Known Vulnerabilities for products from Libvncserver Project
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libvncserver Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-29260 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-09-02 | 2022-10-05 |
| CVE-2020-25708 | A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially ... | 7.5 - HIGH | 2020-11-27 | 2022-10-29 |
| CVE-2020-14405 | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | 6.5 - MEDIUM | 2020-06-17 | 2022-03-09 |
| CVE-2020-14404 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. | 5.4 - MEDIUM | 2020-06-17 | 2022-03-09 |
| CVE-2020-14403 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. | 5.4 - MEDIUM | 2020-06-17 | 2022-03-09 |
| CVE-2020-14402 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. | 5.4 - MEDIUM | 2020-06-17 | 2022-03-09 |
| CVE-2020-14401 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. | 6.5 - MEDIUM | 2020-06-17 | 2022-03-09 |
| CVE-2020-14400 | ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers... | 7.5 - HIGH | 2020-06-17 | 2023-11-07 |
| CVE-2020-14399 | ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers... | 7.5 - HIGH | 2020-06-17 | 2023-11-07 |
| CVE-2020-14398 | An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncc... | 7.5 - HIGH | 2020-06-17 | 2022-03-10 |
| CVE-2020-14397 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | 7.5 - HIGH | 2020-06-17 | 2022-03-10 |
| CVE-2020-14396 | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. | 7.5 - HIGH | 2020-06-17 | 2022-03-10 |
| CVE-2019-20840 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned acce... | 7.5 - HIGH | 2020-06-17 | 2023-11-07 |
| CVE-2019-20839 | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | 7.5 - HIGH | 2020-06-17 | 2023-11-07 |
| CVE-2019-20788 | libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow ... | 9.8 - CRITICAL | 2020-04-23 | 2022-03-10 |
| CVE-2019-15681 | LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allo... | 7.5 - HIGH | 2019-10-29 | 2022-04-05 |
| CVE-2018-21247 | An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the... | 7.5 - HIGH | 2020-06-17 | 2023-11-07 |
| CVE-2018-20750 | LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-151... | 9.8 - CRITICAL | 2019-01-30 | 2022-03-09 |
| CVE-2018-7225 | An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.... | 9.8 - CRITICAL | 2018-02-19 | 2020-10-23 |
| CVE-2017-18922 | It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malic... | 9.8 - CRITICAL | 2020-06-30 | 2023-11-07 |
Known software with vulnerabilities from Libvncserver Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Libvncserver Project | Libvncserver | 0.9.4 |