Uvnc Ultravnc vulnerabilities

CVE-2026-3787 [HIGH] CWE-426 CVE-2026-3787: A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in t A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor w

CVE-2020-37132 [MEDIUM] CWE-121 CVE-2020-37132: UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration p UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality.

CVE-2020-37133 [MEDIUM] CWE-121 CVE-2020-37133: UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configurat UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.

CVE-2022-24750 [HIGH] CWE-269 CVE-2022-24750: UltraVNC is a free and open source remote pc access software. A vulnerability has been found in vers UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory.

CVE-2019-8265 [CRITICAL] CWE-788 CVE-2019-8265: UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usa UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208.

CVE-2019-8268 [CRITICAL] CWE-193 CVE-2019-8268: UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with imp UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.

CVE-2019-8275 [CRITICAL] CWE-170 CVE-2019-8275: UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, wh UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

CVE-2019-8274 [CRITICAL] CWE-122 CVE-2019-8274: UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file trans UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVE-2019-8271 [CRITICAL] CWE-122 CVE-2019-8271: UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file trans UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVE-2019-8273 [CRITICAL] CWE-122 CVE-2019-8273: UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file trans UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVE-2019-8272 [CRITICAL] CWE-193 CVE-2019-8272: UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potenti UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

CVE-2019-8266 [CRITICAL] CWE-788 CVE-2019-8266: UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usa UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulner

CVE-2019-8264 [CRITICAL] CWE-788 CVE-2019-8264: UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, w UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.

CVE-2019-8280 [CRITICAL] CWE-788 CVE-2019-8280: UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, whic UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.

CVE-2019-8270 [HIGH] CWE-125 CVE-2019-8270: UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211.

CVE-2019-8269 [HIGH] CWE-121 CVE-2019-8269: UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileT UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207.

CVE-2019-8267 [HIGH] CWE-125 CVE-2019-8267: UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat modul UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208.

CVE-2019-8277 [HIGH] CWE-665 CVE-2019-8277: UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have

CVE-2019-8276 [HIGH] CWE-121 CVE-2019-8276: UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file tran UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVE-2018-15361 [CRITICAL] CWE-124 CVE-2018-15361: UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentiall UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.