Vulnerabilities > Tigervnc

DATE CVE VULNERABILITY TITLE RISK
2020-09-27 CVE-2020-26117 Improper Certificate Validation vulnerability in multiple products
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions.
5.8
2020-01-02 CVE-2014-0011 Out-of-bounds Write vulnerability in Tigervnc
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering.
network
low complexity
tigervnc CWE-787
7.5
2019-12-26 CVE-2019-15695 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor.
network
low complexity
tigervnc opensuse CWE-754
6.5
2019-12-26 CVE-2019-15694 Out-of-bounds Write vulnerability in multiple products
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect.
network
low complexity
tigervnc opensuse CWE-787
6.5
2019-12-26 CVE-2019-15693 Out-of-bounds Write vulnerability in Tigervnc
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient.
network
low complexity
tigervnc CWE-787
6.5
2019-12-26 CVE-2019-15692 Out-of-bounds Write vulnerability in Tigervnc
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow.
network
low complexity
tigervnc CWE-787
6.5
2019-12-26 CVE-2019-15691 Operation on a Resource after Expiration or Release vulnerability in Tigervnc
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder.
network
low complexity
tigervnc CWE-672
6.5
2017-04-01 CVE-2017-7396 Missing Release of Resource after Effective Lifetime vulnerability in Tigervnc 1.7.1
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.
network
low complexity
tigervnc CWE-772
5.0
2017-04-01 CVE-2017-7395 Integer Overflow or Wraparound vulnerability in Tigervnc 1.7.1
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.
network
low complexity
tigervnc CWE-190
4.0
2017-04-01 CVE-2017-7394 Improper Input Validation vulnerability in Tigervnc 1.7.1
In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.
network
low complexity
tigervnc CWE-20
5.0