{"containers": {"cna": {"affected": [{"product": "TightVNC", "vendor": "Kaspersky", "versions": [{"status": "affected", "version": "1.3.10"}]}], "descriptions": [{"lang": "en", "value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-09T16:18:32", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"}, {"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "ID": "CVE-2019-15679", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TightVNC", "version": {"version_data": [{"version_value": "1.3.10"}]}}]}, "vendor_name": "Kaspersky"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", "refsource": "MLIST", "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"}, {"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:56:22.416Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"}, {"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"}]}]}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2019-15679", "datePublished": "2019-10-29T16:45:04", "dateReserved": "2019-08-27T00:00:00", "dateUpdated": "2024-08-05T00:56:22.416Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "37E2BF43-0B3B-4BDD-B145-62E7333F4A93", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."}, {"lang": "es", "value": "El c\u00f3digo de TightVNC versi\u00f3n 1.3.10, contiene un desbordamiento del b\u00fafer de la pila en la funci\u00f3n InitialiseRFBConnection, lo que puede resultar potencialmente en una ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable por medio de la conectividad de red."}], "id": "CVE-2019-15679", "lastModified": "2024-11-21T04:29:14.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-29T19:15:17.953", "references": [{"source": "vulnerability@kaspersky.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"}, {"source": "vulnerability@kaspersky.com", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"}, {"source": "vulnerability@kaspersky.com", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"}, {"source": "vulnerability@kaspersky.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "vulnerability@kaspersky.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}