D-Link DVA-5592 Cross-Site Scripting Vulnerability

The D-Link DVA-5592 is a wireless router from AUO D-Link of Taiwan, China. A cross-site scripting vulnerability exists in the web interface of the D-Link DVA-5592 version 20180823, which can be exploited by an attacker to execute client-side code...

WordPress Genetechsolutions Pie Register Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Genetechsolutions Pie Register is a website registration plugin used in it. A cross-site scripting vulnerability exists in WordPress...

Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code

Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references. They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic. The flaw was correcte...

Multiple Point-by-Point Vulnerabilities in UltraVNC

UltraVNC is an open source remote terminal control software for the Windows platform. A security vulnerability exists in the VNC client code in UltraVNC version 1206, which stems from the program incorrectly using the 'ClientConnection::ReadString' function. An attacker could exploit the...

CVE-2019-8265

UltraVNC revision 1207 contains multiple out-of-bounds access vulnerabilities in the VNC client code (notably related to improper usage of the SETPIXELS macro), which can potentially enable remote code execution over a network. In the connected disclosures, these issues are consistently tied to t...

CVE-2019-8268

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been...

CVE-2019-8268

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been...

CVE-2019-8270

UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service DoS condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211...

CVE-2019-8268

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been...

Design/Logic Flaw

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is...

Design/Logic Flaw

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in...

CVE-2019-8259

UltraVNC revision 1198 contains multiple memory leaks CWE-655 in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be...

CVE-2019-8259

UltraVNC revision 1198 contains multiple memory leaks CWE-655 in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be...

CVE-2018-15361

UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199...

CVE-2019-8262

UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in the VNC client code inside the Ultra decoder, which can lead to remote code execution over the network. These issues are fixed in revision 1204. The CVE is assigned to the heap-based overflow in UltraVNC 1203 and is rated...

CVE-2018-15361

UltraVNC revision 1198 contains a buffer underflow in the VNC client code that could potentially allow code execution. The vulnerability is exploitable over network connectivity, and Siemens/CISA context confirms the fix is to upgrade to revision 1199. No further technical details are provided in...

openSUSE Security Update : LibVNCServer (openSUSE-2019-200)

This update for LibVNCServer fixes the following issues: Security issues fixed : - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c bsc1123828 - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c bsc1123832 - CVE-2018-20748: Fixed multiple...

SUSE SLES11 Security Update : LibVNCServer (SUSE-SU-2019:13952-1)

This update for LibVNCServer fixes the following issues : Security issues fixed : CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c bsc1123828 CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c bsc1123832 CVE-2018-20748: Fixed multiple heap...

SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2019:0313-1)

This update for LibVNCServer fixes the following issues : Security issues fixed : CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c bsc1123828 CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c bsc1123832 CVE-2018-20748: Fixed multiple heap...

CVE-2018-20020

LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution...