Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities by libvncserver

    CVE-2014-6053 (GCVE-0-2014-6053)

    Vulnerability from nvd – Published: 2014-12-15 17:27 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ocert.org/advisories/ocert-2014-007.html x_refsource_MISC
    https://github.com/newsoft/libvncserver/commit/60… x_refsource_CONFIRM
    http://secunia.com/advisories/61682 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61506 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/0… mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q3/639 mailing-listx_refsource_MLIST
    http://ubuntu.com/usn/usn-2365-1 vendor-advisoryx_refsource_UBUNTU
    https://security.gentoo.org/glsa/201507-07 vendor-advisoryx_refsource_GENTOO
    http://www.debian.org/security/2014/dsa-3081 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4573-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4587-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2014-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
              },
              {
                "name": "61682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61682"
              },
              {
                "name": "openSUSE-SU-2015:2207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
              },
              {
                "name": "61506",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61506"
              },
              {
                "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
              },
              {
                "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/639"
              },
              {
                "name": "USN-2365-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-2365-1"
              },
              {
                "name": "GLSA-201507-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-07"
              },
              {
                "name": "DSA-3081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3081"
              },
              {
                "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
              },
              {
                "name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
              },
              {
                "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
              },
              {
                "name": "USN-4573-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4573-1/"
              },
              {
                "name": "USN-4587-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4587-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T12:06:25.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
            },
            {
              "name": "61682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61682"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "name": "61506",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "USN-2365-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-2365-1"
            },
            {
              "name": "GLSA-201507-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "DSA-3081",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
            },
            {
              "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
            },
            {
              "name": "USN-4573-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4573-1/"
            },
            {
              "name": "USN-4587-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6053",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
                },
                {
                  "name": "61682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61682"
                },
                {
                  "name": "openSUSE-SU-2015:2207",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
                },
                {
                  "name": "61506",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61506"
                },
                {
                  "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
                },
                {
                  "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/639"
                },
                {
                  "name": "USN-2365-1",
                  "refsource": "UBUNTU",
                  "url": "http://ubuntu.com/usn/usn-2365-1"
                },
                {
                  "name": "GLSA-201507-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-07"
                },
                {
                  "name": "DSA-3081",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3081"
                },
                {
                  "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
                },
                {
                  "name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
                },
                {
                  "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
                },
                {
                  "name": "USN-4573-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4573-1/"
                },
                {
                  "name": "USN-4587-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4587-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6053",
        "datePublished": "2014-12-15T17:27:00.000Z",
        "dateReserved": "2014-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6052 (GCVE-0-2014-6052)

    Vulnerability from nvd – Published: 2014-12-15 17:27 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ocert.org/advisories/ocert-2014-007.html x_refsource_MISC
    http://secunia.com/advisories/61682 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61506 third-party-advisoryx_refsource_SECUNIA
    https://github.com/newsoft/libvncserver/commit/85… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2014/0… mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q3/639 mailing-listx_refsource_MLIST
    http://ubuntu.com/usn/usn-2365-1 vendor-advisoryx_refsource_UBUNTU
    https://security.gentoo.org/glsa/201507-07 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/70091 vdb-entryx_refsource_BID
    http://www.debian.org/security/2014/dsa-3081 vendor-advisoryx_refsource_DEBIAN
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4587-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2014-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
              },
              {
                "name": "61682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61682"
              },
              {
                "name": "openSUSE-SU-2015:2207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
              },
              {
                "name": "61506",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61506"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
              },
              {
                "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
              },
              {
                "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/639"
              },
              {
                "name": "USN-2365-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-2365-1"
              },
              {
                "name": "GLSA-201507-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-07"
              },
              {
                "name": "70091",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70091"
              },
              {
                "name": "DSA-3081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3081"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
              },
              {
                "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
              },
              {
                "name": "USN-4587-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4587-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T12:06:26.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "name": "61682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61682"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "name": "61506",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "USN-2365-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-2365-1"
            },
            {
              "name": "GLSA-201507-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "70091",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70091"
            },
            {
              "name": "DSA-3081",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4587-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6052",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
                },
                {
                  "name": "61682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61682"
                },
                {
                  "name": "openSUSE-SU-2015:2207",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
                },
                {
                  "name": "61506",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61506"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
                },
                {
                  "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
                },
                {
                  "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/639"
                },
                {
                  "name": "USN-2365-1",
                  "refsource": "UBUNTU",
                  "url": "http://ubuntu.com/usn/usn-2365-1"
                },
                {
                  "name": "GLSA-201507-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-07"
                },
                {
                  "name": "70091",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70091"
                },
                {
                  "name": "DSA-3081",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3081"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
                },
                {
                  "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
                },
                {
                  "name": "USN-4587-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4587-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6052",
        "datePublished": "2014-12-15T17:27:00.000Z",
        "dateReserved": "2014-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6054 (GCVE-0-2014-6054)

    Vulnerability from nvd – Published: 2014-10-06 14:00 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ocert.org/advisories/ocert-2014-007.html x_refsource_MISC
    http://www.securityfocus.com/bid/70094 vdb-entryx_refsource_BID
    http://secunia.com/advisories/61682 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    https://github.com/newsoft/libvncserver/commit/05… x_refsource_CONFIRM
    http://secunia.com/advisories/61506 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/0… mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q3/639 mailing-listx_refsource_MLIST
    https://security.gentoo.org/glsa/201507-07 vendor-advisoryx_refsource_GENTOO
    http://www.ubuntu.com/usn/USN-2365-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2014/dsa-3081 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4587-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2014-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.327Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
              },
              {
                "name": "70094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70094"
              },
              {
                "name": "61682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61682"
              },
              {
                "name": "openSUSE-SU-2015:2207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
              },
              {
                "name": "61506",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61506"
              },
              {
                "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
              },
              {
                "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/639"
              },
              {
                "name": "GLSA-201507-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-07"
              },
              {
                "name": "USN-2365-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2365-1"
              },
              {
                "name": "DSA-3081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3081"
              },
              {
                "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
              },
              {
                "name": "USN-4587-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4587-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T12:06:22.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "name": "70094",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70094"
            },
            {
              "name": "61682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61682"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
            },
            {
              "name": "61506",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "GLSA-201507-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "USN-2365-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2365-1"
            },
            {
              "name": "DSA-3081",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4587-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6054",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
                },
                {
                  "name": "70094",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70094"
                },
                {
                  "name": "61682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61682"
                },
                {
                  "name": "openSUSE-SU-2015:2207",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
                },
                {
                  "name": "61506",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61506"
                },
                {
                  "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
                },
                {
                  "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/639"
                },
                {
                  "name": "GLSA-201507-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-07"
                },
                {
                  "name": "USN-2365-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2365-1"
                },
                {
                  "name": "DSA-3081",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3081"
                },
                {
                  "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
                },
                {
                  "name": "USN-4587-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4587-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6054",
        "datePublished": "2014-10-06T14:00:00.000Z",
        "dateReserved": "2014-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6055 (GCVE-0-2014-6055)

    Vulnerability from nvd – Published: 2014-09-30 16:00 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-09-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
              },
              {
                "name": "openSUSE-SU-2015:2207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
              },
              {
                "name": "61506",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61506"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
              },
              {
                "name": "RHSA-2015:0113",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
              },
              {
                "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
              },
              {
                "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/639"
              },
              {
                "name": "GLSA-201507-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-07"
              },
              {
                "name": "70096",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70096"
              },
              {
                "name": "DSA-3081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3081"
              },
              {
                "name": "libvncserver-cve20146055-bo(96187)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
              },
              {
                "name": "FEDORA-2014-11537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
              },
              {
                "name": "FEDORA-2014-11685",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
              },
              {
                "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
              },
              {
                "name": "USN-4587-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4587-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T12:06:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "name": "61506",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
            },
            {
              "name": "RHSA-2015:0113",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "GLSA-201507-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "70096",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70096"
            },
            {
              "name": "DSA-3081",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "name": "libvncserver-cve20146055-bo(96187)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
            },
            {
              "name": "FEDORA-2014-11537",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
            },
            {
              "name": "FEDORA-2014-11685",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4587-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6055",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
                },
                {
                  "name": "openSUSE-SU-2015:2207",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
                },
                {
                  "name": "61506",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61506"
                },
                {
                  "name": "https://www.kde.org/info/security/advisory-20140923-1.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
                },
                {
                  "name": "RHSA-2015:0113",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
                },
                {
                  "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
                },
                {
                  "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/639"
                },
                {
                  "name": "GLSA-201507-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-07"
                },
                {
                  "name": "70096",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70096"
                },
                {
                  "name": "DSA-3081",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3081"
                },
                {
                  "name": "libvncserver-cve20146055-bo(96187)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
                },
                {
                  "name": "FEDORA-2014-11537",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
                },
                {
                  "name": "FEDORA-2014-11685",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
                },
                {
                  "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
                },
                {
                  "name": "USN-4587-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4587-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6055",
        "datePublished": "2014-09-30T16:00:00.000Z",
        "dateReserved": "2014-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6051 (GCVE-0-2014-6051)

    Vulnerability from nvd – Published: 2014-09-30 16:00 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ocert.org/advisories/ocert-2014-007.html x_refsource_MISC
    https://security.gentoo.org/glsa/201612-36 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    https://github.com/newsoft/libvncserver/commit/04… x_refsource_CONFIRM
    http://secunia.com/advisories/61506 third-party-advisoryx_refsource_SECUNIA
    https://www.kde.org/info/security/advisory-201409… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2015-0113.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2014/0… mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q3/639 mailing-listx_refsource_MLIST
    https://security.gentoo.org/glsa/201507-07 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/70093 vdb-entryx_refsource_BID
    http://www.debian.org/security/2014/dsa-3081 vendor-advisoryx_refsource_DEBIAN
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4587-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2014-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
              },
              {
                "name": "GLSA-201612-36",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201612-36"
              },
              {
                "name": "openSUSE-SU-2015:2207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
              },
              {
                "name": "61506",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61506"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
              },
              {
                "name": "RHSA-2015:0113",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
              },
              {
                "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
              },
              {
                "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/639"
              },
              {
                "name": "GLSA-201507-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-07"
              },
              {
                "name": "70093",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70093"
              },
              {
                "name": "DSA-3081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3081"
              },
              {
                "name": "FEDORA-2014-11537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
              },
              {
                "name": "FEDORA-2014-11685",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
              },
              {
                "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
              },
              {
                "name": "USN-4587-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4587-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T12:06:24.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "name": "GLSA-201612-36",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201612-36"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
            },
            {
              "name": "61506",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
            },
            {
              "name": "RHSA-2015:0113",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "GLSA-201507-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "70093",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70093"
            },
            {
              "name": "DSA-3081",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "name": "FEDORA-2014-11537",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
            },
            {
              "name": "FEDORA-2014-11685",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4587-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6051",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
                },
                {
                  "name": "GLSA-201612-36",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201612-36"
                },
                {
                  "name": "openSUSE-SU-2015:2207",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
                },
                {
                  "name": "61506",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61506"
                },
                {
                  "name": "https://www.kde.org/info/security/advisory-20140923-1.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
                },
                {
                  "name": "RHSA-2015:0113",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
                },
                {
                  "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
                },
                {
                  "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/639"
                },
                {
                  "name": "GLSA-201507-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-07"
                },
                {
                  "name": "70093",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70093"
                },
                {
                  "name": "DSA-3081",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3081"
                },
                {
                  "name": "FEDORA-2014-11537",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
                },
                {
                  "name": "FEDORA-2014-11685",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
                },
                {
                  "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
                },
                {
                  "name": "USN-4587-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4587-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6051",
        "datePublished": "2014-09-30T16:00:00.000Z",
        "dateReserved": "2014-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2450 (GCVE-0-2006-2450)

