rpm package
suse/tigervnc&distro=SUSE Linux Enterprise Desktop 12 SP1
pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7396 | Hig | 7.5 | < 1.4.3-24.1 | 1.4.3-24.1 | Apr 1, 2017 | In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. | |
| CVE-2017-7395 | Med | 6.5 | < 1.4.3-24.1 | 1.4.3-24.1 | Apr 1, 2017 | In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. | |
| CVE-2017-7394 | Hig | 7.5 | < 1.4.3-24.1 | 1.4.3-24.1 | Apr 1, 2017 | In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. | |
| CVE-2017-7393 | Hig | 8.8 | < 1.4.3-24.1 | 1.4.3-24.1 | Apr 1, 2017 | In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. | |
| CVE-2017-7392 | Hig | 7.5 | < 1.4.3-24.1 | 1.4.3-24.1 | Apr 1, 2017 | In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. | |
| CVE-2016-10207 | Hig | 7.5 | < 1.4.3-19.1 | 1.4.3-19.1 | Feb 28, 2017 | The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. | |
| CVE-2016-9942 | Cri | 9.8 | < 1.4.3-19.1 | 1.4.3-19.1 | Dec 31, 2016 | Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payloa | |
| CVE-2016-9941 | Cri | 9.8 | < 1.4.3-19.1 | 1.4.3-19.1 | Dec 31, 2016 | Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client |
- affected < 1.4.3-24.1fixed 1.4.3-24.1
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.
- affected < 1.4.3-24.1fixed 1.4.3-24.1
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.
- affected < 1.4.3-24.1fixed 1.4.3-24.1
In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.
- affected < 1.4.3-24.1fixed 1.4.3-24.1
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.
- affected < 1.4.3-24.1fixed 1.4.3-24.1
In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.
- affected < 1.4.3-19.1fixed 1.4.3-19.1
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
- affected < 1.4.3-19.1fixed 1.4.3-19.1
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payloa
- affected < 1.4.3-19.1fixed 1.4.3-19.1
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client