var-201910-1737
Vulnerability from variot
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. LibVNC Contains vulnerabilities related to lack of effective post-lifetime resource release and initialization vulnerabilities.Information may be obtained. ========================================================================== Ubuntu Security Notice USN-4407-1 July 01, 2020
libvncserver vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in LibVNCServer.
Software Description: - libvncserver: vnc server library
Details:
It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2019-15680)
It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681)
It was discovered that LibVNCServer incorrectly handled cursor shape updates. If a user were tricked in to connecting to a malicious server, an attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15690, CVE-2019-20788)
It was discovered that LibVNCServer incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2017-18922)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: libvncclient1 0.9.12+dfsg-9ubuntu0.1 libvncserver1 0.9.12+dfsg-9ubuntu0.1
Ubuntu 19.10: libvncclient1 0.9.11+dfsg-1.3ubuntu0.1 libvncserver1 0.9.11+dfsg-1.3ubuntu0.1
Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.2 libvncserver1 0.9.11+dfsg-1ubuntu1.2
Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.4 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.4
After a standard system update you need to restart LibVNCServer to make all the necessary changes.
References: https://usn.ubuntu.com/4407-1 CVE-2017-18922, CVE-2019-15680, CVE-2019-15681, CVE-2019-15690, CVE-2019-20788
Package Information: https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.3ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.2 https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.4 .
Software Description: - italc: didact tool which allows teachers to view and control computer labs
Details:
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. (CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)
Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. (CVE-2016-9941, CVE-2016-9942)
It was discovered that iTALC had an out-of-bounds write, multiple heap out-of-bounds writes, an infinite loop, improper initializations, and null pointer vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1737",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic itc2200",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "libvncserver",
"scope": "lt",
"trust": 1.0,
"vendor": "libvnc",
"version": "0.9.12"
},
{
"model": "simatic itc1500 pro",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "simatic itc2200 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "simatic itc1900 pro",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "simatic itc2200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "simatic itc1900",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "simatic itc1500",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "simatic itc2200 pro",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "simatic itc1900 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "simatic itc1500 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "simatic itc1900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "simatic itc1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "libvncserver",
"scope": "lt",
"trust": 0.8,
"vendor": "libvnc",
"version": "d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011494"
},
{
"db": "NVD",
"id": "CVE-2019-15681"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:libvncserver_project:libvncserver",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011494"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "159308"
},
{
"db": "PACKETSTORM",
"id": "158281"
},
{
"db": "PACKETSTORM",
"id": "159499"
},
{
"db": "PACKETSTORM",
"id": "159669"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1689"
}
],
"trust": 1.0
},
"cve": "CVE-2019-15681",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15681",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15681",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15681",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15681",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15681",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1689",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011494"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1689"
},
{
"db": "NVD",
"id": "CVE-2019-15681"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. LibVNC Contains vulnerabilities related to lack of effective post-lifetime resource release and initialization vulnerabilities.Information may be obtained. ==========================================================================\nUbuntu Security Notice USN-4407-1\nJuly 01, 2020\n\nlibvncserver vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in LibVNCServer. \n\nSoftware Description:\n- libvncserver: vnc server library\n\nDetails:\n\nIt was discovered that LibVNCServer incorrectly handled decompressing\ndata. An\nattacker could possibly use this issue to cause LibVNCServer to crash,\nresulting in a denial of service. (CVE-2019-15680)\n\nIt was discovered that an information disclosure vulnerability existed in\nLibVNCServer when sending a ServerCutText message. An attacker could\npossibly\nuse this issue to expose sensitive information. This issue only affected\nUbuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681)\n\nIt was discovered that LibVNCServer incorrectly handled cursor shape\nupdates. \nIf a user were tricked in to connecting to a malicious server, an attacker\ncould possibly use this issue to cause LibVNCServer to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. \n(CVE-2019-15690, CVE-2019-20788)\n\nIt was discovered that LibVNCServer incorrectly handled decoding WebSocket\nframes. An attacker could possibly use this issue to cause LibVNCServer to\ncrash, resulting in a denial of service, or possibly execute arbitrary code. \nThis issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu\n16.04 LTS. \n(CVE-2017-18922)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\nlibvncclient1 0.9.12+dfsg-9ubuntu0.1\nlibvncserver1 0.9.12+dfsg-9ubuntu0.1\n\nUbuntu 19.10:\nlibvncclient1 0.9.11+dfsg-1.3ubuntu0.1\nlibvncserver1 0.9.11+dfsg-1.3ubuntu0.1\n\nUbuntu 18.04 LTS:\nlibvncclient1 0.9.11+dfsg-1ubuntu1.2\nlibvncserver1 0.9.11+dfsg-1ubuntu1.2\n\nUbuntu 16.04 LTS:\nlibvncclient1 0.9.10+dfsg-3ubuntu0.16.04.4\nlibvncserver1 0.9.10+dfsg-3ubuntu0.16.04.4\n\nAfter a standard system update you need to restart LibVNCServer to make\nall the necessary changes. \n\nReferences:\nhttps://usn.ubuntu.com/4407-1\nCVE-2017-18922, CVE-2019-15680, CVE-2019-15681, CVE-2019-15690,\nCVE-2019-20788\n\nPackage Information:\nhttps://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.1\nhttps://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.3ubuntu0.1\nhttps://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.2\nhttps://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.4\n. \n\nSoftware Description:\n- italc: didact tool which allows teachers to view and control computer labs\n\nDetails:\n\nNicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors\nand didn\u0027t check malloc return values. \n(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)\n\nJosef Gajdusek discovered that iTALC had heap-based buffer overflow\nvulnerabilities. (CVE-2016-9941, CVE-2016-9942)\n\nIt was discovered that iTALC had an out-of-bounds write, multiple heap\nout-of-bounds writes, an infinite loop, improper initializations, and null\npointer vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15681"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011494"
},
{
"db": "PACKETSTORM",
"id": "159308"
},
{
"db": "PACKETSTORM",
"id": "158281"
},
{
"db": "PACKETSTORM",
"id": "159499"
},
{
"db": "PACKETSTORM",
"id": "159669"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15681",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-390195",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011494",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159308",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158281",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159499",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159669",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4771",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3625",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1266",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3329.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2515",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1572",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3329",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4523",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3465",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4033",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121649",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1689",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011494"
},
{
"db": "PACKETSTORM",
"id": "159308"
},
{
"db": "PACKETSTORM",
"id": "158281"
},
{
"db": "PACKETSTORM",
"id": "159499"
},
{
"db": "PACKETSTORM",
"id": "159669"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1689"
},
{
"db": "NVD",
"id": "CVE-2019-15681"
}
]
},
"id": "VAR-201910-1737",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33603895
},
"last_update_date": "2024-11-23T21:09:15.201000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "rfbserver: don\u0027t leak stack memory to the remote",
"trust": 0.8,
"url": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a"
},
{
"title": "LibVNCServer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101622"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011494"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1689"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-665",
"trust": 1.8
},
{
"problemtype": "CWE-772",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011494"
},
{
"db": "NVD",
"id": "CVE-2019-15681"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"trust": 2.2,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15681"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html"
},
{
"trust": 1.6,
"url": "https://github.com/libvnc/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4407-1/"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4573-1/"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4587-1/"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4547-1/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15681"
},
{
"trust": 0.6,
"url": "https://security-tracker.debian.org/tracker/dla-1977-1"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libvnc-information-disclosure-via-rfbsendservercuttext-30750"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3329/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3625/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4523/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4771/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4033/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3329.2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159669/ubuntu-security-notice-usn-4587-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2515/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159308/ubuntu-security-notice-usn-4547-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3465/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121649"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1572/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158281/ubuntu-security-notice-usn-4407-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1266/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159499/ubuntu-security-notice-usn-4573-1.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20023"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20024"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20749"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20022"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4547-1"
},
{
"trust": 0.1,
"url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4407-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15680"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18922"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20788"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vino/3.8.1-0ubuntu9.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14404"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14402"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vino/3.22.0-5ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14403"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vino/3.22.0-3ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14397"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4573-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6053"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20019"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20020"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6055"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4587-1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011494"
},
{
"db": "PACKETSTORM",
"id": "159308"
},
{
"db": "PACKETSTORM",
"id": "158281"
},
{
"db": "PACKETSTORM",
"id": "159499"
},
{
"db": "PACKETSTORM",
"id": "159669"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1689"
},
{
"db": "NVD",
"id": "CVE-2019-15681"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011494"
},
{
"db": "PACKETSTORM",
"id": "159308"
},
{
"db": "PACKETSTORM",
"id": "158281"
},
{
"db": "PACKETSTORM",
"id": "159499"
},
{
"db": "PACKETSTORM",
"id": "159669"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1689"
},
{
"db": "NVD",
"id": "CVE-2019-15681"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011494"
},
{
"date": "2020-09-28T20:30:26",
"db": "PACKETSTORM",
"id": "159308"
},
{
"date": "2020-07-02T15:43:16",
"db": "PACKETSTORM",
"id": "158281"
},
{
"date": "2020-10-07T16:06:41",
"db": "PACKETSTORM",
"id": "159499"
},
{
"date": "2020-10-21T21:38:07",
"db": "PACKETSTORM",
"id": "159669"
},
{
"date": "2019-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1689"
},
{
"date": "2019-10-29T19:15:18.127000",
"db": "NVD",
"id": "CVE-2019-15681"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011494"
},
{
"date": "2021-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1689"
},
{
"date": "2024-11-21T04:29:15.050000",
"db": "NVD",
"id": "CVE-2019-15681"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159308"
},
{
"db": "PACKETSTORM",
"id": "159499"
},
{
"db": "PACKETSTORM",
"id": "159669"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1689"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LibVNC Vulnerabilities related to lack of effective post-lifetime resource release",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011494"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1689"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.