Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for TightVNC by Kaspersky

    CVE-2019-8287 (GCVE-0-2019-8287)

    Vulnerability from nvd – Published: 2019-10-29 16:43 – Updated: 2024-08-04 21:17
    VLAI
    Summary
    TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
    Severity
    No CVSS data available.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Kaspersky TightVNC Affected: 1.3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:17:31.162Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
              },
              {
                "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TightVNC",
              "vendor": "Kaspersky",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-09T16:19:33.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
            },
            {
              "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-8287",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TightVNC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
                },
                {
                  "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-8287",
        "datePublished": "2019-10-29T16:43:30.000Z",
        "dateReserved": "2019-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T21:17:31.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15680 (GCVE-0-2019-15680)

    Vulnerability from nvd – Published: 2019-10-29 16:45 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.
    Severity
    No CVSS data available.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kaspersky TightVNC Affected: 1.3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.088Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
              },
              {
                "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
              },
              {
                "name": "USN-4407-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4407-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TightVNC",
              "vendor": "Kaspersky",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-09T16:19:04.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
            },
            {
              "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
            },
            {
              "name": "USN-4407-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4407-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-15680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TightVNC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-476: NULL Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
                },
                {
                  "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
                },
                {
                  "name": "USN-4407-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4407-1/"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-15680",
        "datePublished": "2019-10-29T16:45:52.000Z",
        "dateReserved": "2019-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15679 (GCVE-0-2019-15679)

    Vulnerability from nvd – Published: 2019-10-29 16:45 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Kaspersky TightVNC Affected: 1.3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
              },
              {
                "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TightVNC",
              "vendor": "Kaspersky",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-09T16:18:32.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
            },
            {
              "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-15679",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TightVNC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122: Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
                },
                {
                  "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-15679",
        "datePublished": "2019-10-29T16:45:04.000Z",
        "dateReserved": "2019-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15678 (GCVE-0-2019-15678)

    Vulnerability from nvd – Published: 2019-10-29 16:44 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Kaspersky TightVNC Affected: 1.3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
              },
              {
                "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TightVNC",
              "vendor": "Kaspersky",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-09T16:17:28.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
            },
            {
              "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-15678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TightVNC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122: Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
                },
                {
                  "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-15678",
        "datePublished": "2019-10-29T16:44:08.000Z",
        "dateReserved": "2019-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15680 (GCVE-0-2019-15680)

    Vulnerability from cvelistv5 – Published: 2019-10-29 16:45 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.
    Severity
    No CVSS data available.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kaspersky TightVNC Affected: 1.3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.088Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
              },
              {
                "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
              },
              {
                "name": "USN-4407-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4407-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TightVNC",
              "vendor": "Kaspersky",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-09T16:19:04.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
            },
            {
              "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
            },
            {
              "name": "USN-4407-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4407-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-15680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TightVNC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-476: NULL Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
                },
                {
                  "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
                },
                {
                  "name": "USN-4407-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4407-1/"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-15680",
        "datePublished": "2019-10-29T16:45:52.000Z",
        "dateReserved": "2019-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15679 (GCVE-0-2019-15679)

    Vulnerability from cvelistv5 – Published: 2019-10-29 16:45 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Kaspersky TightVNC Affected: 1.3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
              },
              {
                "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TightVNC",
              "vendor": "Kaspersky",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-09T16:18:32.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
            },
            {
              "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-15679",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TightVNC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122: Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
                },
                {
                  "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-15679",
        "datePublished": "2019-10-29T16:45:04.000Z",
        "dateReserved": "2019-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15678 (GCVE-0-2019-15678)

    Vulnerability from cvelistv5 – Published: 2019-10-29 16:44 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Kaspersky TightVNC Affected: 1.3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
              },
              {
                "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TightVNC",
              "vendor": "Kaspersky",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-09T16:17:28.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
            },
            {
              "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-15678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TightVNC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122: Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
                },
                {
                  "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-15678",
        "datePublished": "2019-10-29T16:44:08.000Z",
        "dateReserved": "2019-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-8287 (GCVE-0-2019-8287)

    Vulnerability from cvelistv5 – Published: 2019-10-29 16:43 – Updated: 2024-08-04 21:17
    VLAI
    Summary
    TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
    Severity
    No CVSS data available.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Kaspersky TightVNC Affected: 1.3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:17:31.162Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
              },
              {
                "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TightVNC",
              "vendor": "Kaspersky",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-09T16:19:33.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
            },
            {
              "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-8287",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TightVNC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
                },
                {
                  "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-8287",
        "datePublished": "2019-10-29T16:43:30.000Z",
        "dateReserved": "2019-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T21:17:31.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }