Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-4772-1
HistoryMar 15, 2021 - 12:00 a.m.

VNC4 vulnerabilities

2021-03-1500:00:00
ubuntu.com
52

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.079 Low

EPSS

Percentile

94.3%

JSON

Releases

  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • vnc4 - Virtual network computing

Details

USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides
the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2015-0255)

USN-2726-1 addressed CVE-2015-1283 for Expat. This update provides the
corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2015-1283)

Original advisory details:

Olivier Fourdan discovered that the X.Org X server incorrectly handled
XkbSetGeometry requests resulting in an information leak. An attacker able
to connect to an X server, either locally or remotely, could use this issue
to possibly obtain sensitive information. (CVE-2015-0255)

It was discovered that Expat incorrectly handled malformed XML data. If a
user or application linked against Expat were tricked into opening a
crafted XML file, an attacker could cause a denial of service, or possibly
execute arbitrary code. (CVE-2015-1283)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchxvnc4viewer< 4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1UNKNOWN
Ubuntu16.04noarchvnc4server< 4.1.1+xorg4.3.0-37.3ubuntu2UNKNOWN
Ubuntu16.04noarchvnc4server-dbgsym< 4.1.1+xorg4.3.0-37.3ubuntu2UNKNOWN
Ubuntu16.04noarchxvnc4viewer< 4.1.1+xorg4.3.0-37.3ubuntu2UNKNOWN
Ubuntu16.04noarchxvnc4viewer-dbgsym< 4.1.1+xorg4.3.0-37.3ubuntu2UNKNOWN
Ubuntu16.04noarchvnc4server< 4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1UNKNOWN
Ubuntu14.04noarchxvnc4viewer< 4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1UNKNOWN
Ubuntu14.04noarchvnc4server< 4.1.1+xorg4.3.0-37ubuntu5.0.2UNKNOWN
Ubuntu14.04noarchvnc4server-dbgsym< 4.1.1+xorg4.3.0-37ubuntu5.0.2UNKNOWN
Ubuntu14.04noarchxvnc4viewer< 4.1.1+xorg4.3.0-37ubuntu5.0.2UNKNOWN
Rows per page:
1-10 of 121

Related

osv 5
openvas 42
nessus 46
cve 4
cvelist 4
securityvulns 4
ubuntucve 4
oraclelinux 1
centos 1
mageia 2
freebsd 3
redhat 1
veracode 3
prion 4
debian 6
amazon 2
ibm 37
nvd 4
debiancve 3
freebsd_advisory 1
ubuntu 4
archlinux 4
f5 4
suse 4
alpinelinux 1
redhatcve 1
gentoo 2
slackware 1
kaspersky 1
osv
osv
vnc4 vulnerabilities
2021-03-15 20:16:26
xorg-server - security update
2015-02-11 00:00:00
expat - security update
2016-05-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4772-1)
2023-01-27 00:00:00
Oracle: Security Advisory (ELSA-2015-0797)
2015-10-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0403-1)
2021-04-19 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : VNC4 vulnerabilities (USN-4772-1)
2023-10-20 00:00:00
openSUSE Security Update : xorg-x11-server (openSUSE-2015-169)
2015-02-23 00:00:00
CentOS 6 / 7 : xorg-x11-server (CESA-2015:0797)
2015-04-13 00:00:00
cve
cve
CVE-2015-0255
2015-02-13 15:59:09
CVE-2015-2716
2015-05-14 10:59:09
CVE-2015-1283
2015-07-23 00:59:12
cvelist
cvelist
CVE-2015-0255
2015-02-13 15:00:00
CVE-2015-1283
2015-07-23 00:00:00
CVE-2015-2716
2015-05-14 10:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3160-1] xorg-server security update
2015-02-16 00:00:00
X.Org information disclosure
2015-02-16 00:00:00
[SECURITY] [DSA 3318-1] expat security update
2015-08-03 00:00:00
ubuntucve
ubuntucve
CVE-2015-0255
2015-02-11 00:00:00
CVE-2015-2716
2015-05-13 00:00:00
CVE-2015-1283
2015-07-22 00:00:00
oraclelinux
oraclelinux
xorg-x11-server security update
2015-04-09 00:00:00
centos
centos
xorg security update
2015-04-10 12:06:39
mageia
mageia
Updated x11-server packages fix CVE-2015-0255
2015-02-17 21:38:13
Updated expat package fixes security vulnerability
2015-07-27 20:18:02
freebsd
freebsd
xorg-server -- Information leak in the XkbSetGeometry request of X servers.
2015-02-10 00:00:00
FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser
2015-08-18 00:00:00
expat2 -- denial of service
2016-06-09 00:00:00
redhat
redhat
(RHSA-2015:0797) Moderate: xorg-x11-server security update
2015-04-10 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:05:28
Denial Of Service (DoS)
2017-02-01 05:26:42
Denial Of Service (DoS)
2017-03-27 05:30:04
prion
prion
Design/Logic Flaw
2015-02-13 15:59:00
Buffer overflow
2015-05-14 10:59:00
Integer overflow
2015-07-23 00:59:00
debian
debian
[SECURITY] [DLA 218-1] xorg-server security update
2015-05-01 10:55:08
[SECURITY] [DSA 3160-1] xorg-server security update
2015-02-11 17:23:14
[SECURITY] [DSA 3318-1] expat security update
2015-07-26 17:54:13
amazon
amazon
Medium: xorg-x11-server
2015-05-05 15:55:00
Medium: expat
2020-05-11 20:41:00
ibm
ibm
Security Bulletin: TSSC/IMC is affected by vulnerability for xorg-x11-server (CVE-2015-0255)
2018-06-18 00:09:39
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server used by IBM WebSphere Application Server which is shipped with IBM Workload Deployer (CVE-2015-1283)
2018-06-15 07:04:29
Security Bulletin:A security vulnerability has been identified in IBM HTTP Server used by IBM WebSphere Application Server shipped with Tivoli Network Manager IP Edition (CVE-2015-1283)
2018-06-17 15:10:40
nvd
nvd
CVE-2015-0255
2015-02-13 15:59:09
CVE-2015-1283
2015-07-23 00:59:12
CVE-2015-2716
2015-05-14 10:59:09
debiancve
debiancve
CVE-2015-0255
2015-02-13 15:59:09
CVE-2015-1283
2015-07-23 00:59:12
CVE-2016-4472
2016-06-30 17:59:04
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:20.expat
2015-08-18 00:00:00
ubuntu
ubuntu
Expat vulnerability
2015-08-31 00:00:00
X.Org X server vulnerabilities
2015-02-17 00:00:00
XML-RPC for C and C++ vulnerabilities
2016-06-20 00:00:00
archlinux
archlinux
xorg-server: information leak and denial of service
2015-02-10 00:00:00
expat: arbitrary code execution
2016-03-24 00:00:00
lib32-expat: arbitrary code execution
2016-05-18 00:00:00
f5
f5
K15104541 : Expat XML library vulnerability CVE-2015-1283
2016-10-11 00:00:00
K50459349 : Expat XML library vulnerability CVE-2015-2716
2017-02-10 00:00:00
SOL22232964 - Expat XML library vulnerability CVE-2016-4472
2016-10-21 00:00:00
suse
suse
Security update for expat (important)
2016-06-08 12:07:50
Security update for expat (important)
2016-05-30 14:09:21
Security update for expat (important)
2016-06-07 17:08:51
alpinelinux
alpinelinux
CVE-2016-4472
2016-06-30 17:59:04
redhatcve
redhatcve
CVE-2016-4472
2016-06-09 09:48:44
gentoo
gentoo
Expat: Multiple vulnerabilities
2017-01-11 00:00:00
X.Org X Server: Multiple vulnerabilities
2015-04-17 00:00:00
slackware
slackware
[slackware-security] expat
2016-12-24 19:24:21
kaspersky
kaspersky
KLA10630 Multiple vulnerabilities in Oracle VM VirtualBox
2015-07-14 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.079 Low

EPSS

Percentile

94.3%

JSON
Related for USN-4772-1
osv5openvas42nessus46cve4cvelist4securityvulns4ubuntucve4oraclelinux1centos1mageia2freebsd3redhat1veracode3prion4debian6amazon2ibm37nvd4debiancve3freebsd_advisory1ubuntu4archlinux4f54suse4alpinelinux1redhatcve1gentoo2slackware1kaspersky1