154 matches found
CVE-2020-37134
CVE-2020-37134 affects UltraVNC Viewer 1.2.4.0. The vulnerability is a denial-of-service triggered by pasting a malformed 256-byte payload into the VNC Server connection dialog, which crashes the application. The available connected documents corroborate the affected software and the method to re...
EVE's Debug Functions Unlockable Without Triggering Measured Boot
Impact On boot, Pillar checks for /config/GlobalConfig/global.json and overrides system configuration if present. This allows enabling debug functions like SSH debug.enable.ssh, USB keyboard debug.enable.usb, and VNC access app.allow.vnc without triggering the measured boot. Thus, a user with...
MiracleLinux 3 : vnc-4.1.2-9.6AXS3 (AXSA:2009-21:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-21:01 advisory. Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running...
MiracleLinux 3 : vnc-4.1.2-14.1.0.1.AXS3 (AXSA:2010-240:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-240:01 advisory. Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is runnin...
MiracleLinux 4 : tigervnc-1.0.90-0.15.20110314svn4359.AXS4.1 (AXSA:2011-641:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-641:01 advisory. Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is runnin...
[SECURITY] Fedora 42 Update: tigervnc-1.15.0-10.fc42
Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you ...
[SECURITY] Fedora 43 Update: tigervnc-1.15.0-10.fc43
Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you ...
Important: qemu
Issue Overview: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client wi...
Linux Distros Unpatched Vulnerability : CVE-2025-11234
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callba...
Qemu-kvm: vnc websocket handshake use-after-free
...
EUVD-2019-10452
Malware in sbrugna...
EUVD-2025-32237
Malicious code in bioql PyPI...
EUVD-2025-24245
Malicious code in bioql PyPI...
CVE-2025-11234
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...
CVE-2025-11234 Qemu-kvm: vnc websocket handshake use-after-free
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...
New Android Banking Trojan "Klopatra" Uses Hidden VNC to Control Infected Smartphones
A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan RAT in late August 2025, sa...
CVE-2025-58435 Open OnDemand didn't rotate password for VNC batch_connect
Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version 3.1.2. The likelihood of exploitation is low as a user would need to share their link to an active desktop...
Linux Distros Unpatched Vulnerability : CVE-2018-1000875
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutabl...
CVE-2025-40743
A vulnerability has been identified in SINUMERIK 828D PPU.4 All versions V4.95 SP5, SINUMERIK 828D PPU.5 All versions V5.25 SP1, SINUMERIK 840D sl All versions V4.95 SP5, SINUMERIK MC All versions V1.25 SP1, SINUMERIK MC V1.15 All versions V1.15 SP5, SINUMERIK ONE All versions V6.25 SP1, SINUMERI...
CVE-2025-25248
An Integer Overflow or Wraparound vulnerability CWE-190 in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and...