Search CVE reports


Toggle filters

1 – 10 of 14 results


CVE-2023-1393

Medium priority

Some fixes available 19 of 23

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that...

9 affected packages

tigervnc, xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04, xorg-server-lts-utopic...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tigervnc Not affected Fixed Fixed Needs evaluation Ignored
xorg-server Fixed Fixed Fixed Fixed Needs evaluation
xorg-server-hwe-16.04 Not in release Not in release Not in release Needs evaluation
xorg-server-hwe-18.04 Not in release Not in release Fixed Not in release
xorg-server-lts-utopic Not in release Not in release Not in release Not in release
xorg-server-lts-vivid Not in release Not in release Not in release Not in release
xorg-server-lts-wily Not in release Not in release Not in release Not in release
xorg-server-lts-xenial Not in release Not in release Not in release Not in release
xwayland Fixed Fixed Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2020-26117

Medium priority

Some fixes available 1 of 3

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any...

1 affected package

tigervnc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tigervnc Not affected Not affected Fixed Needs evaluation Not in release
Show less packages

CVE-2019-15695

Medium priority
Needs evaluation

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can...

1 affected package

tigervnc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tigervnc Not affected Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2019-15694

Medium priority
Needs evaluation

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this...

1 affected package

tigervnc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tigervnc Not affected Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2019-15693

Medium priority
Needs evaluation

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be...

1 affected package

tigervnc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tigervnc Not affected Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2019-15692

Medium priority
Needs evaluation

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote...

1 affected package

tigervnc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tigervnc Not affected Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2019-15691

Medium priority
Needs evaluation

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack...

1 affected package

tigervnc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tigervnc Not affected Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2017-7396

Medium priority
Ignored

In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.

1 affected package

tigervnc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tigervnc Not affected Not in release
Show less packages

CVE-2017-7395

Low priority
Ignored

In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.

1 affected package

tigervnc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tigervnc Not affected Not in release
Show less packages

CVE-2017-7394

Medium priority
Ignored

In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.

1 affected package

tigervnc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tigervnc Not affected Not in release
Show less packages