{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T12:24:08.424","vulnerabilities":[{"cve":{"id":"CVE-2019-15695","sourceIdentifier":"vulnerability@kaspersky.com","published":"2019-12-26T16:15:10.793","lastModified":"2024-11-21T04:29:16.647","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity."},{"lang":"es","value":"TigerVNC versión anterior a 1.10.1, es vulnerable al desbordamiento de búfer de pila, que podría ser activada desde la función CMsgReader::readSetCursor. Esta vulnerabilidad se presenta debido al saneamiento insuficiente de PixelFormat. Dado que el atacante remoto puede elegir el desplazamiento desde el arranque del búfer para comenzar a escribir sus valores, la explotación de esta vulnerabilidad podría resultar potencialmente en una ejecución de código remota. Este ataque parece ser explotable a través de la conectividad de red."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnerability@kaspersky.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-754"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.1","matchCriteriaId":"5DB31840-DC35-40A5-8126-FF5FDD81EAD7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html","source":"vulnerability@kaspersky.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89","source":"vulnerability@kaspersky.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1","source":"vulnerability@kaspersky.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2019/12/20/2","source":"vulnerability@kaspersky.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2019/12/20/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]}]}}]}