Ultravnc
by Ultravnc
Source repositories
CVEs (35)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8272 | 0.00 | — | 0.04 | Mar 9, 2019 | UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. | |||
| CVE-2019-8274 | 0.00 | — | 0.08 | Mar 9, 2019 | UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision… | |||
| CVE-2019-8265 | 0.00 | — | 0.03 | Mar 9, 2019 | UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities… | |||
| CVE-2019-8270 | 0.00 | — | 0.02 | Mar 9, 2019 | UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211. | |||
| CVE-2019-8264 | 0.00 | — | 0.03 | Mar 9, 2019 | UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. | |||
| CVE-2019-8259 | 0.00 | — | 0.03 | Mar 5, 2019 | UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack… | |||
| CVE-2019-8261 | 0.00 | — | 0.02 | Mar 5, 2019 | UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. | |||
| CVE-2019-8263 | 0.00 | — | 0.02 | Mar 5, 2019 | UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this… | |||
| CVE-2019-8260 | 0.00 | — | 0.02 | Mar 5, 2019 | UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. | |||
| CVE-2019-8262 | 0.00 | — | 0.05 | Mar 5, 2019 | UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204. | |||
| CVE-2018-15361 | 0.00 | — | 0.03 | Mar 5, 2019 | UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. | |||
| CVE-2019-8258 | 0.00 | — | 0.04 | Mar 5, 2019 | UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. | |||
| CVE-2010-5248 | 0.00 | — | 0.00 | Sep 7, 2012 | Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that contains a .vnc file. NOTE: some of these details are obtained from third… | |||
| CVE-2008-5001 | 0.00 | — | 0.06 | Nov 10, 2008 | Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly… | |||
| CVE-2006-2206 | 0.00 | — | 0.02 | May 5, 2006 | The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords. |
- CVE-2019-8272Mar 9, 2019risk 0.00cvss —epss 0.04
UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
- CVE-2019-8274Mar 9, 2019risk 0.00cvss —epss 0.08
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision…
- CVE-2019-8265Mar 9, 2019risk 0.00cvss —epss 0.03
UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities…
- CVE-2019-8270Mar 9, 2019risk 0.00cvss —epss 0.02
UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211.
- CVE-2019-8264Mar 9, 2019risk 0.00cvss —epss 0.03
UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.
- CVE-2019-8259Mar 5, 2019risk 0.00cvss —epss 0.03
UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack…
- CVE-2019-8261Mar 5, 2019risk 0.00cvss —epss 0.02
UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200.
- CVE-2019-8263Mar 5, 2019risk 0.00cvss —epss 0.02
UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this…
- CVE-2019-8260Mar 5, 2019risk 0.00cvss —epss 0.02
UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200.
- CVE-2019-8262Mar 5, 2019risk 0.00cvss —epss 0.05
UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.
- CVE-2018-15361Mar 5, 2019risk 0.00cvss —epss 0.03
UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.
- CVE-2019-8258Mar 5, 2019risk 0.00cvss —epss 0.04
UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.
- CVE-2010-5248Sep 7, 2012risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that contains a .vnc file. NOTE: some of these details are obtained from third…
- CVE-2008-5001Nov 10, 2008risk 0.00cvss —epss 0.06
Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly…
- CVE-2006-2206May 5, 2006risk 0.00cvss —epss 0.02
The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.
Page 2 of 2