RHSA-2015:0113 Red Hat Security Advisory: libvncserver security update

Bulletin has no description...

RHEL 7 : libvncserver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvncserver: Multiple heap out-of-bound writes in VNC client code Incomplete fix for CVE-2018-20019...

RHEL 7 : vino (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvncserver: information disclosure and ASLR bypass CVE-2019-15681 - libvncserver: libvncserver/rre.c...

RHEL 5 : kdenetwork (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libvncserver: server NULL pointer dereference flaw in ClientCutText message handling CVE-2014-6053 Note that Nessus...

RHEL 8 : libvncserver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvncserver: Multiple heap out-of-bound writes in VNC client code Incomplete fix for CVE-2018-20019...

RHEL 6 : libvncserver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c CVE-2018-7225 -...

RHEL 7 : libvncserver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvncserver: Multiple heap out-of-bound writes in VNC client code Incomplete fix for CVE-2018-20019...

RHEL 6 : libvncserver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c CVE-2018-7225 -...

RHEL 8 : libvncserver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvncserver: Multiple heap out-of-bound writes in VNC client code Incomplete fix for CVE-2018-20019...

Rocky Linux 8 : libvncserver (RLSA-2021:1811)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1811 advisory. - An issue was discovered in LibVNCServer before 0.9.13. There is an information leak of uninitialized memory contents in the libvncclient/rfbproto.c...

Amazon Linux 2 : libvncserver (ALAS-2023-2170)

The version of libvncserver installed on the remote host is prior to 0.9.9-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2170 advisory. libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup. CVE-2020-29260 Tenable has...

Low: libvncserver

Issue Overview: libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup. CVE-2020-29260 Affected Packages: libvncserver Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL...

Debian: Security Advisory (DLA-777-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-197-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-380-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2016-9941

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area...

SUSE CVE-2017-18922

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow...

SUSE CVE-2018-7225

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...

SUSE CVE-2019-20788

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690...

SUSE CVE-2020-14397

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference...