Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2019-15681

Published: 29/10/2019 Updated: 05/04/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an malicious user to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libvnc project libvncserver

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

debian debian linux 8.0

debian debian linux 9.0

siemens simatic itc1500 firmware

siemens simatic itc1500 pro firmware

siemens simatic itc1900 firmware

siemens simatic itc1900 pro firmware

siemens simatic itc2200 firmware

siemens simatic itc2200 pro firmware

Vendor Advisories

Debian CVElist Bug Report Logs: libvncserver: CVE-2019-15681
Debian Bug report logs - #943793 libvncserver: CVE-2019-15681 Package: src:libvncserver; Maintainer for src:libvncserver is Peter Spiess-Knafl <dev@spiessknaflat>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 29 Oct 2019 21:18:02 UTC Severity: grave Tags: security, upstream Found in versions lib ...

ICS Advisories

Siemens SIMATIC ITC
Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems

References

CWE-665https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82ahttps://lists.debian.org/debian-lts-announce/2019/10/msg00039.htmlhttps://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://lists.debian.org/debian-lts-announce/2019/11/msg00032.htmlhttps://lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.htmlhttps://usn.ubuntu.com/4407-1/http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.htmlhttps://usn.ubuntu.com/4547-1/https://usn.ubuntu.com/4573-1/https://usn.ubuntu.com/4587-1/https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdfhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943793https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-12
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995CVE-2024-36680CVE-2024-35537unauthorizedCVE-2024-21518CVE-2024-37673cross-site scriptingSSRFCVE-2024-6241
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook