Summary
Detail | |||
---|---|---|---|
Vendor | David King | First view | 2011-05-10 |
Product | Vino | Last view | 2013-10-01 |
Version | 2.17 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:david_king:vino |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.1 | 2013-10-01 | CVE-2013-5745 | The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication. |
5.1 | 2013-03-12 | CVE-2011-1165 | Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks. |
4.6 | 2013-03-12 | CVE-2011-1164 | Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks. |
5 | 2012-09-30 | CVE-2012-4429 | Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900. |
3.5 | 2011-05-10 | CVE-2011-0905 | The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation. |
3.5 | 2011-05-10 | CVE-2011-0904 | The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
40% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
20% (1) | CWE-200 | Information Exposure |
20% (1) | CWE-20 | Improper Input Validation |
20% (1) | CWE-16 | Configuration |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
74333 | Vino server/libvncserver/rfbserver.c rfbSendFramebufferUpdate() Function Tigh... |
74332 | Vino server/libvncserver/rfbserver.c rfbSendFramebufferUpdate() Function Raw ... |
ExploitDB Exploits
id | Description |
---|---|
28338 | Vino VNC Server 3.7.3 - Persistent Denial of Service |
OpenVAS Exploits
id | Description |
---|---|
2011-08-03 | Name : Debian Security Advisory DSA 2238-1 (vino) File : nvt/deb_2238_1.nasl |
2011-05-23 | Name : Fedora Update for vino FEDORA-2011-6773 File : nvt/gb_fedora_2011_6773_vino_fc14.nasl |
2011-05-23 | Name : Fedora Update for vino FEDORA-2011-6778 File : nvt/gb_fedora_2011_6778_vino_fc13.nasl |
2011-05-17 | Name : Mandriva Update for vino MDVSA-2011:087 (vino) File : nvt/gb_mandriva_MDVSA_2011_087.nasl |
2011-05-10 | Name : Ubuntu Update for vino USN-1128-1 File : nvt/gb_ubuntu_USN_1128_1.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-06-28 | Vino VNC multiple client authentication denial of service attempt RuleID : 31082 - Type : SERVER-OTHER - Revision : 4 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_vino_20140225.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_vino_20130521.nasl - Type: ACT_GATHER_INFO |
2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_vino-110509.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_vino-110509.nasl - Type: ACT_GATHER_INFO |
2013-11-07 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_vino-131017.nasl - Type: ACT_GATHER_INFO |
2013-10-25 | Name: The remote Fedora host is missing a security update. File: fedora_2013-17121.nasl - Type: ACT_GATHER_INFO |
2013-10-24 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2013-1452.nasl - Type: ACT_GATHER_INFO |
2013-10-24 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20131022_vino_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2013-10-23 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-1452.nasl - Type: ACT_GATHER_INFO |
2013-10-23 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2013-1452.nasl - Type: ACT_GATHER_INFO |
2013-10-01 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1980-1.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2013-0169.nasl - Type: ACT_GATHER_INFO |
2013-01-24 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2013-0169.nasl - Type: ACT_GATHER_INFO |
2013-01-23 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1701-1.nasl - Type: ACT_GATHER_INFO |
2013-01-23 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20130121_vino_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2013-01-22 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-0169.nasl - Type: ACT_GATHER_INFO |
2011-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_vino-7531.nasl - Type: ACT_GATHER_INFO |
2011-06-13 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1128-1.nasl - Type: ACT_GATHER_INFO |
2011-06-09 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_vino-110518.nasl - Type: ACT_GATHER_INFO |
2011-06-09 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_vino-7532.nasl - Type: ACT_GATHER_INFO |
2011-05-20 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2238.nasl - Type: ACT_GATHER_INFO |
2011-05-18 | Name: The remote Fedora host is missing a security update. File: fedora_2011-6778.nasl - Type: ACT_GATHER_INFO |
2011-05-18 | Name: The remote Fedora host is missing a security update. File: fedora_2011-6773.nasl - Type: ACT_GATHER_INFO |
2011-05-17 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2011-087.nasl - Type: ACT_GATHER_INFO |