Tigervnc

Tigervnc

29 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-6478

  • EPSS 1.21%
  • Published 13.12.2023 07:15:31
  • Last modified 04.08.2025 21:15:27

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

7.8

CVE-2023-6377

  • EPSS 0.41%
  • Published 13.12.2023 07:15:30
  • Last modified 18.08.2025 12:15:26

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cas...

8.1

CVE-2020-26117

  • EPSS 0.94%
  • Published 27.09.2020 04:15:11
  • Last modified 21.11.2024 05:19:16

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client...

9.8

CVE-2014-0011

  • EPSS 0.55%
  • Published 02.01.2020 20:15:15
  • Last modified 21.11.2024 02:01:10

Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code ...

7.2

CVE-2019-15695

Exploit
  • EPSS 3.42%
  • Published 26.12.2019 16:15:10
  • Last modified 21.11.2024 04:29:16

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from ...

7.2

CVE-2019-15694

Exploit
  • EPSS 6.31%
  • Published 26.12.2019 15:15:11
  • Last modified 21.11.2024 04:29:16

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could pote...

7.2

CVE-2019-15693

Exploit
  • EPSS 9.38%
  • Published 26.12.2019 15:15:11
  • Last modified 21.11.2024 04:29:16

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via net...

7.2

CVE-2019-15692

Exploit
  • EPSS 5.3%
  • Published 26.12.2019 15:15:11
  • Last modified 21.11.2024 04:29:16

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This ...

7.2

CVE-2019-15691

Exploit
  • EPSS 3.87%
  • Published 26.12.2019 15:15:11
  • Last modified 21.11.2024 04:29:16

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been a...

7.5

CVE-2017-7396

  • EPSS 0.53%
  • Published 01.04.2017 02:59:00
  • Last modified 20.04.2025 01:37:25

In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.