Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2019-15690

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow

Mitigation

Libvncserver should not be used to connect to untrusted server.

Affected Software List

Name Vendor Version
Red Hat Enterprise Linux 7 RedHat libvncserver-0:0.9.9-14.el7_7
Red Hat Enterprise Linux 8 RedHat libvncserver-0:0.9.11-9.el8_1.2
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions RedHat libvncserver-0:0.9.11-9.el8_0.2

Ubuntu

heap buffer overflow in libvncclient/cursor.c related to large cursor sizes when connected to a malicious server

Affected Software List

Name Vendor Version
Libvncserver Ubuntu/trusty end of standard support
Libvncserver Ubuntu/xenial 0.9.10+dfsg-3ubuntu0.16.04.4
Libvncserver Ubuntu/upstream TBD
Libvncserver Ubuntu/eoan 0.9.11+dfsg-1.3ubuntu0.1
Libvncserver Ubuntu/focal 0.9.12+dfsg-9ubuntu0.1
Libvncserver Ubuntu/bionic 0.9.11+dfsg-1ubuntu1.2
X11vnc Ubuntu/devel
X11vnc Ubuntu/esm-apps/noble
X11vnc Ubuntu/hirsute end of life
X11vnc Ubuntu/kinetic end of life, was needed
X11vnc Ubuntu/lunar end of life, was needed
X11vnc Ubuntu/mantic end of life, was needed
X11vnc Ubuntu/xenial end of standard support, was needed
X11vnc Ubuntu/esm-apps/focal
X11vnc Ubuntu/esm-apps/jammy
X11vnc Ubuntu/esm-apps/xenial
X11vnc Ubuntu/esm-infra-legacy/trusty
X11vnc Ubuntu/focal
X11vnc Ubuntu/groovy end of life
X11vnc Ubuntu/impish end of life
X11vnc Ubuntu/bionic end of standard support, was needed
X11vnc Ubuntu/eoan end of life
X11vnc Ubuntu/esm-apps/bionic
X11vnc Ubuntu/jammy
X11vnc Ubuntu/trusty/esm
X11vnc Ubuntu/noble
X11vnc Ubuntu/trusty end of standard support
X11vnc Ubuntu/upstream TBD
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use