RHEL 7 : libvncserver (RHSA-2020:3281)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3281 advisory. LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fixes: libvncserver: websocket decodin...

Huawei EulerOS: Security Advisory for libvncserver (EulerOS-SA-2020-1811)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : libvncserver (EulerOS-SA-2020-1811)

According to the versions of the libvncserver package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.CVE-2020-14403 - An...

Denial Of Service (DoS)

libvncserver.so is vulnerable to denial of service DoS. An attacker can provide malicious data to trigger an application crash due to pointer aliasing issue leading to access Byte-aligned data via uint32t pointers in libvncclient/rfbproto.c...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : LibVNCServer vulnerabilities (USN-4434-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4434-1 advisory. Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker coul...

openSUSE Security Update : LibVNCServer (openSUSE-2020-1056)

This update for LibVNCServer fixes the following issues : - security update - added patches fix CVE-2018-21247 bsc1173874, uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 bsc1173875, buffer overflow in ConnectClientToUnixSock...

openSUSE: Security Advisory for LibVNCServer (openSUSE-SU-2020:1056-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1056-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2018-21247 bsc1173874, uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 bsc1173875, buffer overflow in ConnectClientToUnixSock ...

CVE-2020-14401

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixelvalue integer overflow...

CVE-2020-14402

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings...

CVE-2020-14400

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary...

CVE-2020-14399

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed...

CVE-2020-14398

An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c...

CVE-2020-14397

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference...

CVE-2020-14404

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings...

CVE-2020-14405

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size...

CVE-2020-14403

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings...

CVE-2020-14396

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tlsopenssl.c has a NULL pointer dereference...

Ubuntu: Security Advisory (USN-4434-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for LibVNCServer (important)

openSUSE Security Update: Security update for LibVNCServer Announcement ID: openSUSE-SU-2020:1056-1 Rating: important References: 1173477 1173691 1173694 1173700 1173701 1173743 1173874 1173875 1173876 1173880 Cross-References: CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840...