    Vulnerability from nvd – Published: 2006-07-14 22:00 – Updated: 2024-08-07 17:51
    VLAI
    Summary
    auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824 x_refsource_MISC
    http://secunia.com/advisories/24525 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/2797 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/21349 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200608-05.xml vendor-advisoryx_refsource_GENTOO
    http://security.gentoo.org/glsa/glsa-200703-19.xml vendor-advisoryx_refsource_GENTOO
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    http://secunia.com/advisories/20940 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/21393 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200608-12.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/21405 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/18977 vdb-entryx_refsource_BID
    http://libvncserver.cvs.sourceforge.net/libvncser… x_refsource_CONFIRM
    http://secunia.com/advisories/21179 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/442986/100… mailing-listx_refsource_BUGTRAQ
    http://seclists.org/fulldisclosure/2022/May/29 mailing-listx_refsource_FULLDISC
    Date Public
    2006-07-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:51:04.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2006:042",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824"
              },
              {
                "name": "24525",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24525"
              },
              {
                "name": "ADV-2006-2797",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2797"
              },
              {
                "name": "21349",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21349"
              },
              {
                "name": "GLSA-200608-05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200608-05.xml"
              },
              {
                "name": "GLSA-200703-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200703-19.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=431724\u0026group_id=32584"
              },
              {
                "name": "20940",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20940"
              },
              {
                "name": "21393",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21393"
              },
              {
                "name": "GLSA-200608-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200608-12.xml"
              },
              {
                "name": "21405",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21405"
              },
              {
                "name": "18977",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18977"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11\u0026r2=1.14\u0026diff_format=u"
              },
              {
                "name": "21179",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21179"
              },
              {
                "name": "20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/442986/100/0/threaded"
              },
              {
                "name": "20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/May/29"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as \"Type 1 - None\", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-13T17:06:09.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SUSE-SA:2006:042",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824"
            },
            {
              "name": "24525",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24525"
            },
            {
              "name": "ADV-2006-2797",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2797"
            },
            {
              "name": "21349",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21349"
            },
            {
              "name": "GLSA-200608-05",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200608-05.xml"
            },
            {
              "name": "GLSA-200703-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200703-19.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=431724\u0026group_id=32584"
            },
            {
              "name": "20940",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20940"
            },
            {
              "name": "21393",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21393"
            },
            {
              "name": "GLSA-200608-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200608-12.xml"
            },
            {
              "name": "21405",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21405"
            },
            {
              "name": "18977",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18977"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11\u0026r2=1.14\u0026diff_format=u"
            },
            {
              "name": "21179",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21179"
            },
            {
              "name": "20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/442986/100/0/threaded"
            },
            {
              "name": "20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/May/29"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2006-2450",
        "datePublished": "2006-07-14T22:00:00.000Z",
        "dateReserved": "2006-05-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:51:04.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6053 (GCVE-0-2014-6053)

    Vulnerability from cvelistv5 – Published: 2014-12-15 17:27 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ocert.org/advisories/ocert-2014-007.html x_refsource_MISC
    https://github.com/newsoft/libvncserver/commit/60… x_refsource_CONFIRM
    http://secunia.com/advisories/61682 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61506 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/0… mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q3/639 mailing-listx_refsource_MLIST
    http://ubuntu.com/usn/usn-2365-1 vendor-advisoryx_refsource_UBUNTU
    https://security.gentoo.org/glsa/201507-07 vendor-advisoryx_refsource_GENTOO
    http://www.debian.org/security/2014/dsa-3081 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4573-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4587-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2014-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
              },
              {
                "name": "61682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61682"
              },
              {
                "name": "openSUSE-SU-2015:2207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
              },
              {
                "name": "61506",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61506"
              },
              {
                "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
              },
              {
                "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/639"
              },
              {
                "name": "USN-2365-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-2365-1"
              },
              {
                "name": "GLSA-201507-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-07"
              },
              {
                "name": "DSA-3081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3081"
              },
              {
                "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
              },
              {
                "name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
              },
              {
                "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
              },
              {
                "name": "USN-4573-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4573-1/"
              },
              {
                "name": "USN-4587-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4587-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T12:06:25.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
            },
            {
              "name": "61682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61682"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "name": "61506",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "USN-2365-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-2365-1"
            },
            {
              "name": "GLSA-201507-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "DSA-3081",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
            },
            {
              "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
            },
            {
              "name": "USN-4573-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4573-1/"
            },
            {
              "name": "USN-4587-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6053",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28"
                },
                {
                  "name": "61682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61682"
                },
                {
                  "name": "openSUSE-SU-2015:2207",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
                },
                {
                  "name": "61506",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61506"
                },
                {
                  "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
                },
                {
                  "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/639"
                },
                {
                  "name": "USN-2365-1",
                  "refsource": "UBUNTU",
                  "url": "http://ubuntu.com/usn/usn-2365-1"
                },
                {
                  "name": "GLSA-201507-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-07"
                },
                {
                  "name": "DSA-3081",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3081"
                },
                {
                  "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
                },
                {
                  "name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
                },
                {
                  "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
                },
                {
                  "name": "USN-4573-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4573-1/"
                },
                {
                  "name": "USN-4587-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4587-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6053",
        "datePublished": "2014-12-15T17:27:00.000Z",
        "dateReserved": "2014-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6052 (GCVE-0-2014-6052)

