CVE-2011-1164
published 2013-03-12CVE-2011-1164: Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers…
PriorityP421medium4.6CVSS 2.0
AVNACHAuSCPIPAP
EPSS
1.63%
73.2th percentile
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
Affected
88 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| david_king | vino | <= 2.99.4 | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:N/AC:H/Au:S/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w5c8-3xrr-m2x7: Vino before 2
ghsa_unreviewed·2022-05-17
CVE-2011-1164 [MEDIUM] GHSA-w5c8-3xrr-m2x7: Vino before 2
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
OSV
CVE-2011-1164: Vino before 2
osv·2013-03-12·CVSS 4.6
CVE-2011-1164 [MEDIUM] CVE-2011-1164: Vino before 2
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
Debian
CVE-2011-1164: vino - Vino before 2.99.4 can connect external networks contrary to the statement in th...
vendor_debian·2011·CVSS 4.6
CVE-2011-1164 [MEDIUM] CVE-2011-1164: vino - Vino before 2.99.4 can connect external networks contrary to the statement in th...
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
Scope: local
bookworm: open
bullseye: open
Red Hat
vino: vino-preferences incorrectly indicates that computer is only reachable over local network
vendor_redhat·2009-03-17·CVSS 4.6
CVE-2011-1164 [MEDIUM] vino: vino-preferences incorrectly indicates that computer is only reachable over local network
vino: vino-preferences incorrectly indicates that computer is only reachable over local network
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
Statement: This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP). A future update in Red Hat Enterprise Linux 6 may address this flaw. To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled. This will prevent vino from using UPnP to allow access to the VNC port, and
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-1164 vino-preferences tells me that others cannot connect to my computer from the Internet, when they can. [fedora-all]
bugzilla·2012-06-20·CVSS 4.6
CVE-2011-1164 [MEDIUM] CVE-2011-1164 vino-preferences tells me that others cannot connect to my computer from the Internet, when they can. [fedora-all]
CVE-2011-1164 vino-preferences tells me that others cannot connect to my computer from the Internet, when they can. [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https:
Bugzilla
CVE-2011-2378 Mozilla: Dangling pointer vulnerability in appendChild
bugzilla·2011-08-14·CVSS 10.0
CVE-2011-2378 [CRITICAL] CVE-2011-2378 Mozilla: Dangling pointer vulnerability in appendChild
CVE-2011-2378 Mozilla: Dangling pointer vulnerability in appendChild
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that appendChild did not correctly account for DOM objects it operated upon and could be exploited to dereference an invalid pointer.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:1166 https://rhn.redhat.com/errata/RHSA-2011-1166.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:1164 https://rhn.redhat.com/errata/RHSA-2011-1164.html
Bugzilla
CVE-2011-0084 Mozilla: Crash in SVGTextElement.getCharNumAtPosition()
bugzilla·2011-08-14·CVSS 10.0
CVE-2011-0084 [CRITICAL] CVE-2011-0084 Mozilla: Crash in SVGTextElement.getCharNumAtPosition()
CVE-2011-0084 Mozilla: Crash in SVGTextElement.getCharNumAtPosition()
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:1166 https://rhn.redhat.com/errata/RHSA-2011-1166.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:1164 https://rhn.redhat.com/errata/RHSA-2011-1164.html
Bugzilla
CVE-2011-2981 Mozilla: Privilege escalation using event handlers
bugzilla·2011-08-14·CVSS 9.3
CVE-2011-2981 [CRITICAL] CVE-2011-2981 Mozilla: Privilege escalation using event handlers
CVE-2011-2981 Mozilla: Privilege escalation using event handlers
Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in event management code that would permit JavaScript to be run in the wrong context, including that of a different website or potentially in a chrome-privileged context.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:1164 https://rhn.redhat.com/errata/RHSA-2011-1164.html
Bugzilla
CVE-2011-2983 Mozilla: Private data leakage using RegExp.input
bugzilla·2011-08-14·CVSS 4.3
CVE-2011-2983 [MEDIUM] CVE-2011-2983 Mozilla: Private data leakage using RegExp.input
CVE-2011-2983 Mozilla: Private data leakage using RegExp.input
Security researcher shutdown reported that data from other domains could be read when RegExp.input was set.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2011:1165 https://rhn.redhat.com/errata/RHSA-2011-1165.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Via RHSA-2011:1167 https://rhn.redhat.com/errata/RHSA-2011-1167.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:1164 https://rhn.redhat.com/errat
Bugzilla
CVE-2011-2984 Mozilla: Privilege escalation dropping a tab element in content area
bugzilla·2011-08-14·CVSS 10.0
CVE-2011-2984 [CRITICAL] CVE-2011-2984 Mozilla: Privilege escalation dropping a tab element in content area
CVE-2011-2984 Mozilla: Privilege escalation dropping a tab element in content area
Mozilla security researcher moz_bug_r_a4 reported that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:1164 https://rhn.redhat.com/errata/RHSA-2011-1164.html
Bugzilla
CVE-2011-1164 vino: vino-preferences incorrectly indicates that computer is only reachable over local network
bugzilla·2010-01-08·CVSS 4.6
CVE-2011-1164 [MEDIUM] CVE-2011-1164 vino: vino-preferences incorrectly indicates that computer is only reachable over local network
CVE-2011-1164 vino: vino-preferences incorrectly indicates that computer is only reachable over local network
When vino-preferences starts, it spends a while "Checking the connectivity of this machine..." and then reports:
"Your desktop is only reachable over the local network. Others can access your computer using the address 90.155.92.250 or macbook.local."
This is nonsense. It's reachable from anywhere. And why on earth hasn't it managed a reverse DNS lookup?
Discussion:
My assumption is that the Assigned To here is either,
1. Deceased, or
2. Not interested.
---
Or,
3. Assigned To is busy, and has other priorities!
My apologies for the earlier remark - I have bugs with no activity for months and assumed otherwise. But I see updates by [email protected] as recently as 2010-08-2
2013-03-12
Published