CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
73.8%
Software: tigervnc 1.8.0
OS: rosa-server79
package_evr_string: tigervnc-1.8.0-31.res7
CVE-ID: CVE-2023-6816
BDU-ID: 2024-00405
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the DeviceFocusEvent and XIQueryPointer functions of the X Window System X.Org Server implementation is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update tigervnc command
CVE-ID: CVE-2024-0229
BDU-ID: 2024-00676
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Wayland protocol implementation for X.Org XWayland, an implementation of the X Window System X.Org Server is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Run yum update tigervnc to close it
CVE-ID: CVE-2024-21885
BDU-ID: 2024-00667
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the XISendDeviceHierarchyEvent function of the Wayland protocol implementation for X.Org XWayland, an implementation of the X Window System X.Org Server is associated with a buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update tigervnc command
CVE-ID: CVE-2024-21886
BDU-ID: 2024-00675
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the DisableDevice function of the Wayland protocol implementation for X.Org XWayland, an implementation of the X Window System X.Org Server is associated with a buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update tigervnc command
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
73.8%