Lucene search
K

2099 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-44040

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

6.5CVSS0.00221EPSS
Exploits0References2
CVE
CVE
added 6 days ago13 views

CVE-2026-7838

UltraVNC viewer up to 1.8.2.2 is affected by an integer overflow leading to a heap buffer overflow in the RFB failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte reasonLen field is used as reasonLen+1 in CheckBufferSize(); with unsigned 32-bit operands, reasonLen 0xFFFFFF...

8.8CVSS6.6AI score0.01152EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago10 views

CVE-2026-44040

UltraVNC

6.5CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-54488

Name of the Vulnerable Software and Affected Versions UltraVNC viewer versions prior to 1.8.2.3 Description An integer overflow exists in the RFB protocol failure-response parsing path within the vncviewer/ClientConnection.cpp file. The issue occurs when the 4-byte network-supplied reasonLen fiel...

8.8CVSS6.9AI score0.01152EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-54477

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description The software uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. Specifically, the vncRandomBytes function seeds libc rand using a combinati...

6.5CVSS6AI score0.00221EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-365 TigerVNC accessible via the network and not just via a UNIX socket as intended

Summary jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having...

9CVSS5.8AI score0.0087EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.5 views

RockyLinux 8 : tigervnc (RLSA-2026:28923)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:28923 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

7.8CVSS6.2AI score0.00165EPSS
Exploits0References19
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in libvncserver

A divide by zero issue was detected in libvncserver-0.9.12. A malicious client could exploit this flaw to send a specially crafted message. When this message is processed by the VNC server, it will cause a floating-point exception, resulting in a denial of service...

7.5CVSS7.5AI score0.01613EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU-built-in VNC server during the processing of ClientCutText messages. A incorrect exit condition may lead to an infinite loop when inflating a zlib buffer controlled by an attacker in the inflatebuffer function. This could allow a remotely authenticated client, wh...

6.5CVSS6.8AI score0.01891EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU’s built-in VNC server during the processing of ClientCutText messages. The qemuclipboardrequest function can be accessed before vncservercuttextcaps is called, which gives a malicious authenticated VNC client the opportunity to initialize the clipboard peer. This...

6.5CVSS6.7AI score0.01261EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU-built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections exceeds a certain threshold. If it does, QEMU terminates the previous connection. However, if the previous connection is still in the handshake...

7.5CVSS6.7AI score0.01606EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36803

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS6.2AI score0.00489EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 7:15 p.m.30 views

CVE-2026-52720 Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS0.00489EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49336

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A heap buffer overflow exists in the librfb RFB/VNC client component of GStreamer. The issue occurs because the rectangle bounds check validates the total area instead of individual...

8.8CVSS6.2AI score0.00489EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/08 2:7 a.m.45 views

TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions

A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service DoS...

9.8CVSS5.4AI score0.00247EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.22 views

RHEL 9 : qemu-kvm (RHSA-2026:22147)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22147 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...

7.5CVSS5.6AI score0.00783EPSS
Exploits0References5
OSV
OSV
added 2026/06/05 3:48 p.m.9 views

OESA-2026-2565 libvncserver security update

libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...

8.8CVSS5.7AI score0.00242EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/01 2:0 a.m.25 views

Low: Red Hat Security Advisory: qemu-kvm security update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

7.5CVSS5.8AI score0.00783EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 1:34 p.m.9 views

OESA-2026-2491 libvncserver security update

libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...

8.8CVSS5.9AI score0.00242EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/05/28 3:43 p.m.28 views

qemu-kvm security update

An update is available for qemu-kvm. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine KVM is a full virtualization solution for Linux...

7.5CVSS5.8AI score0.00783EPSS
Exploits0
Rows per page
Query Builder