English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 146377 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2019.0037
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2019-0037)
Zusammenfassung:The remote host is missing an update for the 'libvncserver, x11vnc' package(s) announced via the MGASA-2019-0037 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'libvncserver, x11vnc' package(s) announced via the MGASA-2019-0037 advisory.

Vulnerability Insight:
A heap use-after-free vulnerability in the server code of the file
transfer extension, which can result in remote code execution. This
attack appears to be exploitable via network connectivity
(CVE-2018-6307).

A heap use-after-free vulnerability in the server code of the file
transfer extension, which can result in remote code execution. This
attack appears to be exploitable via network connectivity
(CVE-2018-15126).

A heap out-of-bound write vulnerability in the server code of the file
transfer extension, which can result in remote code execution. This
attack appears to be exploitable via network connectivity
(CVE-2018-15127).

Multiple heap out-of-bound write vulnerabilities in VNC client code,
which can result in remote code execution (CVE-2018-20019).

Heap out-of-bound write vulnerability in a structure in VNC client code,
which can result in remote code execution (CVE-2018-20020).

Infinite Loop vulnerability in VNC client code. The vulnerability could
allow an attacker to consume an excessive amount of resources, such as
CPU and RAM (CVE-2018-20021).

Improper Initialization weaknesses in VNC client code, which could allow
an attacker to read stack memory and can be abused for information
disclosure. Combined with another vulnerability, it can be used to leak
stack memory layout and bypass ASLR (CVE-2018-20022).

Improper Initialization vulnerability in VNC Repeater client code, which
could allow an attacker to read stack memory and can be abused for
information disclosure. Combined with another vulnerability, it can be
used to leak stack memory layout and bypass ASLR (CVE-2018-20023).

A null pointer dereference in VNC client code, which can result in DoS
(CVE-2018-20024).

Affected Software/OS:
'libvncserver, x11vnc' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-15126
Debian Security Information: DSA-4383 (Google Search)
https://www.debian.org/security/2019/dsa-4383
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/
https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
https://usn.ubuntu.com/3877-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-15127
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/
https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html
RedHat Security Advisories: RHSA-2019:0059
https://access.redhat.com/errata/RHSA-2019:0059
https://usn.ubuntu.com/4547-1/
https://usn.ubuntu.com/4587-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-20019
https://security.gentoo.org/glsa/201908-05
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/
Common Vulnerability Exposure (CVE) ID: CVE-2018-20020
https://security.gentoo.org/glsa/202006-06
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html
https://usn.ubuntu.com/4547-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-20021
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-20022
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/
Common Vulnerability Exposure (CVE) ID: CVE-2018-20023
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
Common Vulnerability Exposure (CVE) ID: CVE-2018-20024
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference/
Common Vulnerability Exposure (CVE) ID: CVE-2018-6307
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.