GHSA-25GX-X37C-7PPH OpenClaw's andbox browser noVNC observer lacked VNC authentication

The sandbox browser entrypoint launched x11vnc without authentication -nopw for noVNC observer sessions. OpenClaw-managed runtime flow publishes the noVNC port to host loopback only 127.0.0.1, so default exposure is local to the host unless operators explicitly expose the port more broadly or run...

EUVD-2008-5685

Malware in sbrugna...

EUVD-2014-7689

Malware in sbrugna...

EUVD-2015-0258

Malware in sbrugna...

EUVD-2002-0983

Malware in sbrugna...

EUVD-2015-9097

Malware in sbrugna...

CVE-2025-58435 Open OnDemand didn't rotate password for VNC batch_connect

Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version 3.1.2. The likelihood of exploitation is low as a user would need to share their link to an active desktop...

CVE-2025-58435 Open OnDemand didn't rotate password for VNC batch_connect

Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version 3.1.2. The likelihood of exploitation is low as a user would need to share their link to an active desktop...

Siemens SINUMERIK

SUMMARY Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...

CVE-2015-9254

Datto ALTO and SIRIS devices have a default VNC password...

Linux Distros Unpatched Vulnerability : CVE-2015-0236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIRDOMAINXMLSECURE flag with a crafted 1 snapshot to the...

SUSE CVE-2008-5714

Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended...

Modded-Ubuntu - Run Ubuntu GUI On Your Termux With Much Features

Run Ubuntu GUI on your termux with much features. Features Fixed Audio Output Lightweight Requires at least 4GB Storage Katoolin3 tool for installing kali tools 2 Browsers Chromium & Mozilla Firefox Supports Bangla Fonts VLC Media Player Visual Studio Code Easy for Beginners Installation First...

OS X Display Apple VNC Password

This module shows Apple VNC Password from Mac OS X High Sierra. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OS X Display Apple VNC Password', 'Description' = %q This module shows Apple VNC...

Default credentials

Datto ALTO and SIRIS devices have a default VNC password...

Virtuozzo 6 : libvzctl / parallels-kernel-modules / etc (VZA-2017-005)

According to the versions of the libvzctl / parallels-kernel-modules / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw found in the way prl-vzvncserver parsed terminal escape sequences that could allow a remote attacker...

Product update: Virtuozzo Automator 7 Update 1 Hotfix 1

The new packages for Virtuozzo Automator 7 introducing usability bug fixes for the management node. Vulnerability id: PVA-36679 Hardware nodes with VMs stayed offline after upgrading the management node from version 6 to 7. Vulnerability id: PVA-36677 The 'vaconfig' tool was not installed with...

UBUNTU-CVE-2013-1430

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file /.vnc/sesman$usernamepasswd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key...

DEBIAN-CVE-2013-1430

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file /.vnc/sesman$usernamepasswd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key...

Scientific Linux Security Update : libvirt on SL7.x x86_64 (20161103)

The following packages have been upgraded to a newer upstream version: libvirt 2.0.0. Security Fixes : - It was found that the libvirt daemon, when using RBD RADOS Block Device, leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged...