6 matches found
Mageia: Security Advisory (MGASA-2020-0374)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated novnc package fixes a security vulnerability
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. CVE-2017-18635...
USN-4522-1 novnc vulnerability
It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting XSS attacks. CVE-2017-18635...
Ubuntu 16.04 LTS : noVNC vulnerability (USN-4522-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4522-1 advisory. It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An...
Moderate: Red Hat Security Advisory: novnc security update
An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 13.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2017-18635
CVE-2017-18635 describes an XSS in noVNC before 0.6.2 where a remote VNC server can inject arbitrary HTML into the noVNC page via status field messages (e.g., server name). Connected advisories confirm affected packages across multiple distros (Debian, Ubuntu, Mageia, Red Hat-related advisories) ...