    Vulnerability from cvelistv5 – Published: 2014-12-15 17:27 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ocert.org/advisories/ocert-2014-007.html x_refsource_MISC
    http://secunia.com/advisories/61682 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61506 third-party-advisoryx_refsource_SECUNIA
    https://github.com/newsoft/libvncserver/commit/85… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2014/0… mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q3/639 mailing-listx_refsource_MLIST
    http://ubuntu.com/usn/usn-2365-1 vendor-advisoryx_refsource_UBUNTU
    https://security.gentoo.org/glsa/201507-07 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/70091 vdb-entryx_refsource_BID
    http://www.debian.org/security/2014/dsa-3081 vendor-advisoryx_refsource_DEBIAN
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4587-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2014-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
              },
              {
                "name": "61682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61682"
              },
              {
                "name": "openSUSE-SU-2015:2207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
              },
              {
                "name": "61506",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61506"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
              },
              {
                "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
              },
              {
                "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/639"
              },
              {
                "name": "USN-2365-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-2365-1"
              },
              {
                "name": "GLSA-201507-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-07"
              },
              {
                "name": "70091",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70091"
              },
              {
                "name": "DSA-3081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3081"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
              },
              {
                "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
              },
              {
                "name": "USN-4587-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4587-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T12:06:26.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "name": "61682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61682"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "name": "61506",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "USN-2365-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-2365-1"
            },
            {
              "name": "GLSA-201507-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "70091",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70091"
            },
            {
              "name": "DSA-3081",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4587-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6052",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
                },
                {
                  "name": "61682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61682"
                },
                {
                  "name": "openSUSE-SU-2015:2207",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
                },
                {
                  "name": "61506",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61506"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812"
                },
                {
                  "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
                },
                {
                  "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/639"
                },
                {
                  "name": "USN-2365-1",
                  "refsource": "UBUNTU",
                  "url": "http://ubuntu.com/usn/usn-2365-1"
                },
                {
                  "name": "GLSA-201507-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-07"
                },
                {
                  "name": "70091",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70091"
                },
                {
                  "name": "DSA-3081",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3081"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
                },
                {
                  "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
                },
                {
                  "name": "USN-4587-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4587-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6052",
        "datePublished": "2014-12-15T17:27:00.000Z",
        "dateReserved": "2014-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6054 (GCVE-0-2014-6054)

    Vulnerability from cvelistv5 – Published: 2014-10-06 14:00 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ocert.org/advisories/ocert-2014-007.html x_refsource_MISC
    http://www.securityfocus.com/bid/70094 vdb-entryx_refsource_BID
    http://secunia.com/advisories/61682 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    https://github.com/newsoft/libvncserver/commit/05… x_refsource_CONFIRM
    http://secunia.com/advisories/61506 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/0… mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q3/639 mailing-listx_refsource_MLIST
    https://security.gentoo.org/glsa/201507-07 vendor-advisoryx_refsource_GENTOO
    http://www.ubuntu.com/usn/USN-2365-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2014/dsa-3081 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4587-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2014-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.327Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
              },
              {
                "name": "70094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70094"
              },
              {
                "name": "61682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61682"
              },
              {
                "name": "openSUSE-SU-2015:2207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
              },
              {
                "name": "61506",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61506"
              },
              {
                "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
              },
              {
                "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/639"
              },
              {
                "name": "GLSA-201507-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-07"
              },
              {
                "name": "USN-2365-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2365-1"
              },
              {
                "name": "DSA-3081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3081"
              },
              {
                "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
              },
              {
                "name": "USN-4587-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4587-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T12:06:22.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "name": "70094",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70094"
            },
            {
              "name": "61682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61682"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
            },
            {
              "name": "61506",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "GLSA-201507-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "USN-2365-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2365-1"
            },
            {
              "name": "DSA-3081",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4587-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6054",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
                },
                {
                  "name": "70094",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70094"
                },
                {
                  "name": "61682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61682"
                },
                {
                  "name": "openSUSE-SU-2015:2207",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
                },
                {
                  "name": "61506",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61506"
                },
                {
                  "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
                },
                {
                  "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/639"
                },
                {
                  "name": "GLSA-201507-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-07"
                },
                {
                  "name": "USN-2365-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2365-1"
                },
                {
                  "name": "DSA-3081",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3081"
                },
                {
                  "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
                },
                {
                  "name": "USN-4587-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4587-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6054",
        "datePublished": "2014-10-06T14:00:00.000Z",
        "dateReserved": "2014-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6055 (GCVE-0-2014-6055)

