Search CVE reports
11 – 20 of 21 results
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
4 affected packages
vino, veyon, x11vnc, libvncserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vino | Not affected | Not affected | Not affected | Not affected |
| veyon | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| x11vnc | Not affected | Not affected | Needs evaluation | Needs evaluation |
| libvncserver | Not affected | Not affected | Needs evaluation | Needs evaluation |
Some fixes available 20 of 78
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another...
7 affected packages
krfb, libvncserver, tightvnc, veyon, x11vnc...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| krfb | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libvncserver | Not affected | Not affected | Not affected | Fixed |
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| veyon | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| x11vnc | Not affected | Not affected | Not affected | Not affected |
| italc | Not in release | Not in release | Not in release | Fixed |
| vino | Fixed | Fixed | Fixed | Fixed |
Some fixes available 1 of 126
TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.
11 affected packages
bochs, directvnc, libvncserver, ssvnc, tightvnc...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bochs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| directvnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libvncserver | Not affected | Not affected | Not affected | Not affected |
| ssvnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vino | Not affected | Not affected | Not affected | Not affected |
| veyon | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected |
| vncsnapshot | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| x11vnc | Not affected | Not affected | Not affected | Not affected |
| x2vnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 33 of 47
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified...
4 affected packages
italc, libvncserver, tightvnc, vino
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| italc | Not in release | Not in release | Not in release | Fixed |
| libvncserver | Fixed | Fixed | Fixed | Fixed |
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vino | Fixed | Fixed | Fixed | Fixed |
Some fixes available 19 of 34
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a...
5 affected packages
italc, krfb, libvncserver, vino, tightvnc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| italc | Not in release | Not in release | Not in release | Not affected |
| krfb | Not affected | Not affected | Not affected | Not affected |
| libvncserver | Not affected | Not affected | Not affected | Not affected |
| vino | Fixed | Fixed | Fixed | Fixed |
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 3 of 4
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close...
1 affected package
vino
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vino | — | — | — | — |
Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to...
1 affected package
vino
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vino | — | — | — | — |
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
1 affected package
vino
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vino | — | — | — | — |
Some fixes available 4 of 6
Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.
1 affected package
vino
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vino | — | — | — | — |
Some fixes available 4 of 11
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows...
3 affected packages
kdenetwork, libvncserver, vino
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kdenetwork | — | — | — | — |
| libvncserver | — | — | — | — |
| vino | — | — | — | — |