18 matches found
EUVD-2019-6622
Malware in sbrugna...
EUVD-2025-27479
Malicious code in bioql PyPI...
EUVD-2025-10836
Malicious code in bioql PyPI...
CVE-2025-58435
Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version 3.1.2. The likelihood of exploitation is low as a user would need to share their link to an active desktop...
CVE-2025-58435
Open OnDemand is affected: versions prior to 3.1.15 and 4.0.7 fail to rotate the noVNC password when TurboVNC > 3.1.2. The underlying issue enables a user to hijack a session if they obtain a link to an active desktop and the other party is authenticated; impact is limited to authenticated use...
CVE-2025-58435 Open OnDemand didn't rotate password for VNC batch_connect
Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version 3.1.2. The likelihood of exploitation is low as a user would need to share their link to an active desktop...
PT-2025-36938
Name of the Vulnerable Software and Affected Versions: Open OnDemand versions prior to 3.1.15 Open OnDemand versions prior to 4.0.7 Description: Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password whe...
CVE-2019-15683
TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity...
TigerVNC accessible via the network and not just via a UNIX socket as intended
Summary jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having...
GHSA-VRQ4-9HC3-CGP7 TigerVNC accessible via the network and not just via a UNIX socket as intended
Summary jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having...
PT-2025-16172 · Unknown +2 · Jupyter-Remote-Desktop-Proxy +2
Name of the Vulnerable Software and Affected Versions: jupyter-remote-desktop-proxy versions 3.0.0 through 3.0.0 Description: The issue allows unauthorized network access to TigerVNC, risking system compromise, when jupyter-remote-desktop-proxy is used with TigerVNC. This vulnerability does not...
TurboVNC Fence Message Stack-based Buffer Overflow (CVE-2019-15683)
A stack-based buffer overflow exists in TurboVNC server. The vulnerability is due to improper handling Fence message and lack of stack frame protection. A remote attacker can exploit this vulnerability by sending malicious packets to the Server. Successful exploitation of this vulnerability could...
TurboVNC Stack Buffer Overflow Vulnerability
TurboVNC is a remote desktop server. A stack buffer overflow vulnerability exists in previous versions of TurboVNC commit cea98166008301e614e0d36776bf9435a536136e. The vulnerability stems from a network system or product performing operations in memory without properly validating data boundaries,...
CVE-2019-15683
TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity...
CVE-2019-15683
TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity...
Stack overflow
TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity...
CVE-2019-15683
TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity...
CVE-2019-15683
CVE-2019-15683 affects TurboVNC server. A stack-based buffer overflow exists in code prior to commit cea98166008301e614e0d36776bf9435a536136e, due to insufficient stack canary protection. The vulnerability can be exploited over the network and requires server authorization to trigger. Patches fix...