| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2011-1775 | 5.8 |
The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an ar
|
13-02-2023 - 00:17 | 26-05-2011 - 18:55 | |
| CVE-2019-15695 | 6.5 |
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from
|
16-10-2020 - 20:00 | 26-12-2019 - 16:15 | |
| CVE-2017-7396 | 5.0 |
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.
|
03-10-2019 - 00:03 | 01-04-2017 - 02:59 | |
| CVE-2015-9262 | 7.5 |
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
|
16-04-2019 - 19:08 | 01-08-2018 - 23:29 | |
| CVE-2017-5581 | 6.8 |
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.
|
05-01-2018 - 02:31 | 28-02-2017 - 18:59 | |
| CVE-2014-8241 | 7.5 |
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
|
20-12-2016 - 02:59 | 14-12-2016 - 22:59 |