MidnightBSD

Advisories for tightvnc

CVE-2002-0971 MEDIUM

Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
att winvnc_server *
att winvnc_server 3.3.3_r7
tridia tridiavnc 1.5.1
tightvnc tightvnc 1.2.1
tightvnc tightvnc 1.2.5
tridia tridiavnc 1.5.4
tridia tridiavnc 1.5.2
tightvnc tightvnc 1.2.0
tridia tridiavnc 1.5
CVE-2002-1336 HIGH

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
tightvnc tightvnc 1.2.1
tightvnc tightvnc 1.2.5
tightvnc tightvnc 1.2.4
tightvnc tightvnc 1.2.0
tightvnc tightvnc 1.2.3
CVE-2002-1511 MEDIUM

The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
tightvnc tightvnc 1.2.1
tightvnc tightvnc 1.2.5
att vnc 3.3.4
att vnc 3.3.5
tightvnc tightvnc 1.2.4
att vnc 3.3.3
att vnc 3.3.6
att vnc 3.3.3r2
tightvnc tightvnc 1.2.0
tightvnc tightvnc 1.2.3
tightvnc tightvnc 1.2.2
CVE-2002-1848 LOW

TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
tightvnc tightvnc 1.2.1
tightvnc tightvnc 1.2
tightvnc tightvnc 1.2.3
tightvnc tightvnc 1.2.2
CVE-2019-15678 HIGH

TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
tightvnc tightvnc 1.3.10
CVE-2019-15679 HIGH

TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
tightvnc tightvnc 1.3.10
CVE-2019-15680 MEDIUM

TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
tightvnc tightvnc 1.3.10
CVE-2019-8287 HIGH

TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
tightvnc tightvnc 1.3.10
CVE-2021-42785 HIGH

Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
tightvnc tightvnc *
CVE-2023-27830

TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.

Products Affected

Vendor Product Version
tightvnc tightvnc *