Debian Tightvnc vulnerabilities

CVE-2023-27830 [CRITICAL] CVE-2023-27830: tightvnc - TightVNC before v2.8.75 allows attackers to escalate privileges on the host oper... TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-8287 [CRITICAL] CVE-2019-8287: tightvnc - TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP m... TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. Scope: local bookworm: resolved (fixed in 1:1.3.9-9.1) bullseye: resolved (fixed in 1:1.3.9-9.1) forky: resolved (fixed in 1:1.3.9-9.1) sid: resolved (fixed in 1:

CVE-2019-15679 [CRITICAL] CVE-2019-15679: tightvnc - TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConne... TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. Scope: local bookworm: resolved (fixed in 1:1.3.9-9.1) bullseye: resolved (fixed in 1:1.3.9-9.1) forky: resolved (fixed in 1:1.3.9-9.1) sid: resolved (fixed in

CVE-2019-15678 [CRITICAL] CVE-2019-15678: tightvnc - TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText h... TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. Scope: local bookworm: resolved (fixed in 1:1.3.9-9.1) bullseye: resolved (fixed in 1:1.3.9-9.1) forky: resolved (fixed in 1:1.3.9-9.1) sid: resolved (fixed in 1:1.3.

CVE-2019-15680 [HIGH] CVE-2019-15680: libvncserver - TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP ... TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2019-15681 [HIGH] CVE-2019-15681: libvncserver - LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory ... LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. Thes

CVE-2018-7225 [CRITICAL] CVE-2018-7225: libvncserver - An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMe... An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. Scope: local bookworm: resolved (fixed in 0.9.11+dfsg-1.1)

CVE-2018-20022 [HIGH] CVE-2018-20022: libvncserver - LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknes... LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR Scope: local bookworm: r

CVE-2018-20021 [HIGH] CVE-2018-20021: libvncserver - LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835... LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM Scope: local bookworm: resolved (fixed in 0.9.11+dfsg-1.2) bullseye: resolved (fixed in 0.9.11+dfsg-1.2) forky: resolved (fixed in 0.9.11+dfsg-1.

CVE-2014-6053 [MEDIUM] CVE-2014-6053: libvncserver - The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNC... The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. Scope:

CVE-2009-0388 [CRITICAL] CVE-2009-0388: tightvnc - Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) Tight... Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize funct

CVE-2002-1336 [HIGH] CVE-2002-1336: tightvnc - TightVNC before 1.2.6 generates the same challenge string for multiple connectio... TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. Scope: local bookworm: resolved (fixed in 1.2.6-1) bullseye: resolved (fixed in 1.2.6-1) forky: resolved (fixed in 1.2.6-1) sid: resolved (fixed in 1.2.6-1) trixie: resolv