Pavel Cheremushkin

**Nome do software vulnerável e versões afetadas: Fibaro Home Center 2 e Lite, versões 4.540 e anteriores Descrição: A vulnerabilidade permite que um usuário autenticado execute comandos como usuário root devido a uma vulnerabilidade de injeção de comando. Recomendações: Para o Fibaro Home Center 2 e Lite versões 4.540 e anteriores, atualize para uma versão posterior à 4.540 para resolver o problema.

**Nome do software vulnerável e versões afetadas** Versões do Oracle VM VirtualBox anteriores à 5.2.44 Versões do Oracle VM VirtualBox anteriores à 6.0.24 Versões do Oracle VM VirtualBox anteriores à 6.1.12 **Descrição** O problema está relacionado à validação insuficiente de entradas no componente Core do Oracle VM VirtualBox. A exploração dessa vulnerabilidade pode permitir que um invasor comprometa a confidencialidade, integridade e disponibilidade de informações protegidas. Um ataque bem-sucedido pode resultar no controle do Oracle VM VirtualBox. A vulnerabilidade é difícil de explorar e requer um invasor com privilégios elevados e acesso de logon à infraestrutura onde o Oracle VM VirtualBox é executado. **Recomendações** Para versões anteriores à 5.2.44, atualize para a versão 5.2.44 ou posterior. Para versões anteriores à 6.0.24, atualize para a versão 6.0.24 ou posterior. Para versões anteriores à 6.1.12, atualize para a versão 6.1.12 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do Oracle VM VirtualBox anteriores à 5.2.40 Versões do Oracle VM VirtualBox anteriores à 6.0.20 Versões do Oracle VM VirtualBox anteriores à 6.1.6 **Descrição** O problema está relacionado a um controle de acesso insuficiente no componente Core do Oracle VM VirtualBox, permitindo que um invasor com privilégios limitados e acesso de logon à infraestrutura comprometa o Oracle VM VirtualBox. Ataques bem-sucedidos podem resultar na tomada de controle do Oracle VM VirtualBox. **Recomendações** Para versões anteriores à 5.2.40, atualize para a versão 5.2.40 ou posterior. Para versões anteriores à 6.0.20, atualize para a versão 6.0.20 ou posterior. Para versões anteriores à 6.1.6, atualize para a versão 6.1.6 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do Oracle VM VirtualBox anteriores à 5.2.40 Versões do Oracle VM VirtualBox anteriores à 6.0.20 Versões do Oracle VM VirtualBox anteriores à 6.1.6 **Descrição** O problema está relacionado a um controle de acesso insuficiente no componente Core do Oracle VM VirtualBox. Isso permite que um invasor com privilégios limitados e acesso de logon à infraestrutura onde o Oracle VM VirtualBox é executado comprometa o Oracle VM VirtualBox. Ataques bem-sucedidos podem resultar na capacidade não autorizada de causar um travamento ou falhas repetidas do Oracle VM VirtualBox, podendo afetar outros produtos. **Recomendações** Para versões anteriores à 5.2.40, atualize para a versão 5.2.40 ou posterior. Para versões anteriores à 6.0.20, atualize para a versão 6.0.20 ou posterior. Para versões anteriores à 6.1.6, atualize para a versão 6.1.6 ou posterior.

**Name of the Vulnerable Software and Affected Versions** LibVNCServer versions 0.9.12 and earlier **Description** The issue is related to a heap buffer overflow in the `HandleCursorShape()` function in `libvncclient/cursor.c`. This can be exploited by an attacker sending cursor shapes with specially crafted dimensions, potentially allowing remote code execution when connected to a malicious server. **Recommendations** For LibVNCServer versions 0.9.12 and earlier, consider disabling the `HandleCursorShape()` function until a patch is available to prevent potential remote code execution. Restrict access to the `libvncclient/cursor.c` module to minimize the risk of exploitation. Avoid using large cursor sizes when connected to untrusted servers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TigerVNC versions prior to 1.10.1 **Description** The issue is related to insufficient checking of unusual or exceptional states in the CMsgReader::readSetCursor function of the VNC TigerVNC software. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability occurs due to insufficient sanitization of `PixelFormat`. Exploitation could potentially result in remote code execution, as an attacker can choose the offset from the start of the buffer to start writing their values. This attack appears to be exploitable via network connectivity. **Recommendations** For versions prior to 1.10.1, update to version 1.10.1 or later to resolve the issue. As a temporary workaround, consider restricting network connectivity to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TigerVNC versions prior to 1.10.1 **Description** The issue is related to a buffer data boundary overflow in the DecodeManager::decodeRect function of the VNC TigerVNC software. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability occurs due to a sign error in processing MemOutStream and could potentially result in remote code execution via network connectivity. **Recommendations** For TigerVNC versions prior to 1.10.1, update to version 1.10.1 or later to resolve the issue. As a temporary workaround, consider restricting network connectivity to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TigerVNC versions prior to 1.10.1 **Description** The issue is related to a use-after-free error in the ZRLEDecoder of TigerVNC, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability occurs due to incorrect usage of stack memory in the ZRLEDecoder, potentially allowing remote code execution if the decoding routine throws an exception. This can be exploited via network connectivity. **Recommendations** For versions prior to 1.10.1, update to version 1.10.1 or later to resolve the issue. As a temporary workaround, consider restricting network connectivity to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TigerVNC versions prior to 1.10.1 **Description** The issue is related to a heap buffer overflow in the `TightDecoder::FilterGradient` function, which could potentially lead to remote code execution. This can be exploited via network connectivity, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For TigerVNC versions prior to 1.10.1, update to version 1.10.1 or later to resolve the issue. As a temporary workaround, consider restricting network connectivity to minimize the risk of exploitation.

