uvnc CVE Vulnerabilities & Metrics

Focus on uvnc vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About uvnc Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with uvnc. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total uvnc CVEs: 23
Earliest CVE date: 05 Mar 2019, 15:29 UTC
Latest CVE date: 10 Mar 2022, 21:15 UTC

Latest CVE reference: CVE-2022-24750

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical uvnc CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.7

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	7
7.0-8.9	16
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS uvnc CVEs

These are the five CVEs with the highest CVSS scores for uvnc, sorted by severity first and recency.

CVE-2019-8280 uvnc Published on 08 Mar 2019, 23:29 UTC (CVSS: 7.5)
UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.
CVE-2019-8275 uvnc Published on 08 Mar 2019, 23:29 UTC (CVSS: 7.5)
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
CVE-2019-8274 uvnc Published on 08 Mar 2019, 23:29 UTC (CVSS: 7.5)
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
CVE-2019-8273 uvnc Published on 08 Mar 2019, 23:29 UTC (CVSS: 7.5)
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
CVE-2019-8272 uvnc Published on 08 Mar 2019, 23:29 UTC (CVSS: 7.5)
UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

All CVEs for uvnc

CVE-2022-24750 uvnc vulnerability CVSS: 7.2 10 Mar 2022, 21:15 UTC

UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.1. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if winvnc needs to be started as a service.

CVE-2019-8280 uvnc vulnerability CVSS: 7.5 08 Mar 2019, 23:29 UTC

UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.

CVE-2019-8277 uvnc vulnerability CVSS: 5.0 08 Mar 2019, 23:29 UTC

UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

CVE-2019-8276 uvnc vulnerability CVSS: 5.0 08 Mar 2019, 23:29 UTC

UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVE-2019-8275 uvnc vulnerability CVSS: 7.5 08 Mar 2019, 23:29 UTC

UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

CVE-2019-8274 uvnc vulnerability CVSS: 7.5 08 Mar 2019, 23:29 UTC

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVE-2019-8273 uvnc vulnerability CVSS: 7.5 08 Mar 2019, 23:29 UTC

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVE-2019-8272 uvnc vulnerability CVSS: 7.5 08 Mar 2019, 23:29 UTC

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

CVE-2019-8271 uvnc vulnerability CVSS: 7.5 08 Mar 2019, 23:29 UTC

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVE-2019-8270 uvnc vulnerability CVSS: 5.0 08 Mar 2019, 23:29 UTC

UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211.

CVE-2019-8269 uvnc vulnerability CVSS: 5.0 08 Mar 2019, 23:29 UTC

UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207.

CVE-2019-8268 uvnc vulnerability CVSS: 7.5 08 Mar 2019, 23:29 UTC

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.

CVE-2019-8267 uvnc vulnerability CVSS: 5.0 08 Mar 2019, 23:29 UTC

UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208.

CVE-2019-8266 uvnc vulnerability CVSS: 7.5 08 Mar 2019, 23:29 UTC

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulnerabilities have been fixed in revision 1208.

CVE-2019-8265 uvnc vulnerability CVSS: 7.5 08 Mar 2019, 23:29 UTC

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208.

CVE-2019-8264 uvnc vulnerability CVSS: 7.5 08 Mar 2019, 23:29 UTC

UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.

CVE-2019-8263 uvnc vulnerability CVSS: 4.3 05 Mar 2019, 15:29 UTC

UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206.

CVE-2019-8262 uvnc vulnerability CVSS: 7.5 05 Mar 2019, 15:29 UTC

UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.

CVE-2019-8261 uvnc vulnerability CVSS: 7.5 05 Mar 2019, 15:29 UTC

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200.

CVE-2019-8260 uvnc vulnerability CVSS: 7.5 05 Mar 2019, 15:29 UTC

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200.

CVE-2019-8259 uvnc vulnerability CVSS: 5.0 05 Mar 2019, 15:29 UTC

UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.

CVE-2019-8258 uvnc vulnerability CVSS: 7.5 05 Mar 2019, 15:29 UTC

UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.

CVE-2018-15361 uvnc vulnerability CVSS: 7.5 05 Mar 2019, 15:29 UTC

UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.