Total vulnerabilities in the database
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
| Software | From | Fixed in |
|---|---|---|
| libvncserver_project / libvncserver | - | 0.9.12 |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| canonical / ubuntu_linux | 19.10 | 19.10.x |
| canonical / ubuntu_linux | 20.04 | 20.04.x |
| opensuse / leap | 15.1 | 15.1.x |
| opensuse / leap | 15.2 | 15.2.x |
| fedoraproject / fedora | 31 | 31.x |
| fedoraproject / fedora | 32 | 32.x |
| siemens / simatic_itc1500_firmware | 3.0.0.0 | 3.2.1.0 |
| siemens / simatic_itc1500_pro_firmware | 3.0.0.0 | 3.2.1.0 |
| siemens / simatic_itc1900_firmware | 3.0.0.0 | 3.2.1.0 |
| siemens / simatic_itc1900_pro_firmware | 3.0.0.0 | 3.2.1.0 |
| siemens / simatic_itc2200_firmware | 3.0.0.0 | 3.2.1.0 |
| siemens / simatic_itc2200_pro_firmware | 3.0.0.0 | 3.2.1.0 |