threat
engine
.sh
Back
·
··:··
Home
/
Product
/
tigervnc
Product
tigervnc
30 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-34352
< 1.16.2
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an a
8.5
HIGH
CVE-2025-26601
all versions
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one aft
7.8
HIGH
CVE-2025-26600
all versions
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that dev
7.8
HIGH
CVE-2025-26599
all versions
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot
7.8
HIGH
CVE-2025-26598
all versions
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based
7.8
HIGH
CVE-2025-26597
all versions
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key
7.8
HIGH
CVE-2025-26596
all versions
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is writt
7.8
HIGH
CVE-2025-26595
all versions
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack
7.8
HIGH
CVE-2025-26594
all versions
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a cl
7.8
HIGH
CVE-2024-0409
< 1.13.1
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It u
7.8
HIGH
CVE-2024-0408
< 1.13.1
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabe
5.5
MEDIUM
CVE-2023-6478
all versions
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an
7.6
HIGH
CVE-2023-6377
all versions
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in o
7.8
HIGH
CVE-2020-26117
< 1.11.0
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They st
8.1
HIGH
CVE-2014-0011
< 1.3.1
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG
9.8
CRITICAL
CVE-2019-15695
< 1.10.1
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor.
7.2
HIGH
CVE-2019-15694
< 1.10.1
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. V
7.2
HIGH
CVE-2019-15693
< 1.10.1
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation
7.2
HIGH
CVE-2019-15692
< 1.10.1
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due
7.2
HIGH
CVE-2019-15691
< 1.10.1
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in Z
7.2
HIGH
CVE-2017-7396
all versions
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the serve
7.5
HIGH
CVE-2017-7395
all versions
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can cras
6.5
MEDIUM
CVE-2017-7394
all versions
In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long user
7.5
HIGH
CVE-2017-7393
all versions
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to deni
8.8
HIGH
CVE-2017-7392
all versions
In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory
7.5
HIGH
CVE-2017-5581
<= 1.7
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrar
9.8
CRITICAL
CVE-2016-10207
all versions
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating
7.5
HIGH
CVE-2014-8241
all versions
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to che
9.8
CRITICAL
CVE-2014-8240
all versions
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code vi
CVE-2011-1775
all versions
The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not prop
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin