4 matches found
Astra Linux – Vulnerability in Vino
A issue was discovered in LibVNCServer through version 0.9.11. The function rfbProcessClientNormalMessage in rfbserver.c does not sanitize the msg.cct.length variable, allowing access to uninitialized and potentially sensitive data, or possibly causing unspecified other impacts e.g., integer...
CVE-2026-40935
WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...
SUSE CVE-2018-7225
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...
AZL-6764 CVE-2021-39259 affecting package ntfs-3g for versions less than 2021.8.22-1
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfsinodelookupbyname, in NTFS-3G 2021.8.22...