Known Vulnerabilities for products from Libvncserver Project
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libvncserver Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-29260 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-09-02 | 2022-10-05 |
| CVE-2020-25708 json | A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially ... | 7.5 - HIGH | 2020-11-27 | 2022-10-29 |
| CVE-2020-14405 json | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | 6.5 - MEDIUM | 2020-06-17 | 2022-03-09 |
| CVE-2020-14404 json | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. | 5.4 - MEDIUM | 2020-06-17 | 2022-03-09 |
| CVE-2020-14403 json | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. | 5.4 - MEDIUM | 2020-06-17 | 2022-03-09 |
| CVE-2020-14402 json | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. | 5.4 - MEDIUM | 2020-06-17 | 2022-03-09 |
| CVE-2020-14401 json | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. | 6.5 - MEDIUM | 2020-06-17 | 2022-03-09 |
| CVE-2020-14400 json | ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers... | 7.5 - HIGH | 2020-06-17 | 2023-11-07 |
| CVE-2020-14399 json | ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers... | 7.5 - HIGH | 2020-06-17 | 2023-11-07 |
| CVE-2020-14398 json | An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncc... | 7.5 - HIGH | 2020-06-17 | 2022-03-10 |
| CVE-2020-14397 json | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | 7.5 - HIGH | 2020-06-17 | 2022-03-10 |
| CVE-2020-14396 json | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. | 7.5 - HIGH | 2020-06-17 | 2022-03-10 |
| CVE-2019-20840 json | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned acce... | 7.5 - HIGH | 2020-06-17 | 2023-11-07 |
| CVE-2019-20839 json | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | 7.5 - HIGH | 2020-06-17 | 2023-11-07 |
| CVE-2019-20788 json | libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow ... | 9.8 - CRITICAL | 2020-04-23 | 2022-03-10 |
| CVE-2019-15681 json | LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allo... | 7.5 - HIGH | 2019-10-29 | 2022-04-05 |
| CVE-2018-21247 json | An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the... | 7.5 - HIGH | 2020-06-17 | 2023-11-07 |
| CVE-2018-20750 json | LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-151... | 9.8 - CRITICAL | 2019-01-30 | 2022-03-09 |
| CVE-2018-7225 json | An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.... | 9.8 - CRITICAL | 2018-02-19 | 2020-10-23 |
| CVE-2017-18922 json | It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malic... | 9.8 - CRITICAL | 2020-06-30 | 2023-11-07 |
Known software with vulnerabilities from Libvncserver Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Libvncserver Project | Libvncserver | 0.9.10 |