Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tightvnc
(Tightvnc)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-12 | CVE-2023-27830 | TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account. | Tightvnc | 9.0 | ||
| 2021-11-23 | CVE-2021-42785 | Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server. | Tightvnc | 9.8 | ||
| 2019-10-29 | CVE-2019-8287 | TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. | Tightvnc | 9.8 | ||
| 2019-10-29 | CVE-2019-15680 | TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. | Tightvnc | 7.5 | ||
| 2019-10-29 | CVE-2019-15679 | TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. | Tightvnc | 9.8 | ||
| 2019-10-29 | CVE-2019-15678 | TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. | Tightvnc | 9.8 | ||
| 2009-02-04 | CVE-2009-0388 | Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp. | Tightvnc, Ultravnc | N/A | ||
| 2002-12-31 | CVE-2002-1848 | TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords. | Tightvnc | N/A | ||
| 2003-03-03 | CVE-2002-1511 | The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. | Vnc, Tightvnc | N/A | ||
| 2002-12-11 | CVE-2002-1336 | TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. | Tightvnc | N/A |