CRITICAL🇬🇧 English

CVE-2019-8268

CVSS 9.8v3.1pub. 2019-03-08upd. 2024-11-21

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Siemens Sinumerik Access Mymachine\/p2p

    APP
    Siemens
    < 4.8
  • Siemens Sinumerik Pcu Base Win10 Software\/ipc

    APP
    Siemens
    < 14.00
  • Siemens Sinumerik Pcu Base Win7 Software\/ipc

    APP
    Siemens
    ≤ 12.01
  • Uvnc Ultravnc

    APP
    Uvnc
    < 1.2.2.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2026-7839CRITICAL9.1ten sam produkt

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password...

CVE-2019-8271CRITICAL9.8ten sam produkt

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handle...

CVE-2019-8264CRITICAL9.8ten sam produkt

UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can p...

CVE-2019-8265CRITICAL9.8ten sam produkt

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETP...

CVE-2019-8266CRITICAL9.8ten sam produkt

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of Clie...