Lucene search
+L

2118 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU’s built-in VNC server during the processing of ClientCutText messages. The qemuclipboardrequest function can be accessed before vncservercuttextcaps is called, which gives a malicious authenticated VNC client the opportunity to initialize the clipboard peer. This...

6.5CVSS6.7AI score0.01261EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU-built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections exceeds a certain threshold. If it does, QEMU terminates the previous connection. However, if the previous connection is still in the handshake...

7.5CVSS6.7AI score0.01606EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in libvncserver

A divide by zero issue was detected in libvncserver-0.9.12. A malicious client could exploit this flaw to send a specially crafted message. When this message is processed by the VNC server, it will cause a floating-point exception, resulting in a denial of service...

7.5CVSS7.5AI score0.01613EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU-built-in VNC server during the processing of ClientCutText messages. A incorrect exit condition may lead to an infinite loop when inflating a zlib buffer controlled by an attacker in the inflatebuffer function. This could allow a remotely authenticated client, wh...

6.5CVSS6.8AI score0.01891EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 10:4 p.m.11 views

Important: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS5.8AI score0.00489EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 1:45 p.m.20 views

qemu-kvm: VNC WebSocket handshake use-after-free

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

7.5CVSS7AI score0.00783EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/19 1:45 p.m.228 views

Moderate: Red Hat Security Advisory: qemu-kvm security update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS7AI score0.00783EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/05/19 12:1 p.m.12 views

CVE-2026-42859

A flaw was found in neatvnc, a VNC server library. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted handshake with an oversized client RSA public key. This action causes a pre-authentication stack buffer overflow, leading to a denial of service due to a...

9.3CVSS5.9AI score0.0055EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 12:0 a.m.14 views

ALSA-2026:18772 Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: qemu-kvm: VNC WebSocket handshake use-after-free CVE-2025-11234 For more...

7.5CVSS7.1AI score0.00783EPSS
Exploits0References4
OSV
OSV
added 2026/05/19 12:0 a.m.4 views

ALSA-2026:19342 Important: tigervnc security update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

9.8CVSS5.9AI score0.00489EPSS
Exploits0References12
AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.26 views

Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: qemu-kvm: VNC WebSocket handshake use-after-free CVE-2025-11234 For more...

7.5CVSS7.1AI score0.00783EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-42859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An...

9.3CVSS6.3AI score0.0055EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.8 views

SUSE CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS6AI score0.0055EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 6:16 p.m.17 views

CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS0.0055EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 6:16 p.m.6 views

DEBIAN-CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS6AI score0.0055EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 6:16 p.m.8 views

UBUNTU-CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS6AI score0.0055EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/11 5:36 p.m.37 views

CVE-2026-42859 Neat VNC: Buffer overflow due to oversized RSA public keys

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS0.0055EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:36 p.m.11 views

CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS6AI score0.0055EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/11 5:36 p.m.4 views

CVE-2026-42859 Neat VNC: Buffer overflow due to oversized RSA public keys

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS6.2AI score0.0055EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/11 5:36 p.m.12 views

CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS6AI score0.0055EPSS
Exploits0
Rows per page
Query Builder