Hi uvnc Team & users,
last month there was found some UltraVNC Server vulnerabilities by Kaspersky.,
The Kaspersky advisory is not always clear and consistent.
Example:
The CVE-2019-8277 describes CWE 655 as a cause. CWE 655 means Insufficient Psychological Acceptability.
or
The affected product is before 1.2.2.3 but the
Vendor mitigation is 1212. That’s a conflict.
Additionally the several ratings are strange. For example the scope change rating.
The UltraVNC Server CVEs are:
CVE-2019-8277, CVE-2019-8276, CVE-2019-8275, CVE-2019-8274, CVE-2019-8273, CVE-2019-8272, CVE-2019-8271:
A statement of the manufacturer would be very helpfully.
Best Regards
Chris