RHEL 9 : tigervnc (RHSA-2026:20575)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20575 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

CVE-2026-7251

Eppendorf BioFlo 320 uses a VNC server with a hard-coded password, allowing a remote attacker to gain full control of the user interface if the device address is known and remote access is enabled. VNC traffic is unencrypted, enabling interception or eavesdropping. Documents consistently describe...

TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions

A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service DoS...

CVE-2026-42859

A flaw was found in neatvnc, a VNC server library. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted handshake with an oversized client RSA public key. This action causes a pre-authentication stack buffer overflow, leading to a denial of service due to a...

RHEL 8 : tigervnc (RHSA-2026:13414)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13414 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU-built-in VNC server during the processing of ClientCutText messages. A incorrect exit condition may lead to an infinite loop when inflating a zlib buffer controlled by an attacker in the inflatebuffer function. This could allow a remotely authenticated client, wh...

Astra Linux - уязвимость в libvncserver

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU’s built-in VNC server during the processing of ClientCutText messages. The qemuclipboardrequest function can be accessed before vncservercuttextcaps is called, which gives a malicious authenticated VNC client the opportunity to initialize the clipboard peer. This...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU-built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections exceeds a certain threshold. If it does, QEMU terminates the previous connection. However, if the previous connection is still in the handshake...

Medium: libvncserver

Issue Overview: LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking i...

CVE-2019-25600

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect t...

CVE-2019-25600 UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect t...

CVE-2019-25600

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect t...

CVE-2020-37134

UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash...

EUVD-2020-31034

UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash...

CVE-2020-37134

UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash...

PT-2026-6578

Name of the Vulnerable Software and Affected Versions UltraVNC Viewer version 1.2.4.0 Description The software contains a denial of service issue that allows attackers to crash the application. Attackers can create a 256-byte malformed payload and paste it into the VNC Server connection dialog,...

MiracleLinux 4 : vino-2.28.1-8.AXS4 (AXSA:2013-86:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2013-86:01 advisory. Vino is a VNC server for GNOME. It allows remote users to connect to a running GNOME session using VNC. Security issues fixed with this release:...

CVE-2022-27502

RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM...

EUVD-2006-4297

Malware in sbrugna...