CVE Vulnerabilities for TightVNC
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2023‑27830 | 2023‑04‑12 15:15:13 | CRITICAL (9) | TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account. | 2 | 6 | NETWORK |
| CVE‑2021‑42785 | 2021‑11‑23 22:15:08 | CRITICAL (10) | Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server. | 4 | 6 | NETWORK |
| CVE‑2019‑8287 | 2019‑10‑29 19:15:23 | CRITICAL (10) | TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. | 4 | 6 | NETWORK |
| CVE‑2019‑15680 | 2019‑10‑29 19:15:18 | HIGH (8) | TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. | 4 | 4 | NETWORK |
| CVE‑2019‑15679 | 2019‑10‑29 19:15:18 | CRITICAL (10) | TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. | 4 | 6 | NETWORK |
| CVE‑2019‑15678 | 2019‑10‑29 19:15:18 | CRITICAL (10) | TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. | 4 | 6 | NETWORK |
View OS-specific patching for:
Windows Mac Linux
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.