Search CVE reports
1 – 10 of 14 results
CVE-2023-1393
Medium prioritySome fixes available 19 of 23
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that...
9 affected packages
tigervnc, xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04, xorg-server-lts-utopic...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tigervnc | Not affected | Fixed | Fixed | Needs evaluation | Ignored |
xorg-server | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
xorg-server-hwe-16.04 | — | Not in release | Not in release | Not in release | Needs evaluation |
xorg-server-hwe-18.04 | — | Not in release | Not in release | Fixed | Not in release |
xorg-server-lts-utopic | — | Not in release | Not in release | Not in release | Not in release |
xorg-server-lts-vivid | — | Not in release | Not in release | Not in release | Not in release |
xorg-server-lts-wily | — | Not in release | Not in release | Not in release | Not in release |
xorg-server-lts-xenial | — | Not in release | Not in release | Not in release | Not in release |
xwayland | Fixed | Fixed | Not in release | Not in release | Not in release |
CVE-2020-26117
Medium prioritySome fixes available 1 of 3
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any...
1 affected package
tigervnc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tigervnc | Not affected | Not affected | Fixed | Needs evaluation | Not in release |
CVE-2019-15695
Medium priorityTigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can...
1 affected package
tigervnc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tigervnc | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
CVE-2019-15694
Medium priorityTigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this...
1 affected package
tigervnc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tigervnc | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
CVE-2019-15693
Medium priorityTigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be...
1 affected package
tigervnc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tigervnc | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
CVE-2019-15692
Medium priorityTigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote...
1 affected package
tigervnc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tigervnc | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
CVE-2019-15691
Medium priorityTigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack...
1 affected package
tigervnc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tigervnc | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
CVE-2017-7396
Medium priorityIn TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.
1 affected package
tigervnc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tigervnc | — | — | — | Not affected | Not in release |
CVE-2017-7395
Low priorityIn TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.
1 affected package
tigervnc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tigervnc | — | — | — | Not affected | Not in release |
CVE-2017-7394
Medium priorityIn TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.
1 affected package
tigervnc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tigervnc | — | — | — | Not affected | Not in release |