Vulnerability-Lookup

CVE-2019-15681 (GCVE-0-2019-15681)

Vulnerability from cvelistv5 – Published: 2019-10-29 16:04 – Updated: 2024-08-05 00:56

Summary

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

Severity ?

No CVSS data available.

CWE

CWE-665 - Improper Initialization

Assigner

Kaspersky

References

URL

	Vendor	Product	Version
	Kaspersky	LibVNC	Affected: 0.9.12

CNVD-2019-41029

Vulnerability from cnvd - Published: 2019-11-18

Title

LibVNC内存泄露漏洞

Description

LibVNC是一个跨平台C库，使您能够在安全应用程序中轻松实现VNC服务器或客户端功能。 LibVNC d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a之前版本中的VNC服务器代码存在内存泄露漏洞。攻击者可利用该漏洞读取栈内存，从而可获取信息。

Severity

中

Patch Name

LibVNC内存泄露漏洞的补丁

Patch Description

LibVNC是一个跨平台C库，使您能够在安全应用程序中轻松实现VNC服务器或客户端功能。 LibVNC d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a之前版本中的VNC服务器代码存在内存泄露漏洞。攻击者可利用该漏洞读取栈内存，从而可获取信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-15681

Impacted products

Name
LibVNC LibVNC <d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-15681",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-15681"
    }
  },
  "description": "LibVNC\u662f\u4e00\u4e2a\u8de8\u5e73\u53f0C\u5e93\uff0c\u4f7f\u60a8\u80fd\u591f\u5728\u5b89\u5168\u5e94\u7528\u7a0b\u5e8f\u4e2d\u8f7b\u677e\u5b9e\u73b0VNC\u670d\u52a1\u5668\u6216\u5ba2\u6237\u7aef\u529f\u80fd\u3002\n\nLibVNC d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a\u4e4b\u524d\u7248\u672c\u4e2d\u7684VNC\u670d\u52a1\u5668\u4ee3\u7801\u5b58\u5728\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6808\u5185\u5b58\uff0c\u4ece\u800c\u53ef\u83b7\u53d6\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41029",
  "openTime": "2019-11-18",
  "patchDescription": "LibVNC\u662f\u4e00\u4e2a\u8de8\u5e73\u53f0C\u5e93\uff0c\u4f7f\u60a8\u80fd\u591f\u5728\u5b89\u5168\u5e94\u7528\u7a0b\u5e8f\u4e2d\u8f7b\u677e\u5b9e\u73b0VNC\u670d\u52a1\u5668\u6216\u5ba2\u6237\u7aef\u529f\u80fd\u3002\r\n\r\nLibVNC d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a\u4e4b\u524d\u7248\u672c\u4e2d\u7684VNC\u670d\u52a1\u5668\u4ee3\u7801\u5b58\u5728\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6808\u5185\u5b58\uff0c\u4ece\u800c\u53ef\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "LibVNC\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "LibVNC LibVNC \u003cd01e1bb4246323ba6fcee3b82ef1faa9b1dac82a"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-15681",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-30",
  "title": "LibVNC\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2019-15681

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:29

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
vulnerability@kaspersky.com	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html	Mailing List, Third Party Advisory
vulnerability@kaspersky.com	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html	Mailing List, Third Party Advisory
vulnerability@kaspersky.com	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Third Party Advisory
vulnerability@kaspersky.com	https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a	Patch, Third Party Advisory
vulnerability@kaspersky.com	https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html	Mailing List, Third Party Advisory
vulnerability@kaspersky.com	https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Mailing List, Third Party Advisory
vulnerability@kaspersky.com	https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html	Mailing List, Third Party Advisory
vulnerability@kaspersky.com	https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html	Mailing List, Third Party Advisory
vulnerability@kaspersky.com	https://usn.ubuntu.com/4407-1/	Third Party Advisory
vulnerability@kaspersky.com	https://usn.ubuntu.com/4547-1/	Third Party Advisory
vulnerability@kaspersky.com	https://usn.ubuntu.com/4573-1/	Third Party Advisory
vulnerability@kaspersky.com	https://usn.ubuntu.com/4587-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4407-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4547-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4573-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4587-1/	Third Party Advisory

Impacted products

Vendor	Product	Version
libvnc_project	libvncserver	*
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
debian	debian_linux	8.0
debian	debian_linux	9.0
siemens	simatic_itc1500_firmware	*
siemens	simatic_itc1500	-
siemens	simatic_itc1500_pro_firmware	*
siemens	simatic_itc1500_pro	-
siemens	simatic_itc1900_firmware	*
siemens	simatic_itc1900	-
siemens	simatic_itc1900_pro_firmware	*
siemens	simatic_itc1900_pro	-
siemens	simatic_itc2200_firmware	*
siemens	simatic_itc2200	-
siemens	simatic_itc2200_pro_firmware	*
siemens	simatic_itc2200_pro	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEF1BF44-78B8-44E3-9A5A-29AB8111322B",
              "versionEndExcluding": "0.9.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A664216-EEA0-423F-8E11-59C746FDEEFE",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9596C8CD-B03F-4E9D-82AB-0986FDD1B47C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD78291E-48D8-4718-AE14-BDF93BD557D7",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BB898D3-07A3-42A1-8F1B-53C3B005982D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1209DE-2724-493D-8276-1BE959BFE6BF",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A9143A6-A93A-45CA-8A1F-6EE30647B54A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92F7FC17-F19F-4BD6-9704-49B67D22B532",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D34BD13-4E71-48A2-851D-AE7CE2A03C28",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4A6F13-385B-4A13-B8D8-3BBC4E9D5B67",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E63E423-7450-4043-B33B-3FFF5BBE1CB2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A51CA4-1A62-47BC-99A3-4DC9F3986FF5",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD278558-AB0E-4FC1-9E5B-6B57D29CB86A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a."
    },
    {
      "lang": "es",
      "value": "LibVNC en el commit anterior a d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a, contiene una p\u00e9rdida de memoria (CWE-655) en el c\u00f3digo del servidor VNC, lo que permite a un atacante leer la memoria de la pila y puede ser abusada para la divulgaci\u00f3n de informaci\u00f3n. Combinada con otra vulnerabilidad, puede ser usada para filtrar la memoria de la pila y omitir el ASLR. Este ataque parece ser explotable por medio de la conectividad de la red. Estas vulnerabilidades han sido corregidas en el commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a."
    }
  ],
  "id": "CVE-2019-15681",
  "lastModified": "2024-11-21T04:29:15.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:18.127",
  "references": [
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4407-1/"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4547-1/"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4573-1/"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4587-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4407-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4547-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4573-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4587-1/"
    }
  ],
  "sourceIdentifier": "vulnerability@kaspersky.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-665"
        }
      ],
      "source": "vulnerability@kaspersky.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-665"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-15681

Vulnerability from fstec - Published: 29.10.2019

Title

Уязвимость кроссплатформенной библиотеки LibVNCServer, связанная с неосвобождением ресурса после истечения действительного срока его эксплуатирования, позволяющая нарушителю получить несанкционированный доступ к информации

Description

Уязвимость кроссплатформенной библиотеки LibVNCServer связана с неосвобождением ресурса после истечения действительного срока его эксплуатирования. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., АО «Концерн ВНИИНС»

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), OpenSUSE Leap, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), LibVNCServer, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 2.12 «Орёл» (Astra Linux Common Edition), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), до 0.9.9+dfsg2-6.1+deb8u7 (LibVNCServer), 1.7 (Astra Linux Special Edition), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для libvncserver: Обновление программного обеспечения до 0.9.9+dfsg2-6.1+deb8u7 или более поздней версии Для Debian: Обновление программного обеспечения (пакета libvncserver) до0.9.9+dfsg2-6.1+deb8u7 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета libvncserver) до 0.9.9+dfsg2-6.1+deb8u7 или более поздней версии Использование рекомендаций производителя: https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html Для Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17 Для ОС ОН «Стрелец»: Обновление программного обеспечения libvncserver до версии 0.9.11+dfsg-1.3~deb9u6

Reference

https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a https://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html https://nvd.nist.gov/vuln/detail/CVE-2019-15681 https://security-tracker.debian.org/tracker/CVE-2019-15681 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-665, CWE-772

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u0434\u043e 0.9.9+dfsg2-6.1+deb8u7 (LibVNCServer), 1.7 (Astra Linux Special Edition), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f libvncserver:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 0.9.9+dfsg2-6.1+deb8u7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 libvncserver) \u0434\u043e0.9.9+dfsg2-6.1+deb8u7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 libvncserver) \u0434\u043e 0.9.9+dfsg2-6.1+deb8u7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libvncserver \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 0.9.11+dfsg-1.3~deb9u6",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.10.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.06.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02922",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-15681",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), OpenSUSE Leap, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), LibVNCServer, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f LibVNCServer \u0434\u043e 0.9.9+dfsg2-6.1+deb8u7 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 LibVNCServer, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u043f\u043e\u0441\u043b\u0435 \u0438\u0441\u0442\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u0440\u043e\u043a\u0430 \u0435\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u0430\u044f \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f (CWE-665), \u041d\u0435\u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u043f\u043e\u0441\u043b\u0435 \u0438\u0441\u0442\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u0440\u043e\u043a\u0430 \u0435\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f (CWE-772)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 LibVNCServer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u043f\u043e\u0441\u043b\u0435 \u0438\u0441\u0442\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u0440\u043e\u043a\u0430 \u0435\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a\nhttps://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15681\nhttps://security-tracker.debian.org/tracker/CVE-2019-15681\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-665, CWE-772",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

GSD-2019-15681

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-15681

Aliases

CVE-2019-15681

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-15681",
    "description": "LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.",
    "id": "GSD-2019-15681",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-15681.html",
      "https://ubuntu.com/security/CVE-2019-15681",
      "https://advisories.mageia.org/CVE-2019-15681.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-15681"
      ],
      "details": "LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.",
      "id": "GSD-2019-15681",
      "modified": "2023-12-13T01:23:38.908742Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vulnerability@kaspersky.com",
        "ID": "CVE-2019-15681",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "LibVNC",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "0.9.12"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Kaspersky"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-665: Improper Initialization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a",
            "refsource": "MISC",
            "url": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a"
          },
          {
            "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1977-1] libvncserver security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html"
          },
          {
            "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
          },
          {
            "name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
          },
          {
            "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
          },
          {
            "name": "openSUSE-SU-2020:0624",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html"
          },
          {
            "name": "USN-4407-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4407-1/"
          },
          {
            "name": "openSUSE-SU-2020:1071",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html"
          },
          {
            "name": "USN-4547-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4547-1/"
          },
          {
            "name": "USN-4573-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4573-1/"
          },
          {
            "name": "USN-4587-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4587-1/"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnerability@kaspersky.com",
          "ID": "CVE-2019-15681"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-665"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1977-1] libvncserver security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
            },
            {
              "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
            },
            {
              "name": "openSUSE-SU-2020:0624",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html"
            },
            {
              "name": "USN-4407-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4407-1/"
            },
            {
              "name": "openSUSE-SU-2020:1071",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html"
            },
            {
              "name": "USN-4547-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4547-1/"
            },
            {
              "name": "USN-4573-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4573-1/"
            },
            {
              "name": "USN-4587-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-04-05T21:10Z",
      "publishedDate": "2019-10-29T19:15Z"
    }
  }
}

CERTFR-2021-AVI-949

Vulnerability from certfr_avis - Published: 2021-12-15 - Updated: 2021-12-15

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Teamcenter Active Workspace versions 5.2.x antérieures à 5.2.3
Siemens	N/A	JTTK versions antérieures à 11.0.3.0
Siemens	N/A	SiPass integrated versions antérieures à 2.76
Siemens	N/A	SINUMERIK Edge versions antérieures à 3.2
Siemens	N/A	SIMATIC ITC2200 V3 PRO versions antérieures à 3.2.1.0
Siemens	N/A	SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) versions antérieures à 21.00 SP3
Siemens	N/A	Siveillance Identity V5 versions antérieures à 1.6.284, ou sans le correctif de sécurité SP5
Siemens	N/A	Desigo PXC00-U toutes versions postérieures à 2.3
Siemens	N/A	SIMATIC ITC1900 V3 versions antérieures à 3.2.1.0
Siemens	N/A	JT2Go versions antérieures à 13.2.0.5
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) versions antérieures à 2.41
Siemens	N/A	Desigo PXC22.1-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC001-E.D toutes versions postérieures à 2.3
Siemens	N/A	JTTK versions antérieures à 10.8.1.1
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) versions antérieures à 2.41
Siemens	N/A	APOGEE MEC (PPC) (BACnet) toutes versions
Siemens	N/A	Siveillance Identity V1.6 versions antérieures à 1.6.284.0
Siemens	N/A	APOGEE PXC Compact (P2 Ethernet) toutes versions
Siemens	N/A	JTTK versions antérieures à 11.1.1.0
Siemens	N/A	JT Utilities versions antérieures à 12.8.1.1
Siemens	N/A	Desigo PXC50-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC200-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC36.1-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC00-E.D toutes versions postérieures à 2.3
Siemens	N/A	SiPass integrated versions antérieures à 2.80
Siemens	N/A	APOGEE PXC Modular (BACnet) toutes versions
Siemens	N/A	Teamcenter Visualization versions antérieures à 13.2.0.5
Siemens	N/A	Desigo PXC22-E.D toutes versions postérieures à 2.3
Siemens	N/A	Simcenter STAR-CCM+ Viewer versions antérieures à 2021.3.1
Siemens	N/A	Teamcenter Active Workspace versions 5.1.x antérieures à 5.1.6
Siemens	N/A	Capital VSTAR toutes versions avec l'option Ethernet activée
Siemens	N/A	SiPass integrated versions antérieures à 2.85
Siemens	N/A	JT Utilities versions antérieures à 13.1.1.0
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions antérieures à 2.41
Siemens	N/A	Desigo PXC100-E.D toutes versions postérieures à 2.3
Siemens	N/A	ModelSim Simulation toutes versions
Siemens	N/A	APOGEE PXC Modular (P2 Ethernet) toutes versions
Siemens	N/A	SIMATIC ITC2200 V3 versions antérieures à 3.2.1.0
Siemens	N/A	Desigo PXC12-E.D toutes versions postérieures à 2.3
Siemens	N/A	Questa Simulation toutes versions
Siemens	N/A	JT Utilities versions antérieures à 13.0.3.0
Siemens	N/A	Teamcenter Active Workspace versions 5.0.x antérieures à 5.0.10
Siemens	N/A	Desigo PXC128-U toutes versions postérieures à 2.3
Siemens	N/A	APOGEE MEC (PPC) (P2 Ethernet) toutes versions
Siemens	N/A	SIMATIC ITC1900 V3 PRO versions antérieures à 3.2.1.0
Siemens	N/A	Teamcenter Active Workspace versions 4.3.x antérieures à V4.3.11
Siemens	N/A	APOGEE PXC Compact (BACnet) toutes versions
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions antérieures à 2.41
Siemens	N/A	APOGEE MBC (PPC) (P2 Ethernet) toutes versions
Siemens	N/A	APOGEE MBC (PPC) (BACnet) toutes versions
Siemens	N/A	SIMATIC ITC1500 V3 PRO versions antérieures à 3.2.1.0
Siemens	N/A	SIMATIC ITC1500 V3 versions antérieures à 3.2.1.0
Siemens	N/A	Desigo PXC64-U toutes versions postérieures à 2.3

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-620288 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-133772 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-199605 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-595101 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-496292 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-400332 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-463116 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-523250 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-352143 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-390195 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-396621 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-802578 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-160202 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-161331 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-114589 du 14 décembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Teamcenter Active Workspace versions 5.2.x ant\u00e9rieures \u00e0 5.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JTTK versions ant\u00e9rieures \u00e0 11.0.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.76",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Edge versions ant\u00e9rieures \u00e0 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) versions ant\u00e9rieures \u00e0 21.00 SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Identity V5 versions ant\u00e9rieures \u00e0 1.6.284, ou sans le correctif de s\u00e9curit\u00e9 SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC00-U toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 13.2.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC22.1-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC001-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JTTK versions ant\u00e9rieures \u00e0 10.8.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MEC (PPC) (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Identity V1.6 versions ant\u00e9rieures \u00e0 1.6.284.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JTTK versions ant\u00e9rieures \u00e0 11.1.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 12.8.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC50-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC200-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC36.1-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC00-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions ant\u00e9rieures \u00e0 13.2.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC22-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter STAR-CCM+ Viewer versions ant\u00e9rieures \u00e0 2021.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace versions 5.1.x ant\u00e9rieures \u00e0 5.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Capital VSTAR toutes versions avec l\u0027option Ethernet activ\u00e9e",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.85",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 13.1.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC100-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "ModelSim Simulation toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC12-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Questa Simulation toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 13.0.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace versions 5.0.x ant\u00e9rieures \u00e0 5.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC128-U toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MEC (PPC) (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace versions 4.3.x ant\u00e9rieures \u00e0 V4.3.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MBC (PPC) (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MBC (PPC) (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC64-U toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44443"
    },
    {
      "name": "CVE-2021-31881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31881"
    },
    {
      "name": "CVE-2021-44444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44444"
    },
    {
      "name": "CVE-2021-44009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44009"
    },
    {
      "name": "CVE-2021-31888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31888"
    },
    {
      "name": "CVE-2021-44447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44447"
    },
    {
      "name": "CVE-2018-20749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20749"
    },
    {
      "name": "CVE-2021-44013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44013"
    },
    {
      "name": "CVE-2021-31885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31885"
    },
    {
      "name": "CVE-2021-31887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31887"
    },
    {
      "name": "CVE-2019-15690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15690"
    },
    {
      "name": "CVE-2021-44012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44012"
    },
    {
      "name": "CVE-2020-14396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14396"
    },
    {
      "name": "CVE-2021-44001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44001"
    },
    {
      "name": "CVE-2020-14404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14404"
    },
    {
      "name": "CVE-2021-44430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44430"
    },
    {
      "name": "CVE-2021-44440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44440"
    },
    {
      "name": "CVE-2021-44432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44432"
    },
    {
      "name": "CVE-2021-44445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44445"
    },
    {
      "name": "CVE-2021-31884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31884"
    },
    {
      "name": "CVE-2021-44434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44434"
    },
    {
      "name": "CVE-2021-44449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44449"
    },
    {
      "name": "CVE-2019-15681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15681"
    },
    {
      "name": "CVE-2021-44435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44435"
    },
    {
      "name": "CVE-2021-42023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42023"
    },
    {
      "name": "CVE-2021-44442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44442"
    },
    {
      "name": "CVE-2021-44002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44002"
    },
    {
      "name": "CVE-2021-44014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44014"
    },
    {
      "name": "CVE-2021-44436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44436"
    },
    {
      "name": "CVE-2021-31882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31882"
    },
    {
      "name": "CVE-2021-44438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44438"
    },
    {
      "name": "CVE-2021-44006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44006"
    },
    {
      "name": "CVE-2021-41547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41547"
    },
    {
      "name": "CVE-2021-44008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44008"
    },
    {
      "name": "CVE-2021-44017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44017"
    },
    {
      "name": "CVE-2021-44441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44441"
    },
    {
      "name": "CVE-2021-44011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44011"
    },
    {
      "name": "CVE-2018-20748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20748"
    },
    {
      "name": "CVE-2019-20788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20788"
    },
    {
      "name": "CVE-2021-44446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44446"
    },
    {
      "name": "CVE-2021-44010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44010"
    },
    {
      "name": "CVE-2021-44522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44522"
    },
    {
      "name": "CVE-2021-44448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44448"
    },
    {
      "name": "CVE-2021-44523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44523"
    },
    {
      "name": "CVE-2019-20840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20840"
    },
    {
      "name": "CVE-2021-31346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
    },
    {
      "name": "CVE-2018-20750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20750"
    },
    {
      "name": "CVE-2021-42022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42022"
    },
    {
      "name": "CVE-2021-44433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44433"
    },
    {
      "name": "CVE-2021-44004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44004"
    },
    {
      "name": "CVE-2017-18922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18922"
    },
    {
      "name": "CVE-2021-44524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44524"
    },
    {
      "name": "CVE-2021-44003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44003"
    },
    {
      "name": "CVE-2021-44007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44007"
    },
    {
      "name": "CVE-2021-42024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42024"
    },
    {
      "name": "CVE-2019-20839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20839"
    },
    {
      "name": "CVE-2021-44431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44431"
    },
    {
      "name": "CVE-2021-31889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
    },
    {
      "name": "CVE-2021-44005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44005"
    },
    {
      "name": "CVE-2020-14402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14402"
    },
    {
      "name": "CVE-2020-14397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14397"
    },
    {
      "name": "CVE-2021-31883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31883"
    },
    {
      "name": "CVE-2020-14398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14398"
    },
    {
      "name": "CVE-2020-14403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14403"
    },
    {
      "name": "CVE-2021-44439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44439"
    },
    {
      "name": "CVE-2021-44015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44015"
    },
    {
      "name": "CVE-2021-44437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44437"
    },
    {
      "name": "CVE-2021-31886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31886"
    },
    {
      "name": "CVE-2021-44450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44450"
    },
    {
      "name": "CVE-2021-42027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42027"
    },
    {
      "name": "CVE-2021-31890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
    },
    {
      "name": "CVE-2020-14405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14405"
    },
    {
      "name": "CVE-2021-31345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31345"
    },
    {
      "name": "CVE-2018-20019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20019"
    },
    {
      "name": "CVE-2018-15127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15127"
    },
    {
      "name": "CVE-2018-21247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-21247"
    },
    {
      "name": "CVE-2021-44165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44165"
    },
    {
      "name": "CVE-2021-31344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
    },
    {
      "name": "CVE-2020-14401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14401"
    }
  ],
  "initial_release_date": "2021-12-15T00:00:00",
  "last_revision_date": "2021-12-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-949",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-620288 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-133772 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-133772.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-199605 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-595101 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-496292 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-496292.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-400332 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-400332.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-463116 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-523250 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523250.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-352143 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-390195 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-396621 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-802578 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-160202 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-161331 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-161331.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-114589 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
    }
  ]
}

GHSA-GG2P-M82F-FGJG

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-15681"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-29T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.",
  "id": "GHSA-gg2p-m82f-fgjg",
  "modified": "2022-05-24T17:00:02Z",
  "published": "2022-05-24T17:00:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15681"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4407-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4547-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4573-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4587-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-15681 (GCVE-0-2019-15681)

CNVD-2019-41029

FKIE_CVE-2019-15681

CVE-2019-15681

GSD-2019-15681

CERTFR-2021-AVI-949

Solution

GHSA-GG2P-M82F-FGJG

Tags

Sightings

Nomenclature