Tigervnc

Tigervnc

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-6478

  • EPSS 1.21%
  • Veröffentlicht 13.12.2023 07:15:31
  • Zuletzt bearbeitet 04.08.2025 21:15:27

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

7.8

CVE-2023-6377

  • EPSS 0.41%
  • Veröffentlicht 13.12.2023 07:15:30
  • Zuletzt bearbeitet 18.08.2025 12:15:26

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cas...

8.1

CVE-2020-26117

  • EPSS 0.94%
  • Veröffentlicht 27.09.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 05:19:16

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client...

9.8

CVE-2014-0011

  • EPSS 0.55%
  • Veröffentlicht 02.01.2020 20:15:15
  • Zuletzt bearbeitet 21.11.2024 02:01:10

Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code ...

7.2

CVE-2019-15695

Exploit
  • EPSS 3.42%
  • Veröffentlicht 26.12.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:29:16

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from ...

7.2

CVE-2019-15694

Exploit
  • EPSS 6.31%
  • Veröffentlicht 26.12.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:16

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could pote...

7.2

CVE-2019-15693

Exploit
  • EPSS 9.38%
  • Veröffentlicht 26.12.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:16

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via net...

7.2

CVE-2019-15692

Exploit
  • EPSS 5.3%
  • Veröffentlicht 26.12.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:16

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This ...

7.2

CVE-2019-15691

Exploit
  • EPSS 3.87%
  • Veröffentlicht 26.12.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:16

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been a...

7.5

CVE-2017-7396

  • EPSS 0.53%
  • Veröffentlicht 01.04.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.