Details of VAR-202006-1845

ID

VAR-202006-1845

CVE

CVE-2017-18922

TITLE

LibVNCServer Vulnerability regarding lack of entropy in

Trust: 0.8

sources: JVNDB: JVNDB-2017-015072

DESCRIPTION

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. LibVNCServer Is vulnerable to lack of entropy.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. 8) - aarch64, ppc64le, x86_64 3. ========================================================================== Ubuntu Security Notice USN-4407-1 July 01, 2020 libvncserver vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in LibVNCServer. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2019-15680) It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681) It was discovered that LibVNCServer incorrectly handled cursor shape updates. If a user were tricked in to connecting to a malicious server, an attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2017-18922) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libvncclient1 0.9.12+dfsg-9ubuntu0.1 libvncserver1 0.9.12+dfsg-9ubuntu0.1 Ubuntu 19.10: libvncclient1 0.9.11+dfsg-1.3ubuntu0.1 libvncserver1 0.9.11+dfsg-1.3ubuntu0.1 Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.2 libvncserver1 0.9.11+dfsg-1ubuntu1.2 Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.4 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.4 After a standard system update you need to restart LibVNCServer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: libvncserver security update Advisory ID: RHSA-2020:3281-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3281 Issue date: 2020-08-03 CVE Names: CVE-2017-18922 ==================================================================== 1. Summary: An update for libvncserver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: websocket decoding buffer overflow (CVE-2017-18922) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1852356 - CVE-2017-18922 libvncserver: websocket decoding buffer overflow 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libvncserver-0.9.9-14.el7_8.1.src.rpm x86_64: libvncserver-0.9.9-14.el7_8.1.i686.rpm libvncserver-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-devel-0.9.9-14.el7_8.1.i686.rpm libvncserver-devel-0.9.9-14.el7_8.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libvncserver-0.9.9-14.el7_8.1.src.rpm ppc64le: libvncserver-0.9.9-14.el7_8.1.ppc64le.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.ppc64le.rpm x86_64: libvncserver-0.9.9-14.el7_8.1.i686.rpm libvncserver-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: libvncserver-debuginfo-0.9.9-14.el7_8.1.ppc64le.rpm libvncserver-devel-0.9.9-14.el7_8.1.ppc64le.rpm x86_64: libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-devel-0.9.9-14.el7_8.1.i686.rpm libvncserver-devel-0.9.9-14.el7_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libvncserver-0.9.9-14.el7_8.1.src.rpm x86_64: libvncserver-0.9.9-14.el7_8.1.i686.rpm libvncserver-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-devel-0.9.9-14.el7_8.1.i686.rpm libvncserver-devel-0.9.9-14.el7_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-18922 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXygVLdzjgjWX9erEAQjn5BAAmrE0XEfwDvLUYWQkFeamAij8uUnf12Z4 fJQmIn0PlNFlNJXtSChiqf0EKTk6cAuaGF+g2FBX1AeTDxqRmTZpvR8YFyw1GK0h OjScrrLyU4F0q+kgGS3S39bpBydUGaUefw+rB/Slg6NNT2+EEKHo6pogYrsJE7hP LlrrfTIGnfS3NOZj/co4Kx1MWG2EswZ0gJXlho4o7ZPuPZOWLLv3tqzoVl86UEhG XJtN1lWzW0jy/QRsN88/MWC+RXAEyTja37CHX+l+Se+RdN3G0BqoNEflnNxXtSZR 1b+0VWFhqV/R3djpB7c/geCV5OW1n9InMvmdkcnXIbfA8WIUNbNGxcEAHX7SsZ1C yPsu9CrEef5ZuXycTyeLNam6wYwZiaTOkNuui3yAzmyvZOkyPZHhCYgzI31Xy7Jy OkCgxVebn0sxxle6aq3lm3g1c09Fw7eLgKFE2WJnUElWSql1peD2WaAcXFFkhgNI M3drMJzvG0B0aR+qvtIQARnsKlkMxrgaVXRa3S3ZGlFigTwao2CSI/2xHEvx0QfT tw2oTKLjboVuwBwnEj2MltXKSvSnHKSExF5Y0EnIJnZRg1XzPGavnAwjVk1k3uSg yT9Db8jds1GXsWoVyqfflp5qUhIpfrtA50pagzIIGyqE9zjiyW+S8+YZdMwXtYa8 qgB/RwEdM5k=1gVa -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - ppc64le, x86_64 3

Trust: 2.16

sources: NVD: CVE-2017-18922 // JVNDB: JVNDB-2017-015072 // VULMON: CVE-2017-18922 // PACKETSTORM: 159024 // PACKETSTORM: 158809 // PACKETSTORM: 158281 // PACKETSTORM: 158725 // PACKETSTORM: 158880

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic itc2200	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	libvncserver	model:	libvncserver	scope:	lt	version:	0.9.12	Trust: 1.0
vendor:	siemens	model:	simatic itc2200	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.2	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	20.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	libvnc	model:	libvncserver	scope:	eq	version:	0.9.12	Trust: 0.8
vendor:	opensuse	model:	leap	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2017-015072 // NVD: CVE-2017-18922

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18922
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2017-015072
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202006-1844
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2017-18922
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-18922
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2017-015072
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2017-18922
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2017-015072
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2017-18922 // JVNDB: JVNDB-2017-015072 // CNNVD: CNNVD-202006-1844 // NVD: CVE-2017-18922

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2017-015072 // NVD: CVE-2017-18922

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1844

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1844

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-015072

PATCH

title:	FEDORA-2020-37112ac660	url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/	Trust: 0.8
title:	fix overflow and refactor websockets decode (Hybi)	url:	https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433	Trust: 0.8
title:	openSUSE-SU-2020:0960-1	url:	https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html	Trust: 0.8
title:	openSUSE-SU-2020:0978-1	url:	https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.html	Trust: 0.8
title:	openSUSE-SU-2020:0988-1	url:	https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html	Trust: 0.8
title:	openSUSE-SU-2020:1025-1	url:	https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html	Trust: 0.8
title:	openSUSE-SU-2020:1056-1	url:	https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html	Trust: 0.8
title:	USN-4407-1	url:	https://ubuntu.com/security/notices/USN-4407-1	Trust: 0.8
title:	LibVNCServer Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122803	Trust: 0.6
title:	Red Hat: Important: libvncserver security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203588 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: libvncserver security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203385 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: libvncserver security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203281 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: libvncserver security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203456 - Security Advisory	Trust: 0.1

sources: VULMON: CVE-2017-18922 // JVNDB: JVNDB-2017-015072 // CNNVD: CNNVD-202006-1844

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18922	Trust: 3.0
db:	OPENWALL	id:	OSS-SECURITY/2020/06/30/2	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2020/06/30/3	Trust: 1.7
db:	SIEMENS	id:	SSA-390195	Trust: 1.6
db:	JVNDB	id:	JVNDB-2017-015072	Trust: 0.8
db:	PACKETSTORM	id:	159024	Trust: 0.7
db:	PACKETSTORM	id:	158809	Trust: 0.7
db:	PACKETSTORM	id:	158281	Trust: 0.7
db:	PACKETSTORM	id:	158725	Trust: 0.7
db:	PACKETSTORM	id:	158880	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2831	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2727	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2657	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2469	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2746	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3000	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-350-12	Trust: 0.6
db:	CS-HELP	id:	SB2021121649	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1844	Trust: 0.6
db:	VULMON	id:	CVE-2017-18922	Trust: 0.1

sources: VULMON: CVE-2017-18922 // JVNDB: JVNDB-2017-015072 // PACKETSTORM: 159024 // PACKETSTORM: 158809 // PACKETSTORM: 158281 // PACKETSTORM: 158725 // PACKETSTORM: 158880 // CNNVD: CNNVD-202006-1844 // NVD: CVE-2017-18922

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18922	Trust: 1.9
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2020/06/30/3	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1852356	Trust: 1.7
url:	https://github.com/libvnc/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433	Trust: 1.7
url:	https://usn.ubuntu.com/4407-1/	Trust: 1.7
url:	https://www.openwall.com/lists/oss-security/2020/06/30/2	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Trust: 1.6
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4f6fuh4efk4nap6gt4tqrtbkwirczliy/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nvp7tjvyjdxdfrhvq3enen3h354qpxez/	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18922	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4f6fuh4efk4nap6gt4tqrtbkwirczliy/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nvp7tjvyjdxdfrhvq3enen3h354qpxez/	Trust: 0.7
url:	https://packetstormsecurity.com/files/158880/red-hat-security-advisory-2020-3456-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/158725/red-hat-security-advisory-2020-3281-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2469/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158809/red-hat-security-advisory-2020-3385-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2831/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2657/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2746/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159024/red-hat-security-advisory-2020-3588-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2727/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/libvncserver-buffer-overflow-via-websockets-c-32696	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121649	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-350-12	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3000/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158281/ubuntu-security-notice-usn-4407-1.html	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2017-18922	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://access.redhat.com/errata/rhsa-2020:3588	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/184357	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3385	Trust: 0.1
url:	https://usn.ubuntu.com/4407-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15681	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15680	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.3ubuntu0.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20788	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3281	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3456	Trust: 0.1

CREDITS

Red Hat

Trust: 1.0

sources: PACKETSTORM: 159024 // PACKETSTORM: 158809 // PACKETSTORM: 158725 // PACKETSTORM: 158880 // CNNVD: CNNVD-202006-1844

SOURCES

db:	VULMON	id:	CVE-2017-18922
db:	JVNDB	id:	JVNDB-2017-015072
db:	PACKETSTORM	id:	159024
db:	PACKETSTORM	id:	158809
db:	PACKETSTORM	id:	158281
db:	PACKETSTORM	id:	158725
db:	PACKETSTORM	id:	158880
db:	CNNVD	id:	CNNVD-202006-1844
db:	NVD	id:	CVE-2017-18922

LAST UPDATE DATE

2024-11-23T20:31:20.075000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2017-18922	date:	2020-07-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-015072	date:	2020-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202006-1844	date:	2021-12-17T00:00:00
db:	NVD	id:	CVE-2017-18922	date:	2024-11-21T03:21:16.067

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2017-18922	date:	2020-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-015072	date:	2020-08-07T00:00:00
db:	PACKETSTORM	id:	159024	date:	2020-09-01T15:38:29
db:	PACKETSTORM	id:	158809	date:	2020-08-10T14:27:27
db:	PACKETSTORM	id:	158281	date:	2020-07-02T15:43:16
db:	PACKETSTORM	id:	158725	date:	2020-08-03T17:15:01
db:	PACKETSTORM	id:	158880	date:	2020-08-17T15:35:31
db:	CNNVD	id:	CNNVD-202006-1844	date:	2020-06-30T00:00:00
db:	NVD	id:	CVE-2017-18922	date:	2020-06-30T11:15:10.380