Linux Distros Unpatched Vulnerability : CVE-2017-18635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages...

Updated novnc package fixes a security vulnerability

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. CVE-2017-18635...

Ubuntu 16.04 LTS : noVNC vulnerability (USN-4522-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4522-1 advisory. It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An...

CVE-2017-18635

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name...

CVE-2017-18635

CVE-2017-18635 describes an XSS in noVNC before 0.6.2 where a remote VNC server can inject arbitrary HTML into the noVNC page via status field messages (e.g., server name). Connected advisories confirm affected packages across multiple distros (Debian, Ubuntu, Mageia, Red Hat-related advisories) ...

CVE-2014-8241

XRegion in TigerVNC allows remote VNC servers to cause a denial of service NULL pointer dereference by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052...