Siemens: >> Simatic Itc1900 Firmware >> 3.0.0.0 Security Vulnerabilities
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.044
Published
2020-06-30
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
CVSS Score
6.5
EPSS Score
0.016
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
CVSS Score
5.4
EPSS Score
0.014
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
CVSS Score
5.4
EPSS Score
0.009
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
CVSS Score
5.4
EPSS Score
0.01
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-06-17
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
CVSS Score
7.5
EPSS Score
0.039
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
CVSS Score
7.5
EPSS Score
0.016
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-06-17
Page 1