GCVE - cpe:2.3:a:kaspersky_lab:ultravnc:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kaspersky_lab:ultravnc:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Kaspersky Lab (`b5f4462b-8575-5828-a714-cab051c30fb5`)
Product	Ultravnc (`4b0e00fe-8885-576e-b66c-ff6c3465a632`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-8280`	vulnerable	2026-06-03 14:40:47.419714	Details available UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-17T01:40:44.392Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06 https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8277`	vulnerable	2026-06-03 14:40:47.410625	Details available UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. Published: 2019-03-09T00:00:00.000Z Updated: 2024-08-04T21:17:30.165Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06 https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8276`	vulnerable	2026-06-03 14:40:47.410194	Details available UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-16T18:33:31.486Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8275`	vulnerable	2026-06-03 14:40:47.409662	Details available UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-17T03:12:37.776Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06 https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8274`	vulnerable	2026-06-03 14:40:47.409236	Details available UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-16T19:35:36.652Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-021-ultravnc-heap-based-buffer-overflow/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8273`	vulnerable	2026-06-03 14:40:47.408838	Details available UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-16T23:16:03.189Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8272`	vulnerable	2026-06-03 14:40:47.408426	Details available UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-16T16:43:07.206Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8271`	vulnerable	2026-06-03 14:40:47.408026	Details available UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-16T23:26:16.493Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8270`	vulnerable	2026-06-03 14:40:47.407685	Details available UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-16T16:34:02.833Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-017-ultravnc-out-of-bounds-read/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8269`	vulnerable	2026-06-03 14:40:47.407316	Details available UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-17T00:30:43.266Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8268`	vulnerable	2026-06-03 14:40:47.406849	Details available UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-17T01:16:16.319Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8267`	vulnerable	2026-06-03 14:40:47.406503	Details available UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-16T16:48:26.336Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-014-ultravnc-out-of-bounds-read/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8266`	vulnerable	2026-06-03 14:40:47.406189	Details available UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulnerabilities have been fixed in revision 1208. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-16T23:05:39.052Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-013-ultravnc-access-of-memory-location-after-end-of-buffer/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8265`	vulnerable	2026-06-03 14:40:47.405855	Details available UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-16T17:07:55.620Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-012-ultravnc-access-of-memory-location-after-end-of-buffer/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06 https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8264`	vulnerable	2026-06-03 14:40:47.405484	Details available UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. Published: 2019-03-09T00:00:00.000Z Updated: 2024-09-16T19:51:49.467Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-011-ultravnc-access-of-memory-location-after-end-of-buffer/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06 https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8263`	vulnerable	2026-06-03 14:40:47.404966	Details available UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206. Published: 2019-03-05T15:00:00.000Z Updated: 2024-09-16T23:56:07.697Z Open on db.gcve.eu Reference links https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/ https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/ https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-06 https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.