Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for libvncserver by libvncserver
CVE-2014-6053 (GCVE-0-2014-6053)
Vulnerability from nvd – Published: 2014-12-15 17:27 – Updated: 2024-08-06 12:03
VLAI
Summary
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2014-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "USN-4573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4573-1/"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T12:06:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "USN-4573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4573-1/"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
},
{
"name": "61682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "DSA-3081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "USN-4573-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4573-1/"
},
{
"name": "USN-4587-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4587-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6053",
"datePublished": "2014-12-15T17:27:00.000Z",
"dateReserved": "2014-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:03:02.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6052 (GCVE-0-2014-6052)
Vulnerability from nvd – Published: 2014-12-15 17:27 – Updated: 2024-08-06 12:03
VLAI
Summary
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2014-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70091",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70091"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T12:06:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70091",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70091"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "61682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61506"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70091"
},
{
"name": "DSA-3081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4587-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6052",
"datePublished": "2014-12-15T17:27:00.000Z",
"dateReserved": "2014-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:03:02.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6054 (GCVE-0-2014-6054)
Vulnerability from nvd – Published: 2014-10-06 14:00 – Updated: 2024-08-06 12:03
VLAI
Summary
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.ocert.org/advisories/ocert-2014-007.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/70094 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/61682 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-updates/2015-1… | vendor-advisoryx_refsource_SUSE |
| https://github.com/newsoft/libvncserver/commit/05… | x_refsource_CONFIRM |
| http://secunia.com/advisories/61506 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| http://seclists.org/oss-sec/2014/q3/639 | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/201507-07 | vendor-advisoryx_refsource_GENTOO |
| http://www.ubuntu.com/usn/USN-2365-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2014/dsa-3081 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/4587-1/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2014-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "70094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70094"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2365-1"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T12:06:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "70094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70094"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2365-1"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "70094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70094"
},
{
"name": "61682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
},
{
"name": "61506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "USN-2365-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2365-1"
},
{
"name": "DSA-3081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4587-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6054",
"datePublished": "2014-10-06T14:00:00.000Z",
"dateReserved": "2014-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:03:02.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6055 (GCVE-0-2014-6055)
Vulnerability from nvd – Published: 2014-09-30 16:00 – Updated: 2024-08-06 12:03
VLAI
Summary
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2014-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70096",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70096"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "libvncserver-cve20146055-bo(96187)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
},
{
"name": "FEDORA-2014-11537",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
},
{
"name": "FEDORA-2014-11685",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T12:06:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70096",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70096"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "libvncserver-cve20146055-bo(96187)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
},
{
"name": "FEDORA-2014-11537",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
},
{
"name": "FEDORA-2014-11685",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "openSUSE-SU-2015:2207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61506"
},
{
"name": "https://www.kde.org/info/security/advisory-20140923-1.txt",
"refsource": "CONFIRM",
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70096"
},
{
"name": "DSA-3081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "libvncserver-cve20146055-bo(96187)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
},
{
"name": "FEDORA-2014-11537",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
},
{
"name": "FEDORA-2014-11685",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4587-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6055",
"datePublished": "2014-09-30T16:00:00.000Z",
"dateReserved": "2014-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:03:02.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6051 (GCVE-0-2014-6051)
Vulnerability from nvd – Published: 2014-09-30 16:00 – Updated: 2024-08-06 12:03
VLAI
Summary
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2014-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "GLSA-201612-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-36"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70093"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "FEDORA-2014-11537",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"name": "FEDORA-2014-11685",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T12:06:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "GLSA-201612-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-36"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70093"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "FEDORA-2014-11537",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"name": "FEDORA-2014-11685",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "GLSA-201612-36",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-36"
},
{
"name": "openSUSE-SU-2015:2207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
},
{
"name": "61506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61506"
},
{
"name": "https://www.kde.org/info/security/advisory-20140923-1.txt",
"refsource": "CONFIRM",
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70093"
},
{
"name": "DSA-3081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "FEDORA-2014-11537",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"name": "FEDORA-2014-11685",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4587-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6051",
"datePublished": "2014-09-30T16:00:00.000Z",
"dateReserved": "2014-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:03:02.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2450 (GCVE-0-2006-2450)
Vulnerability from nvd – Published: 2006-07-14 22:00 – Updated: 2024-08-07 17:51
VLAI
Summary
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2006-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2006:042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824"
},
{
"name": "24525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24525"
},
{
"name": "ADV-2006-2797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2797"
},
{
"name": "21349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21349"
},
{
"name": "GLSA-200608-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-05.xml"
},
{
"name": "GLSA-200703-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-19.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=431724\u0026group_id=32584"
},
{
"name": "20940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20940"
},
{
"name": "21393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21393"
},
{
"name": "GLSA-200608-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-12.xml"
},
{
"name": "21405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21405"
},
{
"name": "18977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18977"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11\u0026r2=1.14\u0026diff_format=u"
},
{
"name": "21179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21179"
},
{
"name": "20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442986/100/0/threaded"
},
{
"name": "20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as \"Type 1 - None\", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-13T17:06:09.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SA:2006:042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824"
},
{
"name": "24525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24525"
},
{
"name": "ADV-2006-2797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2797"
},
{
"name": "21349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21349"
},
{
"name": "GLSA-200608-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-05.xml"
},
{
"name": "GLSA-200703-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-19.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=431724\u0026group_id=32584"
},
{
"name": "20940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20940"
},
{
"name": "21393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21393"
},
{
"name": "GLSA-200608-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-12.xml"
},
{
"name": "21405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21405"
},
{
"name": "18977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18977"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11\u0026r2=1.14\u0026diff_format=u"
},
{
"name": "21179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21179"
},
{
"name": "20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442986/100/0/threaded"
},
{
"name": "20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/29"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2450",
"datePublished": "2006-07-14T22:00:00.000Z",
"dateReserved": "2006-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6052 (GCVE-0-2014-6052)
Vulnerability from cvelistv5 – Published: 2014-12-15 17:27 – Updated: 2024-08-06 12:03
VLAI
Summary
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2014-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70091",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70091"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T12:06:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70091",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70091"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "61682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61506"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70091"
},
{
"name": "DSA-3081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4587-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6052",
"datePublished": "2014-12-15T17:27:00.000Z",
"dateReserved": "2014-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:03:02.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6053 (GCVE-0-2014-6053)
Vulnerability from cvelistv5 – Published: 2014-12-15 17:27 – Updated: 2024-08-06 12:03
VLAI
Summary
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2014-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "USN-4573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4573-1/"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T12:06:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "USN-4573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4573-1/"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
},
{
"name": "61682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "USN-2365-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2365-1"
},
{
"name": "GLSA-201507-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "DSA-3081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
},
{
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"name": "USN-4573-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4573-1/"
},
{
"name": "USN-4587-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4587-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6053",
"datePublished": "2014-12-15T17:27:00.000Z",
"dateReserved": "2014-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:03:02.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6054 (GCVE-0-2014-6054)
Vulnerability from cvelistv5 – Published: 2014-10-06 14:00 – Updated: 2024-08-06 12:03
VLAI
Summary
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.ocert.org/advisories/ocert-2014-007.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/70094 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/61682 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-updates/2015-1… | vendor-advisoryx_refsource_SUSE |
| https://github.com/newsoft/libvncserver/commit/05… | x_refsource_CONFIRM |
| http://secunia.com/advisories/61506 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| http://seclists.org/oss-sec/2014/q3/639 | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/201507-07 | vendor-advisoryx_refsource_GENTOO |
| http://www.ubuntu.com/usn/USN-2365-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2014/dsa-3081 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/4587-1/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2014-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "70094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70094"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2365-1"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T12:06:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "70094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70094"
},
{
"name": "61682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "USN-2365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2365-1"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "70094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70094"
},
{
"name": "61682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61682"
},
{
"name": "openSUSE-SU-2015:2207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
},
{
"name": "61506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61506"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "USN-2365-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2365-1"
},
{
"name": "DSA-3081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4587-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6054",
"datePublished": "2014-10-06T14:00:00.000Z",
"dateReserved": "2014-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:03:02.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6055 (GCVE-0-2014-6055)
Vulnerability from cvelistv5 – Published: 2014-09-30 16:00 – Updated: 2024-08-06 12:03
VLAI
Summary
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2014-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70096",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70096"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "libvncserver-cve20146055-bo(96187)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
},
{
"name": "FEDORA-2014-11537",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
},
{
"name": "FEDORA-2014-11685",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T12:06:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70096",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70096"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "libvncserver-cve20146055-bo(96187)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
},
{
"name": "FEDORA-2014-11537",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
},
{
"name": "FEDORA-2014-11685",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "openSUSE-SU-2015:2207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "61506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61506"
},
{
"name": "https://www.kde.org/info/security/advisory-20140923-1.txt",
"refsource": "CONFIRM",
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70096"
},
{
"name": "DSA-3081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "libvncserver-cve20146055-bo(96187)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
},
{
"name": "FEDORA-2014-11537",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
},
{
"name": "FEDORA-2014-11685",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4587-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6055",
"datePublished": "2014-09-30T16:00:00.000Z",
"dateReserved": "2014-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:03:02.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6051 (GCVE-0-2014-6051)
Vulnerability from cvelistv5 – Published: 2014-09-30 16:00 – Updated: 2024-08-06 12:03
VLAI
Summary
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2014-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "GLSA-201612-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-36"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70093"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "FEDORA-2014-11537",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"name": "FEDORA-2014-11685",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T12:06:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "GLSA-201612-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-36"
},
{
"name": "openSUSE-SU-2015:2207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
},
{
"name": "61506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70093"
},
{
"name": "DSA-3081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "FEDORA-2014-11537",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"name": "FEDORA-2014-11685",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4587-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name": "GLSA-201612-36",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-36"
},
{
"name": "openSUSE-SU-2015:2207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
},
{
"name": "61506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61506"
},
{
"name": "https://www.kde.org/info/security/advisory-20140923-1.txt",
"refsource": "CONFIRM",
"url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
},
{
"name": "RHSA-2015:0113",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
},
{
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name": "GLSA-201507-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name": "70093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70093"
},
{
"name": "DSA-3081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3081"
},
{
"name": "FEDORA-2014-11537",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
},
{
"name": "FEDORA-2014-11685",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"name": "USN-4587-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4587-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6051",
"datePublished": "2014-09-30T16:00:00.000Z",
"dateReserved": "2014-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:03:02.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2450 (GCVE-0-2006-2450)
Vulnerability from cvelistv5 – Published: 2006-07-14 22:00 – Updated: 2024-08-07 17:51
VLAI
Summary
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2006-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2006:042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824"
},
{
"name": "24525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24525"
},
{
"name": "ADV-2006-2797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2797"
},
{
"name": "21349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21349"
},
{
"name": "GLSA-200608-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-05.xml"
},
{
"name": "GLSA-200703-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-19.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=431724\u0026group_id=32584"
},
{
"name": "20940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20940"
},
{
"name": "21393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21393"
},
{
"name": "GLSA-200608-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-12.xml"
},
{
"name": "21405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21405"
},
{
"name": "18977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18977"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11\u0026r2=1.14\u0026diff_format=u"
},
{
"name": "21179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21179"
},
{
"name": "20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442986/100/0/threaded"
},
{
"name": "20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as \"Type 1 - None\", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-13T17:06:09.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SA:2006:042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824"
},
{
"name": "24525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24525"
},
{
"name": "ADV-2006-2797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2797"
},
{
"name": "21349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21349"
},
{
"name": "GLSA-200608-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-05.xml"
},
{
"name": "GLSA-200703-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-19.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=431724\u0026group_id=32584"
},
{
"name": "20940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20940"
},
{
"name": "21393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21393"
},
{
"name": "GLSA-200608-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-12.xml"
},
{
"name": "21405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21405"
},
{
"name": "18977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18977"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11\u0026r2=1.14\u0026diff_format=u"
},
{
"name": "21179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21179"
},
{
"name": "20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442986/100/0/threaded"
},
{
"name": "20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/29"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2450",
"datePublished": "2006-07-14T22:00:00.000Z",
"dateReserved": "2006-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}