    Vulnerability from cvelistv5 – Published: 2014-09-30 16:00 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-09-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
              },
              {
                "name": "openSUSE-SU-2015:2207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
              },
              {
                "name": "61506",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61506"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
              },
              {
                "name": "RHSA-2015:0113",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
              },
              {
                "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
              },
              {
                "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/639"
              },
              {
                "name": "GLSA-201507-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-07"
              },
              {
                "name": "70096",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70096"
              },
              {
                "name": "DSA-3081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3081"
              },
              {
                "name": "libvncserver-cve20146055-bo(96187)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
              },
              {
                "name": "FEDORA-2014-11537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
              },
              {
                "name": "FEDORA-2014-11685",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
              },
              {
                "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
              },
              {
                "name": "USN-4587-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4587-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T12:06:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "name": "61506",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
            },
            {
              "name": "RHSA-2015:0113",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "GLSA-201507-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "70096",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70096"
            },
            {
              "name": "DSA-3081",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "name": "libvncserver-cve20146055-bo(96187)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
            },
            {
              "name": "FEDORA-2014-11537",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
            },
            {
              "name": "FEDORA-2014-11685",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4587-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6055",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
                },
                {
                  "name": "openSUSE-SU-2015:2207",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
                },
                {
                  "name": "61506",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61506"
                },
                {
                  "name": "https://www.kde.org/info/security/advisory-20140923-1.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
                },
                {
                  "name": "RHSA-2015:0113",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
                },
                {
                  "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
                },
                {
                  "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/639"
                },
                {
                  "name": "GLSA-201507-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-07"
                },
                {
                  "name": "70096",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70096"
                },
                {
                  "name": "DSA-3081",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3081"
                },
                {
                  "name": "libvncserver-cve20146055-bo(96187)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
                },
                {
                  "name": "FEDORA-2014-11537",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
                },
                {
                  "name": "FEDORA-2014-11685",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
                },
                {
                  "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
                },
                {
                  "name": "USN-4587-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4587-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6055",
        "datePublished": "2014-09-30T16:00:00.000Z",
        "dateReserved": "2014-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6051 (GCVE-0-2014-6051)

    Vulnerability from cvelistv5 – Published: 2014-09-30 16:00 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ocert.org/advisories/ocert-2014-007.html x_refsource_MISC
    https://security.gentoo.org/glsa/201612-36 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    https://github.com/newsoft/libvncserver/commit/04… x_refsource_CONFIRM
    http://secunia.com/advisories/61506 third-party-advisoryx_refsource_SECUNIA
    https://www.kde.org/info/security/advisory-201409… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2015-0113.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2014/0… mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q3/639 mailing-listx_refsource_MLIST
    https://security.gentoo.org/glsa/201507-07 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/70093 vdb-entryx_refsource_BID
    http://www.debian.org/security/2014/dsa-3081 vendor-advisoryx_refsource_DEBIAN
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4587-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2014-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
              },
              {
                "name": "GLSA-201612-36",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201612-36"
              },
              {
                "name": "openSUSE-SU-2015:2207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
              },
              {
                "name": "61506",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61506"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
              },
              {
                "name": "RHSA-2015:0113",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
              },
              {
                "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
              },
              {
                "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/639"
              },
              {
                "name": "GLSA-201507-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-07"
              },
              {
                "name": "70093",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70093"
              },
              {
                "name": "DSA-3081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3081"
              },
              {
                "name": "FEDORA-2014-11537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
              },
              {
                "name": "FEDORA-2014-11685",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
              },
              {
                "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
              },
              {
                "name": "USN-4587-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4587-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T12:06:24.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "name": "GLSA-201612-36",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201612-36"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
            },
            {
              "name": "61506",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
            },
            {
              "name": "RHSA-2015:0113",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "GLSA-201507-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "70093",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70093"
            },
            {
              "name": "DSA-3081",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "name": "FEDORA-2014-11537",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
            },
            {
              "name": "FEDORA-2014-11685",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4587-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6051",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
                },
                {
                  "name": "GLSA-201612-36",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201612-36"
                },
                {
                  "name": "openSUSE-SU-2015:2207",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
                },
                {
                  "name": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
                },
                {
                  "name": "61506",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61506"
                },
                {
                  "name": "https://www.kde.org/info/security/advisory-20140923-1.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
                },
                {
                  "name": "RHSA-2015:0113",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
                },
                {
                  "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
                },
                {
                  "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/639"
                },
                {
                  "name": "GLSA-201507-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-07"
                },
                {
                  "name": "70093",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70093"
                },
                {
                  "name": "DSA-3081",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3081"
                },
                {
                  "name": "FEDORA-2014-11537",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
                },
                {
                  "name": "FEDORA-2014-11685",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
                },
                {
                  "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
                },
                {
                  "name": "USN-4587-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4587-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6051",
        "datePublished": "2014-09-30T16:00:00.000Z",
        "dateReserved": "2014-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2450 (GCVE-0-2006-2450)

    Vulnerability from cvelistv5 – Published: 2006-07-14 22:00 – Updated: 2024-08-07 17:51
    VLAI
    Summary
    auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824 x_refsource_MISC
    http://secunia.com/advisories/24525 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/2797 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/21349 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200608-05.xml vendor-advisoryx_refsource_GENTOO
    http://security.gentoo.org/glsa/glsa-200703-19.xml vendor-advisoryx_refsource_GENTOO
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    http://secunia.com/advisories/20940 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/21393 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200608-12.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/21405 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/18977 vdb-entryx_refsource_BID
    http://libvncserver.cvs.sourceforge.net/libvncser… x_refsource_CONFIRM
    http://secunia.com/advisories/21179 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/442986/100… mailing-listx_refsource_BUGTRAQ
    http://seclists.org/fulldisclosure/2022/May/29 mailing-listx_refsource_FULLDISC
    Date Public
    2006-07-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:51:04.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2006:042",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824"
              },
              {
                "name": "24525",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24525"
              },
              {
                "name": "ADV-2006-2797",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2797"
              },
              {
                "name": "21349",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21349"
              },
              {
                "name": "GLSA-200608-05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200608-05.xml"
              },
              {
                "name": "GLSA-200703-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200703-19.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=431724\u0026group_id=32584"
              },
              {
                "name": "20940",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20940"
              },
              {
                "name": "21393",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21393"
              },
              {
                "name": "GLSA-200608-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200608-12.xml"
              },
              {
                "name": "21405",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21405"
              },
              {
                "name": "18977",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18977"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11\u0026r2=1.14\u0026diff_format=u"
              },
              {
                "name": "21179",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21179"
              },
              {
                "name": "20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/442986/100/0/threaded"
              },
              {
                "name": "20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/May/29"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as \"Type 1 - None\", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-13T17:06:09.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SUSE-SA:2006:042",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824"
            },
            {
              "name": "24525",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24525"
            },
            {
              "name": "ADV-2006-2797",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2797"
            },
            {
              "name": "21349",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21349"
            },
            {
              "name": "GLSA-200608-05",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200608-05.xml"
            },
            {
              "name": "GLSA-200703-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200703-19.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=431724\u0026group_id=32584"
            },
            {
              "name": "20940",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20940"
            },
            {
              "name": "21393",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21393"
            },
            {
              "name": "GLSA-200608-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200608-12.xml"
            },
            {
              "name": "21405",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21405"
            },
            {
              "name": "18977",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18977"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11\u0026r2=1.14\u0026diff_format=u"
            },
            {
              "name": "21179",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21179"
            },
            {
              "name": "20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/442986/100/0/threaded"
            },
            {
              "name": "20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/May/29"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2006-2450",
        "datePublished": "2006-07-14T22:00:00.000Z",
        "dateReserved": "2006-05-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:51:04.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }