Libvncserver@* Security Vulnerabilities and Issues — Libvncserver@* CVE List

Libvnc ProjectLibvncserver*

15 matches found

CVE•added 2019/10/29 4:4 p.m.•251 views

CVE-2019-15681

CVE-2019-15681 is a memory-leak vulnerability (CWE-655) in LibVNCServer’s VNC server component. The issue, introduced in LibVNC commit prior to d01e1bb4246..., could allow an attacker to read stack memory and cause information disclosure; when combined with another vulnerability this memory leaka...

7.5CVSS8.3AI score0.03345EPSS

CVE•added 2018/12/19 4:0 p.m.•190 views

CVE-2018-20019

CVE-2018-20019 refers to LibVNC vulnerabilities where multiple heap out-of-bounds writes in the VNC client code can lead to remote code execution. Connected documents confirm an incomplete fix in the affected LibVNC components (e.g., “Incomplete fix for CVE-2018-20019”) and list LibVNCServer/LibV...

9.8CVSS9.8AI score0.09392EPSS

CVE•added 2018/12/19 4:0 p.m.•189 views

CVE-2018-15127

LibVNCServer contains a heap out-of-bounds write vulnerability in the server code of the File Transfer extension, enabling remote code execution. Multiple connected advisories confirm CVE-2018-15127 and note affected versions (LibVNCServer prior to the patched release, e.g., 0.9.12 in some adviso...

9.8CVSS9.8AI score0.15089EPSS

CVE•added 2020/06/17 3:11 p.m.•187 views

CVE-2020-14405

CVE-2020-14405 is reported in LibVNCServer prior to 0.9.13 for libvncclient/rfbproto.c not limiting TextChat size. The connected Nessus advisories confirm the presence of this vulnerability across several distributions and list the CVE as affecting libvncserver, but do not provide exploit details...

6.5CVSS6.7AI score0.01854EPSS

CVE•added 2018/12/19 4:0 p.m.•178 views

CVE-2018-20021

LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c0 contains a CWE-835: Infinite loop vulnerability in VNC client code (CVE-2018-20021). This flaw can let an attacker cause high resource consumption (CPU/RAM) via crafted VNC traffic. The issue is discussed across multiple Linux distrib...

7.8CVSS8.2AI score0.03515EPSS

CVE•added 2019/01/30 6:0 p.m.•173 views

CVE-2018-20749

LibVNC/libvncserver (vncserver) contains a heap out-of-bounds write in libvncserver/rfbserver.c. CVE-2018-20749 and CVE-2018-20750 reference heap-out-of-bounds writes with incomplete fixes related to CVE-2018-15127; advisories note that the fix for the earlier CVE was incomplete and Debian/ALAS e...

9.8CVSS9.5AI score0.0323EPSS

CVE•added 2018/12/19 4:0 p.m.•169 views

CVE-2018-20024

CVE-2018-20024 is a null pointer dereference in LibVNCServer/LibVNCClient before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7, leading to denial of service via the VNC client code. The connected Nessus/Ubuntu/Mageia entries cite this CVE among LibVNC vulnerabilities, but no explicit public pat...

7.5CVSS8.4AI score0.0326EPSS

CVE•added 2019/01/30 6:0 p.m.•169 views

CVE-2018-20748

CVE-2018-20748 affects LibVNCServer/LibVNCClient prior to version 0.9.12, with multiple heap out-of-bounds writes in libvncclient/rfbproto.c. The vulnerability is described among a set where the fix for CVE-2018-20019 was incomplete. Several Nessus/RHEL advisories indicate unpatched status or unp...

9.8CVSS9.8AI score0.0323EPSS

CVE•added 2018/12/19 4:0 p.m.•168 views

CVE-2018-20022

CVE-2018-20022 affects LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 in the VNC client code. The root cause is an improper initialization weakness (CWE-665) that allows an attacker to read stack memory, enabling information disclosure. When combined with another vulnerability, this can b...

7.5CVSS8AI score0.02937EPSS

CVE•added 2019/01/30 6:0 p.m.•165 views

CVE-2018-20750

CVE-2018-20750 : LibVNC up to 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The description notes that the fix for CVE-2018-15127 was incomplete, indicating an insufficiently addressed heap-write issue in the server component. Multiple advisories and lists ...

9.8CVSS9.5AI score0.03335EPSS

CVE•added 2018/12/19 4:0 p.m.•161 views

CVE-2018-15126

CVE-2018-15126 relates to LibVNCServer: heap use-after-free in the server code of the File Transfer extension, which can lead to remote code execution. The root cause is a heap-use-after-free in the file transfer path, enabling an attacker with network access to trigger code execution on a vulner...

9.8CVSS9.7AI score0.11809EPSS

CVE•added 2018/12/19 4:0 p.m.•161 views

CVE-2018-20020

CVE-2018-20020 refers to a heap out-of-bounds write in LibVNCServer/LibVNCClient within VNC client code. Public sources indicate the issue occurs in LibVNC before the commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d, which can lead to remote code execution. The CVE is listed in multiple vendor adv...

9.8CVSS9.1AI score0.08659EPSS

CVE•added 2018/12/19 4:0 p.m.•155 views

CVE-2018-20023

CVE-2018-20023 affects LibVNCServer/LibVNCClient: CWE-665 Improper Initialization in the VNC Repeater client code can allow an attacker to read stack memory and disclose information. The issue is documented across multiple advisories (Debian/Ubuntu, Gentoo, Mageia, Red Hat) and is part of a broad...

7.5CVSS7.9AI score0.02495EPSS

CVE•added 2018/12/19 4:0 p.m.•152 views

CVE-2018-6307

CVE-2018-6307 affects LibVNC/LibVNCServer. It is a heap use-after-free in the server code of the file transfer extension, which can lead to remote code execution. Connected advisories confirm the vulnerability across LibVNCServer deployments and note that fixes were applied in downstream advisori...

8.1CVSS9.1AI score0.26543EPSS

CVE•added 2020/06/17 3:11 p.m.•131 views

CVE-2020-14404

CVE-2020-14404 affects LibVNCServer before version 0.9.13, with the root cause being out-of-bounds access in the rre.c encodings path. Affected component: libvncserver (server-side handling of Encodings). Impact as stated: potential information disclosure or denial of service with low confidentia...

5.5CVSS6.1AI score0.0159EPSS