Tobias Junghans

9 exploits Active since Jun 2020
CVE-2020-15261 WRITEUP HIGH WRITEUP
Veyon Service <4.4.2 - Privilege Escalation
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
CVSS 8.0
CVE-2020-14397 WRITEUP HIGH WRITEUP
LibVNCServer < 0.9.13 - NULL Pointer Dereference in rfbregion.c
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
CVSS 7.5
CVE-2020-14398 WRITEUP HIGH WRITEUP
LibVNCServer < 0.9.13 - Denial of Service via Infinite Loop in TCP Connection Handling
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
CVSS 7.5
CVE-2020-14399 WRITEUP HIGH WRITEUP
LibVNCServer <0.9.13 - Buffer Overflow
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.
CVSS 7.5
CVE-2020-14400 WRITEUP HIGH WRITEUP
LibVNCServer <0.9.13 - Info Disclosure
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary
CVSS 7.5
CVE-2020-14401 WRITEUP MEDIUM WRITEUP
libvncserver < 0.9.13 - Integer Overflow in Pixel Value Calculation
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
CVSS 6.5
CVE-2020-14402 WRITEUP MEDIUM WRITEUP
LibVNCServer < 0.9.13 - Out-of-bounds Write via Encodings
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
CVSS 5.4
CVE-2020-14403 WRITEUP MEDIUM WRITEUP
LibVNCServer < 0.9.13 - Out-of-bounds Write via Hextile Encoding
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
CVSS 5.4
CVE-2020-14404 WRITEUP MEDIUM WRITEUP
libvncserver < 0.9.13 - Out-of-bounds Write in RRE Encoding
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
CVSS 5.4