Explore top 10 tips to secure your open-source projects now. Read More
×
Kaspersky Lab discovered several vulnerabilities in libvncserver, a C
library to implement VNC server/client functionalities.
CVE-2018-6307
a heap use-after-free vulnerability in the server code of the file
transfer extension, which can result in remote code execution. This
attack appears to be exploitable via network connectivity.
CVE-2018-15127
contains a heap out-of-bound write vulnerability in the server code
of the file transfer extension, which can result in remote code
execution. This attack appears to be exploitable via network
connectivity.
CVE-2018-20019
multiple heap out-of-bound write vulnerabilities in VNC client code,
which can result in remote code execution.
CVE-2018-20020
heap out-of-bound write vulnerability in a structure in VNC client
code, which can result in remote code execution.
CVE-2018-20021
CWE-835: Infinite Loop vulnerability in VNC client code. The
vulnerability could allow an attacker to consume an excessive amount
Get the latest Linux and open source security news straight to your inbox.