VYPR

rpm package

suse/tigervnc&distro=SUSE Linux Enterprise Server 12 SP2

pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2

Vulnerabilities (8)

  • CVE-2017-7396HigApr 1, 2017
    affected < 1.6.0-18.11.1fixed 1.6.0-18.11.1

    In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.

  • CVE-2017-7395MedApr 1, 2017
    affected < 1.6.0-18.11.1fixed 1.6.0-18.11.1

    In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.

  • CVE-2017-7394HigApr 1, 2017
    affected < 1.6.0-18.11.1fixed 1.6.0-18.11.1

    In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.

  • CVE-2017-7393HigApr 1, 2017
    affected < 1.6.0-18.11.1fixed 1.6.0-18.11.1

    In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.

  • CVE-2017-7392HigApr 1, 2017
    affected < 1.6.0-18.11.1fixed 1.6.0-18.11.1

    In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.

  • CVE-2016-10207HigFeb 28, 2017
    affected < 1.6.0-16.4fixed 1.6.0-16.4

    The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.

  • CVE-2016-9942CriDec 31, 2016
    affected < 1.6.0-16.4fixed 1.6.0-16.4

    Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payloa

  • CVE-2016-9941CriDec 31, 2016
    affected < 1.6.0-16.4fixed 1.6.0-16.4

    Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client