Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2019-15694

Published: 26/12/2019 Updated: 16/10/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Tigervnc

Vulnerability Summary

TigerVNC version before 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tigervnc tigervnc

opensuse leap 15.1

Vendor Advisories

Red Hat: Moderate: tigervnc security update
Synopsis Moderate: tigervnc security update Type/Severity Security Advisory: Moderate Topic An update for tigervnc is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Debian CVElist Bug Report Logs: tigervnc: CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695
Debian Bug report logs - #947428 tigervnc: CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695 Package: src:tigervnc; Maintainer for src:tigervnc is TigerVNC Packaging Team <pkg-tigervnc-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 26 Dec 2019 ...
Amazon Linux 2: ALAS2-2020-1552
TigerVNC version prior to 1101 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding Exploitation of this vulnerability could potenti ...
Amazon Linux AMI: ALAS-2021-1470
TigerVNC version prior to 1101 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding Exploitation of this vulnerability could potenti ...
Palo Alto Networks Security Advisory: PAN-SA-2019-0004 Cross-Site Scripting in Expedition Migration Tool
PAN-SA-2019-0004 Cross-Site Scripting in Expedition Migration Tool ...

References

CWE-787https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1https://www.openwall.com/lists/oss-security/2019/12/20/2https://github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.htmlhttps://access.redhat.com/errata/RHSA-2020:1497https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2020-1552.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook