An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. Date published : 2020-06-17 https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12…LibVNCServer-0.9.13
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is...
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed." Date published : 2020-06-17 https://bugzilla.redhat.com/show_bug.cgi?id=1860354 https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. Date published : 2020-06-17 https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12…LibVNCServer-0.9.13
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. Date published : 2020-06-17 https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0 https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12…LibVNCServer-0.9.13
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. Date published : 2020-06-17 https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553 https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12…LibVNCServer-0.9.13
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. Date published...
The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker...
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An...
An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for end-to-end encryption in cleartext,...
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through...
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. Date published : 2020-06-17 http://seclists.org/fulldisclosure/2020/Jun/23 http://packetstormsecurity.com/files/158111/MJML-4.6.2-Path-Traversal.html
The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. Date published : 2020-06-17 https://www.kb.cert.org/vuls/id/257161 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. Date published : 2020-06-17 https://www.kb.cert.org/vuls/id/257161 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC