7.5
CVE-2019-15681
- EPSS 6.19%
- Published 29.10.2019 19:15:18
- Last modified 21.11.2024 04:29:15
- Source vulnerability@kaspersky.com
- Teams watchlist Login
- Open Login
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Data is provided by the National Vulnerability Database (NVD)
Libvnc Project ≫ Libvncserver Version < 0.9.12
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.10
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Siemens ≫ Simatic Itc1500 Firmware Version >= 3.0.0.0 < 3.2.1.0
Siemens ≫ Simatic Itc1500 Pro Firmware Version >= 3.0.0.0 < 3.2.1.0
Siemens ≫ Simatic Itc1900 Firmware Version >= 3.0.0.0 < 3.2.1.0
Siemens ≫ Simatic Itc1900 Pro Firmware Version >= 3.0.0.0 < 3.2.1.0
Siemens ≫ Simatic Itc2200 Firmware Version >= 3.0.0.0 < 3.2.1.0
Siemens ≫ Simatic Itc2200 Pro Firmware Version >= 3.0.0.0 < 3.2.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.19% | 0.905 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-665 Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.