Lucene search
K

156 matches found

CNVD
CNVD
added 2018/12/14 12:0 a.m.3 views

Multiple Siemens Products Denial of Service Vulnerabilities

Siemens SINUMERIK 808D and so on are the German Siemens Siemens company's CNC machine tool system controller. A security vulnerability exists in several Siemens products. A remote attacker could exploit this vulnerability by using the integrated VNC server on port 5900/tcp to cause a denial of...

4.3CVSS6.8AI score0.01857EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/10/30 9:42 a.m.2 views

Qemu: memory exhaustion through framebuffer update request message in VNC server

VNC server implementation in Quick Emulator QEMU was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A...

7.8CVSS7.2AI score0.02843EPSS
Exploits0References4
OSV
OSV
added 2018/07/27 9:29 p.m.4 views

ALPINE-CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this fla...

9.9CVSS7.9AI score0.04448EPSS
Exploits0References1
OSV
OSV
added 2018/02/19 12:0 a.m.1 views

UBUNTU-CVE-2018-7225

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...

9.8CVSS6.8AI score0.06222EPSS
Exploits1References7
CNVD
CNVD
added 2018/01/05 12:0 a.m.1 views

QEMU Denial of Service Vulnerability (CNVD-2018-03060)

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A security vulnerability exists in the VNC server implementation in versions of QEMU prior to 2.14.3, which stems from the program's failure t...

7.8CVSS6.8AI score0.02843EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/20 12:0 a.m.4 views

Multiple Vmware Product Stack Overflow Vulnerabilities

VMware ESXi, Workstation, and Fusion are all products of VMware, Inc. VMware ESXi is a server virtualization platform that can be installed directly on physical servers; VMware Workstation is a suite of virtual machine software; and Fusion is a suite of virtual machine software that is designed t...

8.8CVSS7.8AI score0.03157EPSS
Exploits1References1
OSV
OSV
added 2017/07/25 2:29 p.m.1 views

DEBIAN-CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator Qemu 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service crash via vectors related to a VNC client updating its display after a VGA operation...

7.8CVSS9AI score0.00625EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/06/14 3:20 p.m.17 views

Qemu: VNC: memory corruption due to unchecked resolution limit

An out-of-bounds memory access issue was found in Quick Emulator QEMU in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...

6.5CVSS6.8AI score0.03036EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/05/09 12:29 p.m.4 views

Qemu: VNC: memory corruption due to unchecked resolution limit

An out-of-bounds memory access issue was found in Quick Emulator QEMU in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...

6.5CVSS6.8AI score0.03036EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/05/09 11:7 a.m.10 views

Qemu: VNC: memory corruption due to unchecked resolution limit

An out-of-bounds memory access issue was found in Quick Emulator QEMU in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...

6.5CVSS6.8AI score0.03036EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/04/18 4:56 a.m.4 views

Qemu: cirrus: heap buffer overflow via vnc connection

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash...

9.9CVSS7.8AI score0.04448EPSS
Exploits0References4
OSV
OSV
added 2017/04/11 7:59 p.m.3 views

DEBIAN-CVE-2015-8504

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service arithmetic exception and application crash via crafted SetPixelFormat messages from a client...

6.5CVSS8.8AI score0.03115EPSS
Exploits0References1
Fedora
Fedora
added 2017/04/11 1:47 p.m.21 views

[SECURITY] Fedora 26 Update: tigervnc-1.7.1-4.fc26

Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you ...

8.8CVSS3.6AI score0.02033EPSS
Exploits0
CNVD
CNVD
added 2017/04/05 12:0 a.m.1 views

TigerVNC Integer Overflow Vulnerability

TigerVNC is a high-performance, platform-neutral implementation of VNC Virtual Network Computing, a client/server application that allows users to launch and interact with graphical applications on remote machines. An integer overflow vulnerability exists in the SMsgReader::readClientCutText...

6.5CVSS6.7AI score0.01432EPSS
Exploits0References1
OSV
OSV
added 2017/04/01 2:59 a.m.1 views

DEBIAN-CVE-2017-7393

In TigerVNC 1.7.1 VNCSConnectionST.cxx VNCSConnectionST::fence, an authenticated client can cause a double free, leading to denial of service or potentially code execution...

8.8CVSS7.5AI score0.0182EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/11/03 8:7 a.m.10 views

libvirt: Setting empty VNC password allows access to unauthorized users

It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authenticatio...

9.8CVSS7.3AI score0.03623EPSS
Exploits0References4
OSV
OSV
added 2016/07/13 3:59 p.m.2 views

DEBIAN-CVE-2016-5008

libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server...

9.8CVSS9.7AI score0.03623EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/01/22 12:0 a.m.5 views

The vulnerability of the QEMU hardware emulation software, which allows a hacker to trigger a service failure

The vulnerability of the VNC websocket frame decoder in the hardware emulation software QEMU is related to resource management errors. Exploiting this vulnerability allows a malicious actor to cause service failures such as increased memory and computational resources usage by sending HTTP header...

7.8CVSS7.3AI score0.07393EPSS
Exploits0References20Affected Software6
RedHat Linux
RedHat Linux
added 2015/10/27 8:50 a.m.4 views

qemu: vnc: insufficient resource limiting in VNC websockets decoder

It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory...

8.6CVSS7.1AI score0.07393EPSS
Exploits0References4
OSV
OSV
added 2015/09/24 6:37 p.m.3 views

USN-2745-1 qemu, qemu-kvm vulnerabilities

Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-5239 Qinghao...

7.5CVSS7AI score0.0361EPSS
Exploits1References6
Rows per page
Query Builder