre.org	http://git.gnome.org/browse/vino/tree/NEWS
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2013-0169.html
cve@mitre.org	http://secunia.com/advisories/44410	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/44463	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2011/dsa-2238
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:087
cve@mitre.org	http://www.securityfocus.com/bid/47681
cve@mitre.org	http://www.ubuntu.com/usn/usn-1128-1/
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1144	Vendor Advisory
cve@mitre.org	https://bugzilla.gnome.org/show_bug.cgi?id=641802	Patch
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=694455	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/67243
af854a3a-2127-422b-91ae-364da2661108	http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news
af854a3a-2127-422b-91ae-364da2661108	http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news
af854a3a-2127-422b-91ae-364da2661108	http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news
af854a3a-2127-422b-91ae-364da2661108	http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0	Patch
af854a3a-2127-422b-91ae-364da2661108	http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f	Patch
af854a3a-2127-422b-91ae-364da2661108	http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279	Patch
af854a3a-2127-422b-91ae-364da2661108	http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a	Patch
af854a3a-2127-422b-91ae-364da2661108	http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4	Patch
af854a3a-2127-422b-91ae-364da2661108	http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d	Patch
af854a3a-2127-422b-91ae-364da2661108	http://git.gnome.org/browse/vino/log/?h=gnome-2-30	Patch
af854a3a-2127-422b-91ae-364da2661108	http://git.gnome.org/browse/vino/tree/NEWS
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0169.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44410	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44463	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2238
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:087
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47681
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-1128-1/
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1144	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.gnome.org/show_bug.cgi?id=641802	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=694455	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67243

Impacted products

Vendor	Product	Version
david_king	vino	2.7
david_king	vino	2.7.3
david_king	vino	2.7.3.1
david_king	vino	2.7.4
david_king	vino	2.7.4.90
david_king	vino	2.7.4.91
david_king	vino	2.7.92
david_king	vino	2.8
david_king	vino	2.9
david_king	vino	2.9.2
david_king	vino	2.10
david_king	vino	2.11
david_king	vino	2.12
david_king	vino	2.13
david_king	vino	2.13.5
david_king	vino	2.14
david_king	vino	2.15
david_king	vino	2.16
david_king	vino	2.17
david_king	vino	2.17.2
david_king	vino	2.17.4
david_king	vino	2.17.5
david_king	vino	2.17.92
david_king	vino	2.18
david_king	vino	2.18.1
david_king	vino	2.19
david_king	vino	2.19.5
david_king	vino	2.19.90
david_king	vino	2.19.92
david_king	vino	2.20
david_king	vino	2.20.1
david_king	vino	2.21
david_king	vino	2.21.1
david_king	vino	2.21.2
david_king	vino	2.21.3
david_king	vino	2.21.90
david_king	vino	2.21.91
david_king	vino	2.21.92
david_king	vino	2.22
david_king	vino	2.22.1
david_king	vino	2.22.2
david_king	vino	2.23
david_king	vino	2.23.5
david_king	vino	2.23.90
david_king	vino	2.23.91
david_king	vino	2.23.92
david_king	vino	2.24
david_king	vino	2.24.1
david_king	vino	2.25
david_king	vino	2.25.3
david_king	vino	2.25.4
david_king	vino	2.25.5
david_king	vino	2.25.90
david_king	vino	2.25.91
david_king	vino	2.25.92
david_king	vino	2.26
david_king	vino	2.26.1
david_king	vino	2.26.2
david_king	vino	2.27
david_king	vino	2.27.5
david_king	vino	2.27.90
david_king	vino	2.27.91
david_king	vino	2.27.92
david_king	vino	2.28
david_king	vino	2.28.1
david_king	vino	2.28.2
david_king	vino	2.32.0
david_king	vino	2.32.1
david_king	vino	3.0.0
david_king	vino	3.0.1
david_king	vino	3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "41927755-3E1C-4177-8977-F52B38F3E053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C4B1AEB-B4BA-4215-9F2C-1700CD3111E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF482208-D0E6-457E-953F-6E2361350565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "552A7EEF-1909-4A23-98EF-81DF362C2248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.7.4.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C62B9DA-E24F-4558-8B72-0C95A45A37BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.7.4.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "543D8E9D-70D7-436B-9BDC-8A826A2299C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.7.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "650B8890-EB29-4724-844F-4A32E050D08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "730B2130-FB0E-48BA-B34A-C903ED08D76E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5337B18C-36F9-407F-B877-89D3D9F9B1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865590A-9C6D-44BE-A06F-C2EB89843654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A04843B1-63EE-4A23-97C1-AB1E107EB7F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9764CB5E-B515-4996-AFDE-C0498F7E9008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "31133388-2D96-4524-99AD-AA68BA77241B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "38EC1414-090D-4C68-87A7-27B008368EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "34F405B9-E543-40DB-8421-D529615FE3EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF93A176-DE41-4E97-9811-23C6D2E3FA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "00576CED-5848-4BD6-B243-47BC53DDAF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F8F2CFF-1100-4F39-8081-04CDEAFA0A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3B76C84-3BB3-4698-A65F-66DDF1EA7D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF372DB5-2DC8-4D51-8238-91259B8F6DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD934ED-727D-4F76-BEFB-8BC6289E6C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.17.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE80D282-639F-4B3B-917F-78C9E2DE9ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.17.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "477A4038-A94F-4D67-94A5-9AF755164B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9ABA30A-CCEB-452C-8CDF-71BF8BA54328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "618D194C-D298-4C09-9F60-35719011B7CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D61AFC5-B296-45C8-8032-DAAA77FF8B4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7914FF1F-E098-4359-A90E-6317648139C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.19.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "7549E435-4C0B-461D-811F-7291540E28D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.19.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F69530-C2BF-4EC5-A0B1-305C1EF734EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "518CBBF2-0F03-4700-A571-3F1FC7A36E8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9200DB-5A3A-458D-A57E-176A6243ADDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "B163B52F-7A94-4F7C-873D-61F031043701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "823D1043-98CF-4406-AEA0-988A3139E753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FEE04E0-8E35-4A20-972F-28AAEA033C70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADDF708-0EC8-473A-9FA3-F94EE8939D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.21.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6F65CD5-2ED0-4BFE-B267-04908843B752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.21.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F2DD4B9-322D-4D05-A3E6-56BBA8C732F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.21.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5FFA5A6-5378-45CB-9360-FFEAC67DCCA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18BEF6E-3749-4E7E-8A34-F6577204BC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E077DC55-D51B-4408-9746-FA88DCA39938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C0DAA31-709E-40D0-805C-01FE87CDCD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1772115-C603-4A11-8489-321120B8A1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "859A4E2E-BD8E-4787-8E10-DA420F4193BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.23.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "986576AE-C3B3-4161-BEDF-4CC9584EACC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.23.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9FCD3F9-AB94-4DD5-B6D0-CB8C66091134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.23.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F07686-3E95-43DA-AD01-90E33D71AB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC2CDDB3-ADFD-4B83-94ED-CB2A632956F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9107C16B-47A2-4906-BC07-F1FC869AFA3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "2973DE8A-A346-44B5-B56D-EC33115FC548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.25.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B854925C-5F29-491D-AC8B-87EC53EA2ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.25.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C4C344-2028-453A-B66A-D7AE46C01C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.25.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7310615E-BDC8-48D5-A8E4-53808E67AA76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.25.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A60F4AC-7C1D-4FD3-A4AF-872082093609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.25.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5AA78F1-5331-4782-B158-CE1CEA929429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.25.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E41EDE1-BCA4-4E2F-B655-DFF040DDABCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "42F6A115-01FB-4F44-880A-60DFEBFD7504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C9856E-B1E6-4E36-9758-8CFA9ADD9303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C762D77-E35F-4F0F-BAB3-D325D769DBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBA2BE3-439E-4F5F-9AFE-F02BE8882F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.27.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8037FB93-8B30-4AFA-A391-2110D40CFF62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.27.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCC199D2-B527-484A-9215-6490952E1865",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.27.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "929A2439-2644-4F92-9873-A2D1041C6C4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.27.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "972490D5-7AF3-4EB2-B6C1-8A9C66F6889E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E9E6F4-FF60-4DDB-9F65-10D0B973E633",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE96879-862B-4D72-9194-9278B88D3B9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "936EAF0C-141D-4DC1-92AD-EA4D34EEC2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.32.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65FE82D9-9B70-4D30-B64A-DAE742734719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:2.32.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBD543C-19C0-4AF2-9E87-28758BD865D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CBD087C-2AEC-4343-BD74-0F35C7BAD35A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE1E16E-9022-4B32-A726-9184BE99A323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_king:vino:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47D886F-F6D1-46F4-8E91-8EBA00D43505",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n rfbSendFramebufferUpdate en server/libvncserver/rfbserver.c en vino-server en Vino v2.x antes de v2.28.3, v2.32.x antes de v2.32.2, v3.0.x antes de v3.0.2, y v3.1.x antes de v3.1.1, cuando se utiliza la codificaci\u00f3n \"raw\", permite a usuarios autenticados remotamente causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un gran tama\u00f1o en el valor de (1) la posici\u00f3n X o (2) la posici\u00f3n Y en una solicitud de actualizaci\u00f3n de uso de este dispositivo que provoca un acceso a memoria fuera de l\u00edmites, relacionado con las funciones rfbTranslateNone y rfbSendRectEncodingRaw."
    }
  ],
  "id": "CVE-2011-0904",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-05-10T18:55:01.263",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://git.gnome.org/browse/vino/tree/NEWS"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44410"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44463"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2238"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/47681"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-1128-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1144"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.gnome.org/browse/vino/tree/NEWS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-1128-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2011-AVI-273

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité permettant à une personne malintentionnée de déclencher un déni de service a été découverte dans Vino.

Description

Une vulnérabilité a été découverte dans Vino. Elle permet à un utilisateur malintentionné d'effectuer un déni de service via l'envoi de paquets spécialement conçus.

Solution

La version 2.32.1-0ubuntu2.1 du paquet Vino corrige ce problème pour Ubuntu 11.04.
La version 2.32.0-0ubuntu1.2 du paquet Vino corrige ce problème pour Ubuntu 10.10.
La version 2.28.2-0ubuntu2.1 du paquet Vino corrige ce problème pour Ubuntu 10.04 LTS.
La version 2.22.2-0ubuntu1.1 du paquet Vino corrige ce problème pour Ubuntu 8.04 LTS.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 10.04 LTS ;
Ubuntu	Ubuntu	Ubuntu 10.10 ;
Ubuntu	Ubuntu	Ubuntu 11.4 ;
Ubuntu	Ubuntu	Ubuntu 8.04 LTS.

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-1128-1 du 2 mai 2011	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-1128-1 du 04 mai 2011 :	-	other
Bulletin de sécurité Fedora FEDORA-2011-6773 du 17 mai 2011 (vino-2.32.3-1.fc14) :	-	other
Bulletin de sécurité Fedora FEDORA-2011-6778 du 17 mai 2011 (vino-2.28.3-1.fc13) :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 10.04 LTS ;",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 10.10 ;",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 11.4 ;",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 8.04 LTS.",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Vino. Elle permet \u00e0 un\nutilisateur malintentionn\u00e9 d\u0027effectuer un d\u00e9ni de service via l\u0027envoi de\npaquets sp\u00e9cialement con\u00e7us.\n\n## Solution\n\nLa version 2.32.1-0ubuntu2.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 11.04.  \nLa version 2.32.0-0ubuntu1.2 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 10.10.  \nLa version 2.28.2-0ubuntu2.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 10.04 LTS.  \nLa version 2.22.2-0ubuntu1.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 8.04 LTS.  \nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0905"
    },
    {
      "name": "CVE-2011-0904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0904"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1128-1 du 04 mai 2011 :",
      "url": "http://www.ubuntulinux.org/usn/usn-1128-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-6773 du 17 mai 2011    (vino-2.32.3-1.fc14) :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060225.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-6778 du 17 mai 2011    (vino-2.28.3-1.fc13) :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060233.html"
    }
  ],
  "reference": "CERTA-2011-AVI-273",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-05-04T00:00:00.000000"
    },
    {
      "description": "ajout des correctifs Fedora.",
      "revision_date": "2011-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant \u00e0 une personne malintentionn\u00e9e de\nd\u00e9clencher un d\u00e9ni de service a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eVino\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Vino",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1128-1 du 2 mai 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-273

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité permettant à une personne malintentionnée de déclencher un déni de service a été découverte dans Vino.

Description

Une vulnérabilité a été découverte dans Vino. Elle permet à un utilisateur malintentionné d'effectuer un déni de service via l'envoi de paquets spécialement conçus.

Solution

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 10.04 LTS ;
Ubuntu	Ubuntu	Ubuntu 10.10 ;
Ubuntu	Ubuntu	Ubuntu 11.4 ;
Ubuntu	Ubuntu	Ubuntu 8.04 LTS.

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-1128-1 du 2 mai 2011	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-1128-1 du 04 mai 2011 :	-	other
Bulletin de sécurité Fedora FEDORA-2011-6773 du 17 mai 2011 (vino-2.32.3-1.fc14) :	-	other
Bulletin de sécurité Fedora FEDORA-2011-6778 du 17 mai 2011 (vino-2.28.3-1.fc13) :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 10.04 LTS ;",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 10.10 ;",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 11.4 ;",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 8.04 LTS.",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Vino. Elle permet \u00e0 un\nutilisateur malintentionn\u00e9 d\u0027effectuer un d\u00e9ni de service via l\u0027envoi de\npaquets sp\u00e9cialement con\u00e7us.\n\n## Solution\n\nLa version 2.32.1-0ubuntu2.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 11.04.  \nLa version 2.32.0-0ubuntu1.2 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 10.10.  \nLa version 2.28.2-0ubuntu2.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 10.04 LTS.  \nLa version 2.22.2-0ubuntu1.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 8.04 LTS.  \nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0905"
    },
    {
      "name": "CVE-2011-0904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0904"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1128-1 du 04 mai 2011 :",
      "url": "http://www.ubuntulinux.org/usn/usn-1128-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-6773 du 17 mai 2011    (vino-2.32.3-1.fc14) :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060225.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-6778 du 17 mai 2011    (vino-2.28.3-1.fc13) :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060233.html"
    }
  ],
  "reference": "CERTA-2011-AVI-273",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-05-04T00:00:00.000000"
    },
    {
      "description": "ajout des correctifs Fedora.",
      "revision_date": "2011-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant \u00e0 une personne malintentionn\u00e9e de\nd\u00e9clencher un d\u00e9ni de service a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eVino\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Vino",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1128-1 du 2 mai 2011",
      "url": null
    }
  ]
}

RHSA-2013:0169

Vulnerability from csaf_redhat - Published: 2013-01-21 22:31 - Updated: 2025-11-21 17:41

Summary

Red Hat Security Advisory: vino security update

Notes

Topic

An updated vino package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

Vino is a Virtual Network Computing (VNC) server for GNOME. It allows remote users to connect to a running GNOME session using VNC. It was found that Vino transmitted all clipboard activity on the system running Vino to all clients connected to port 5900, even those who had not authenticated. A remote attacker who is able to access port 5900 on a system running Vino could use this flaw to read clipboard data without authenticating. (CVE-2012-4429) Two out-of-bounds memory read flaws were found in the way Vino processed client framebuffer requests in certain encodings. An authenticated client could use these flaws to send a specially-crafted request to Vino, causing it to crash. (CVE-2011-0904, CVE-2011-0905) In certain circumstances, the vino-preferences dialog box incorrectly indicated that Vino was only accessible from the local network. This could confuse a user into believing connections from external networks are not allowed (even when they are allowed). With this update, vino-preferences no longer displays connectivity and reachable information. (CVE-2011-1164) There was no warning that Universal Plug and Play (UPnP) was used to open ports on a user's network router when the "Configure network automatically to accept connections" option was enabled (it is disabled by default) in the Vino preferences. This update changes the option's description to avoid the risk of a UPnP router configuration change without the user's consent. (CVE-2011-1165) All Vino users should upgrade to this updated package, which contains backported patches to resolve these issues. The GNOME session must be restarted (log out, then log back in) for this update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated vino package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Vino is a Virtual Network Computing (VNC) server for GNOME. It allows\nremote users to connect to a running GNOME session using VNC.\n\nIt was found that Vino transmitted all clipboard activity on the system\nrunning Vino to all clients connected to port 5900, even those who had not\nauthenticated. A remote attacker who is able to access port 5900 on a\nsystem running Vino could use this flaw to read clipboard data without\nauthenticating. (CVE-2012-4429)\n\nTwo out-of-bounds memory read flaws were found in the way Vino processed\nclient framebuffer requests in certain encodings. An authenticated client\ncould use these flaws to send a specially-crafted request to Vino, causing\nit to crash. (CVE-2011-0904, CVE-2011-0905)\n\nIn certain circumstances, the vino-preferences dialog box incorrectly\nindicated that Vino was only accessible from the local network. This could\nconfuse a user into believing connections from external networks are not\nallowed (even when they are allowed). With this update, vino-preferences no\nlonger displays connectivity and reachable information. (CVE-2011-1164)\n\nThere was no warning that Universal Plug and Play (UPnP) was used to open\nports on a user\u0027s network router when the \"Configure network automatically\nto accept connections\" option was enabled (it is disabled by default) in\nthe Vino preferences. This update changes the option\u0027s description to avoid\nthe risk of a UPnP router configuration change without the user\u0027s consent.\n(CVE-2011-1165)\n\nAll Vino users should upgrade to this updated package, which contains\nbackported patches to resolve these issues. The GNOME session must be\nrestarted (log out, then log back in) for this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:0169",
        "url": "https://access.redhat.com/errata/RHSA-2013:0169"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "553477",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
      },
      {
        "category": "external",
        "summary": "678846",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
      },
      {
        "category": "external",
        "summary": "694455",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
      },
      {
        "category": "external",
        "summary": "694456",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
      },
      {
        "category": "external",
        "summary": "857250",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857250"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0169.json"
      }
    ],
    "title": "Red Hat Security Advisory: vino security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:41:54+00:00",
      "generator": {
        "date": "2025-11-21T17:41:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2013:0169",
      "initial_release_date": "2013-01-21T22:31:00+00:00",
      "revision_history": [
        {
          "date": "2013-01-21T22:31:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-01-21T22:34:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:41:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                  "product_id": "6Client-6.3.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 6)",
                  "product_id": "6Server-6.3.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                  "product_id": "6Workstation-6.3.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.x86_64",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.x86_64",
                  "product_id": "vino-0:2.28.1-8.el6_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.i686",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.i686",
                  "product_id": "vino-0:2.28.1-8.el6_3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.src",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.src",
                  "product_id": "vino-0:2.28.1-8.el6_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.s390x",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.s390x",
                  "product_id": "vino-0:2.28.1-8.el6_3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.ppc64",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.ppc64",
                  "product_id": "vino-0:2.28.1-8.el6_3.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.src",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.src",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.src",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-0904",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2011-03-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "694455"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-0904"
        },
        {
          "category": "external",
          "summary": "RHBZ#694455",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-0904"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904"
        }
      ],
      "release_date": "2011-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests"
    },
    {
      "cve": "CVE-2011-0905",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2011-03-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "694456"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-0905"
        },
        {
          "category": "external",
          "summary": "RHBZ#694456",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0905",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-0905"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0905",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0905"
        }
      ],
      "release_date": "2011-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests"
    },
    {
      "cve": "CVE-2011-1164",
      "discovery_date": "2010-01-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "553477"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: vino-preferences incorrectly indicates that computer is only reachable over local network",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP).  A future update in Red Hat Enterprise Linux 6 may address this flaw.  To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled.  This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-1164"
        },
        {
          "category": "external",
          "summary": "RHBZ#553477",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-1164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-1164"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1164",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1164"
        }
      ],
      "release_date": "2009-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino: vino-preferences incorrectly indicates that computer is only reachable over local network"
    },
    {
      "cve": "CVE-2011-1165",
      "discovery_date": "2011-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "678846"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the \"Configure network to automatically accept connections\" setting is enabled, which might make it easier for remote attackers to perform further attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino-preferences does not warn about UPnP especially with no password and no confirmation.",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP).  A future update in Red Hat Enterprise Linux 6 may address this flaw.  To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled.  This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-1165"
        },
        {
          "category": "external",
          "summary": "RHBZ#678846",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-1165",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-1165"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1165",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1165"
        }
      ],
      "release_date": "2009-09-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino-preferences does not warn about UPnP especially with no password and no confirmation."
    },
    {
      "cve": "CVE-2012-4429",
      "discovery_date": "2012-09-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "857250"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: information leak and authentication bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-4429"
        },
        {
          "category": "external",
          "summary": "RHBZ#857250",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857250"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4429",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-4429"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4429",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4429"
        }
      ],
      "release_date": "2012-06-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vino: information leak and authentication bypass"
    }
  ]
}

RHSA-2013_0169

Vulnerability from csaf_redhat - Published: 2013-01-21 22:31 - Updated: 2024-11-22 06:03

Summary

Red Hat Security Advisory: vino security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated vino package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Vino is a Virtual Network Computing (VNC) server for GNOME. It allows\nremote users to connect to a running GNOME session using VNC.\n\nIt was found that Vino transmitted all clipboard activity on the system\nrunning Vino to all clients connected to port 5900, even those who had not\nauthenticated. A remote attacker who is able to access port 5900 on a\nsystem running Vino could use this flaw to read clipboard data without\nauthenticating. (CVE-2012-4429)\n\nTwo out-of-bounds memory read flaws were found in the way Vino processed\nclient framebuffer requests in certain encodings. An authenticated client\ncould use these flaws to send a specially-crafted request to Vino, causing\nit to crash. (CVE-2011-0904, CVE-2011-0905)\n\nIn certain circumstances, the vino-preferences dialog box incorrectly\nindicated that Vino was only accessible from the local network. This could\nconfuse a user into believing connections from external networks are not\nallowed (even when they are allowed). With this update, vino-preferences no\nlonger displays connectivity and reachable information. (CVE-2011-1164)\n\nThere was no warning that Universal Plug and Play (UPnP) was used to open\nports on a user\u0027s network router when the \"Configure network automatically\nto accept connections\" option was enabled (it is disabled by default) in\nthe Vino preferences. This update changes the option\u0027s description to avoid\nthe risk of a UPnP router configuration change without the user\u0027s consent.\n(CVE-2011-1165)\n\nAll Vino users should upgrade to this updated package, which contains\nbackported patches to resolve these issues. The GNOME session must be\nrestarted (log out, then log back in) for this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:0169",
        "url": "https://access.redhat.com/errata/RHSA-2013:0169"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "553477",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
      },
      {
        "category": "external",
        "summary": "678846",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
      },
      {
        "category": "external",
        "summary": "694455",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
      },
      {
        "category": "external",
        "summary": "694456",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
      },
      {
        "category": "external",
        "summary": "857250",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857250"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0169.json"
      }
    ],
    "title": "Red Hat Security Advisory: vino security update",
    "tracking": {
      "current_release_date": "2024-11-22T06:03:45+00:00",
      "generator": {
        "date": "2024-11-22T06:03:45+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2013:0169",
      "initial_release_date": "2013-01-21T22:31:00+00:00",
      "revision_history": [
        {
          "date": "2013-01-21T22:31:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-01-21T22:34:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T06:03:45+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                  "product_id": "6Client-6.3.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 6)",
                  "product_id": "6Server-6.3.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                  "product_id": "6Workstation-6.3.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.x86_64",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.x86_64",
                  "product_id": "vino-0:2.28.1-8.el6_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.i686",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.i686",
                  "product_id": "vino-0:2.28.1-8.el6_3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.src",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.src",
                  "product_id": "vino-0:2.28.1-8.el6_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.s390x",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.s390x",
                  "product_id": "vino-0:2.28.1-8.el6_3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.ppc64",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.ppc64",
                  "product_id": "vino-0:2.28.1-8.el6_3.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.src",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.src",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.src",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-0904",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2011-03-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "694455"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-0904"
        },
        {
          "category": "external",
          "summary": "RHBZ#694455",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-0904"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904"
        }
      ],
      "release_date": "2011-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests"
    },
    {
      "cve": "CVE-2011-0905",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2011-03-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "694456"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-0905"
        },
        {
          "category": "external",
          "summary": "RHBZ#694456",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0905",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-0905"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0905",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0905"
        }
      ],
      "release_date": "2011-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests"
    },
    {
      "cve": "CVE-2011-1164",
      "discovery_date": "2010-01-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "553477"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: vino-preferences incorrectly indicates that computer is only reachable over local network",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP).  A future update in Red Hat Enterprise Linux 6 may address this flaw.  To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled.  This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-1164"
        },
        {
          "category": "external",
          "summary": "RHBZ#553477",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-1164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-1164"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1164",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1164"
        }
      ],
      "release_date": "2009-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino: vino-preferences incorrectly indicates that computer is only reachable over local network"
    },
    {
      "cve": "CVE-2011-1165",
      "discovery_date": "2011-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "678846"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the \"Configure network to automatically accept connections\" setting is enabled, which might make it easier for remote attackers to perform further attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino-preferences does not warn about UPnP especially with no password and no confirmation.",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP).  A future update in Red Hat Enterprise Linux 6 may address this flaw.  To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled.  This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-1165"
        },
        {
          "category": "external",
          "summary": "RHBZ#678846",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-1165",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-1165"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1165",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1165"
        }
      ],
      "release_date": "2009-09-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino-preferences does not warn about UPnP especially with no password and no confirmation."
    },
    {
      "cve": "CVE-2012-4429",
      "discovery_date": "2012-09-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "857250"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: information leak and authentication bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-4429"
        },
        {
          "category": "external",
          "summary": "RHBZ#857250",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857250"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4429",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-4429"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4429",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4429"
        }
      ],
      "release_date": "2012-06-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vino: information leak and authentication bypass"
    }
  ]
}

OPENSUSE-SU-2024:10047-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

vino-3.22.0-1.1 on GA media

Notes

Title of the patch

vino-3.22.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the vino-3.22.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10047

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "vino-3.22.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the vino-3.22.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10047",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10047-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2011-0904 page",
        "url": "https://www.suse.com/security/cve/CVE-2011-0904/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2011-0905 page",
        "url": "https://www.suse.com/security/cve/CVE-2011-0905/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2011-1164 page",
        "url": "https://www.suse.com/security/cve/CVE-2011-1164/"
      }
    ],
    "title": "vino-3.22.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10047-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-3.22.0-1.1.aarch64",
                "product": {
                  "name": "vino-3.22.0-1.1.aarch64",
                  "product_id": "vino-3.22.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "vino-lang-3.22.0-1.1.aarch64",
                "product": {
                  "name": "vino-lang-3.22.0-1.1.aarch64",
                  "product_id": "vino-lang-3.22.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-3.22.0-1.1.ppc64le",
                "product": {
                  "name": "vino-3.22.0-1.1.ppc64le",
                  "product_id": "vino-3.22.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "vino-lang-3.22.0-1.1.ppc64le",
                "product": {
                  "name": "vino-lang-3.22.0-1.1.ppc64le",
                  "product_id": "vino-lang-3.22.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-3.22.0-1.1.s390x",
                "product": {
                  "name": "vino-3.22.0-1.1.s390x",
                  "product_id": "vino-3.22.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "vino-lang-3.22.0-1.1.s390x",
                "product": {
                  "name": "vino-lang-3.22.0-1.1.s390x",
                  "product_id": "vino-lang-3.22.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-3.22.0-1.1.x86_64",
                "product": {
                  "name": "vino-3.22.0-1.1.x86_64",
                  "product_id": "vino-3.22.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vino-lang-3.22.0-1.1.x86_64",
                "product": {
                  "name": "vino-lang-3.22.0-1.1.x86_64",
                  "product_id": "vino-lang-3.22.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-3.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64"
        },
        "product_reference": "vino-3.22.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-3.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le"
        },
        "product_reference": "vino-3.22.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-3.22.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vino-3.22.0-1.1.s390x"
        },
        "product_reference": "vino-3.22.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-3.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64"
        },
        "product_reference": "vino-3.22.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-lang-3.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64"
        },
        "product_reference": "vino-lang-3.22.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-lang-3.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le"
        },
        "product_reference": "vino-lang-3.22.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-lang-3.22.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x"
        },
        "product_reference": "vino-lang-3.22.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-lang-3.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
        },
        "product_reference": "vino-lang-3.22.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-0904",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2011-0904"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
          "openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
          "openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
          "openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2011-0904",
          "url": "https://www.suse.com/security/cve/CVE-2011-0904"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 690238 for CVE-2011-0904",
          "url": "https://bugzilla.suse.com/690238"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 691207 for CVE-2011-0904",
          "url": "https://bugzilla.suse.com/691207"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 691356 for CVE-2011-0904",
          "url": "https://bugzilla.suse.com/691356"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
            "openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
            "openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
            "openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2011-0904"
    },
    {
      "cve": "CVE-2011-0905",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2011-0905"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
          "openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
          "openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
          "openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2011-0905",
          "url": "https://www.suse.com/security/cve/CVE-2011-0905"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 690238 for CVE-2011-0905",
          "url": "https://bugzilla.suse.com/690238"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 691207 for CVE-2011-0905",
          "url": "https://bugzilla.suse.com/691207"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 691356 for CVE-2011-0905",
          "url": "https://bugzilla.suse.com/691356"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
            "openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
            "openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
            "openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2011-0905"
    },
    {
      "cve": "CVE-2011-1164",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2011-1164"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
          "openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
          "openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
          "openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
          "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2011-1164",
          "url": "https://www.suse.com/security/cve/CVE-2011-1164"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 680072 for CVE-2011-1164",
          "url": "https://bugzilla.suse.com/680072"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:vino-3.22.0-1.1.aarch64",
            "openSUSE Tumbleweed:vino-3.22.0-1.1.ppc64le",
            "openSUSE Tumbleweed:vino-3.22.0-1.1.s390x",
            "openSUSE Tumbleweed:vino-3.22.0-1.1.x86_64",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.aarch64",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.ppc64le",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.s390x",
            "openSUSE Tumbleweed:vino-lang-3.22.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2011-1164"
    }
  ]
}

GHSA-5C7F-3FP9-P3V4

Vulnerability from github – Published: 2022-05-17 02:01 – Updated: 2025-04-11 03:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-0904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-05-10T18:55:00Z",
    "severity": "LOW"
  },
  "details": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
  "id": "GHSA-5c7f-3fp9-p3v4",
  "modified": "2025-04-11T03:46:49Z",
  "published": "2022-05-17T02:01:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
    },
    {
      "type": "WEB",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
    },
    {
      "type": "WEB",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
    },
    {
      "type": "WEB",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
    },
    {
      "type": "WEB",
      "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
    },
    {
      "type": "WEB",
      "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
    },
    {
      "type": "WEB",
      "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
    },
    {
      "type": "WEB",
      "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
    },
    {
      "type": "WEB",
      "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
    },
    {
      "type": "WEB",
      "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
    },
    {
      "type": "WEB",
      "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
    },
    {
      "type": "WEB",
      "url": "http://git.gnome.org/browse/vino/tree/NEWS"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44410"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44463"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2238"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47681"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-1128-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/1144"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-0904 (GCVE-0-2011-0904)

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature