CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

CNVD•added 2019/03/11 12:0 a.m.•1 views

UltraVNC out-of-bounds access vulnerability (CNVD-2019-10288)

UltraVNC is an open source remote terminal control software for the Windows platform. A security vulnerability exists in the VNC client code in UltraVNC version 1207, which stems from the program incorrectly using the 'ClientConnection::Copybuffer' function. An attacker could exploit the...

9.8CVSS7.7AI score0.01255EPSS

Exploits0References1

CVE•added 2019/03/09 12:0 a.m.•45 views

CVE-2019-8266

CVE-2019-8266 affects UltraVNC revision 1207 where multiple out-of-bounds access vulnerabilities in the VNC client code (ClientConnection::Copybuffer) could lead to code execution. Exploitation is described as network‑based with user interaction required to trigger, and the issues were fixed in r...

9.8CVSS9.6AI score0.01255EPSS

Exploits0References3Affected Software1

NVD•added 2019/03/08 11:29 p.m.•15 views

CVE-2019-8268

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been...

9.8CVSS10AI score0.01404EPSS

Exploits0References3

Prion•added 2019/03/08 11:29 p.m.•7 views

Code injection

7.5CVSS9.8AI score0.01404EPSS

Exploits0References3Affected Software4

Prion•added 2019/03/08 11:29 p.m.•14 views

Design/Logic Flaw

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is...

7.5CVSS9.7AI score0.01255EPSS

Exploits0References3Affected Software1

OpenVAS•added 2009/03/03 12:0 a.m.•22 views

UltraVNC < 1.0.5.4 ClientConnection Multiple Integer Overflow Vulnerabilities - Windows

UltraVNC is prone to multiple integer overflow vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.8AI score0.48323EPSS

Exploits11References3

OpenVAS•added 2009/03/03 12:0 a.m.•16 views

TightVNC ClientConnection Multiple Integer Overflow Vulnerabilities (Linux)

This host is running TightVNC and is prone to Multiple Integer Overflow Vulnerability. OpenVAS Vulnerability Test $Id: secpodtightvncmultintoverflowvulnlin.nasl 5148 2017-01-31 13:16:55Z teissa $ TightVNC ClientConnection Multiple Integer Overflow Vulnerabilities Linux Authors: Sujit Ghosal...

10CVSS1.1AI score0.48323EPSS

Exploits11References3

Saint•added 2009/02/20 12:0 a.m.•26 views

UltraVNC ClientConnection integer overflow

Added: 02/20/2009 CVE: CVE-2009-0388 BID: 33568 Background UltraVNC is free software for remote desktop access. Problem Multiple integer overflow vulnerabilities in the ClientConnection class allow command execution when a user connects to a VNC server which sends a message with a large length...

10CVSS7AI score0.48323EPSS

Exploits11

Saint•added 2009/02/20 12:0 a.m.•23 views

UltraVNC ClientConnection integer overflow

10CVSS7AI score0.48323EPSS

Exploits11

Saint•added 2009/02/20 12:0 a.m.•28 views

UltraVNC ClientConnection integer overflow

10CVSS7AI score0.48323EPSS

Exploits11

Saint•added 2009/02/20 12:0 a.m.•24 views

UltraVNC ClientConnection integer overflow

10CVSS7AI score0.48323EPSS

Exploits11

Debian CVE•added 2009/02/04 7:0 p.m.•22 views

CVE-2009-0388

Multiple integer signedness errors in 1 UltraVNC 1.0.2 and 1.0.5 and 2 TightVnc 1.3.9 allow remote VNC servers to cause a denial of service heap corruption and application crash or possibly execute arbitrary code via a large length value in a message, related to the a...

10CVSS5.4AI score0.48323EPSS

Exploits11

NVD•added 2008/02/06 12:0 p.m.•13 views

CVE-2008-0610

Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a...

9.3CVSS8.1AI score0.74834EPSS

Exploits7References9