**Nome do software vulnerável e versões afetadas** LibVNCServer versões 0.9.12 e anteriores **Descrição** O problema está relacionado a um estouro de inteiro e a um estouro de buffer baseado em heap no arquivo `libvncclient/cursor.c` do LibVNCServer. Isso pode ser desencadeado por um valor grande de altura ou largura na função `HandleCursorShape`. **Recomendações** Para as versões 0.9.12 e anteriores do LibVNCServer, como solução temporária, considere restringir os valores de entrada para altura e largura a fim de impedir que valores grandes sejam processados pela função `HandleCursorShape` até que um patch esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** TightVNC version 1.3.10 **Description** The issue is related to a heap buffer overflow in the `rfbServerCutText` handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. The vulnerability is associated with a buffer data boundary overflow, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For TightVNC version 1.3.10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TightVNC version 1.3.10 **Description** The issue is related to a global buffer overflow in the HandleCoRREBBP macro function. This can potentially result in code execution and is exploitable via network connectivity. The vulnerability is associated with a lack of mechanism for checking the size of copied data, which can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For TightVNC version 1.3.10, consider disabling the HandleCoRREBBP macro function as a temporary workaround until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TightVNC version 1.3.10 **Description** The issue is related to a null pointer dereference in the `HandleZlibBPP` function, which can result in a Denial of System (DoS). This can be exploited via network connectivity, potentially allowing a remote attacker to cause a service disruption. **Recommendations** For TightVNC version 1.3.10, consider disabling the `HandleZlibBPP` function as a temporary workaround until a patch is available. Restrict access to the network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TightVNC version 1.3.10 **Description** The issue is related to a heap buffer overflow in the InitialiseRFBConnection function, potentially allowing code execution. This can be exploited via network connectivity, and may enable a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For TightVNC version 1.3.10, consider disabling the InitialiseRFBConnection function as a temporary workaround until a patch is available. Restrict access to the network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TigerVNC versions prior to 1.10.1 **Description** The issue is related to a heap buffer overflow in the CopyRectDecoder of TigerVNC, caused by incorrect value checks. This could potentially lead to remote code execution when exploited. The attack is exploitable via network connectivity, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For TigerVNC versions prior to 1.10.1, update to version 1.10.1 or later to resolve the issue. As a temporary workaround, consider restricting network connectivity to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LibVNCServer versions prior to commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a **Description** The issue is related to a memory leak in the VNC server code, which can be exploited by an attacker to read stack memory and disclose information. This can be combined with another vulnerability to bypass ASLR. The attack is exploitable via network connectivity. **Recommendations** For versions prior to commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a, update to a version that includes the fix from commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a to resolve the issue. As a temporary workaround, consider restricting network connectivity to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LibVNC through 0.9.12 **Description** The issue is related to a heap out-of-bounds write vulnerability in the rfbserver.c component of the LibVNCServer library. This vulnerability can be exploited by a remote attacker to cause a denial of service and gain unauthorized access to sensitive data. **Recommendations** For LibVNC through 0.9.12, consider applying the necessary patches or fixes to address the incomplete fix for the issue. As a temporary workaround, restrict access to the vulnerable `rfbserver.c` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LibVNC versions prior to 0.9.12 **Description** The issue is related to a heap out-of-bounds write vulnerability in the rfbserver.c component of the LibVNCServer library. This vulnerability can be exploited by a remote attacker to cause a denial of service and gain unauthorized access to sensitive data. **Recommendations** For versions prior to 0.9.12, update to version 0.9.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** LibVNC versions prior to 0.9.12 **Description** The issue is related to multiple heap out-of-bounds write vulnerabilities in the `rfbproto.c` component of the LibVNC library. This could allow a remote attacker to cause a denial of service and gain unauthorized access to confidential data. The problem is associated with a buffer overflow in memory. **Recommendations** For LibVNC versions prior to 0.9.12, update to version 0.9.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the `rfbproto.c` component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** LibVNC versions prior to 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 **Description** The issue is related to improper initialization in the VNC client code, allowing an attacker to read stack memory. This can be abused for information disclosure. When combined with another weakness, it can leak the stack memory layout and potentially bypass Address Space Layout Randomization (ASLR). The vulnerability can be exploited by a remote attacker to disclose protected information. **Recommendations** For LibVNC versions prior to 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838, update to a version that includes the fix for the improper initialization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.