156 matches found
Multiple Siemens Products Denial of Service Vulnerabilities
Siemens SINUMERIK 808D and so on are the German Siemens Siemens company's CNC machine tool system controller. A security vulnerability exists in several Siemens products. A remote attacker could exploit this vulnerability by using the integrated VNC server on port 5900/tcp to cause a denial of...
Qemu: memory exhaustion through framebuffer update request message in VNC server
VNC server implementation in Quick Emulator QEMU was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A...
ALPINE-CVE-2016-9603
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this fla...
UBUNTU-CVE-2018-7225
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...
QEMU Denial of Service Vulnerability (CNVD-2018-03060)
QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A security vulnerability exists in the VNC server implementation in versions of QEMU prior to 2.14.3, which stems from the program's failure t...
Multiple Vmware Product Stack Overflow Vulnerabilities
VMware ESXi, Workstation, and Fusion are all products of VMware, Inc. VMware ESXi is a server virtualization platform that can be installed directly on physical servers; VMware Workstation is a suite of virtual machine software; and Fusion is a suite of virtual machine software that is designed t...
DEBIAN-CVE-2017-7980
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator Qemu 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service crash via vectors related to a VNC client updating its display after a VGA operation...
Qemu: VNC: memory corruption due to unchecked resolution limit
An out-of-bounds memory access issue was found in Quick Emulator QEMU in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...
Qemu: VNC: memory corruption due to unchecked resolution limit
An out-of-bounds memory access issue was found in Quick Emulator QEMU in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...
Qemu: VNC: memory corruption due to unchecked resolution limit
An out-of-bounds memory access issue was found in Quick Emulator QEMU in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...
Qemu: cirrus: heap buffer overflow via vnc connection
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash...
DEBIAN-CVE-2015-8504
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service arithmetic exception and application crash via crafted SetPixelFormat messages from a client...
[SECURITY] Fedora 26 Update: tigervnc-1.7.1-4.fc26
Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you ...
TigerVNC Integer Overflow Vulnerability
TigerVNC is a high-performance, platform-neutral implementation of VNC Virtual Network Computing, a client/server application that allows users to launch and interact with graphical applications on remote machines. An integer overflow vulnerability exists in the SMsgReader::readClientCutText...
DEBIAN-CVE-2017-7393
In TigerVNC 1.7.1 VNCSConnectionST.cxx VNCSConnectionST::fence, an authenticated client can cause a double free, leading to denial of service or potentially code execution...
libvirt: Setting empty VNC password allows access to unauthorized users
It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authenticatio...
DEBIAN-CVE-2016-5008
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server...
The vulnerability of the QEMU hardware emulation software, which allows a hacker to trigger a service failure
The vulnerability of the VNC websocket frame decoder in the hardware emulation software QEMU is related to resource management errors. Exploiting this vulnerability allows a malicious actor to cause service failures such as increased memory and computational resources usage by sending HTTP header...
qemu: vnc: insufficient resource limiting in VNC websockets decoder
It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory...
USN-2745-1 qemu, qemu-kvm vulnerabilities
Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-5239 Qinghao...