GHSA-CXCW-JM67-3WWP Duplicate Advisory: OpenClaw's andbox browser noVNC observer lacked VNC authentication

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-25gx-x37c-7pph. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC...

CVE-2026-32064

OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact wi...

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.21 contained a security vulnerability related to access control. This vulnerability stemmed from the fact that the XaaS browser’s entry point did not perform authentication when...

PT-2026-26741

OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact wi...

OpenClaw's andbox browser noVNC observer lacked VNC authentication

The sandbox browser entrypoint launched x11vnc without authentication -nopw for noVNC observer sessions. OpenClaw-managed runtime flow publishes the noVNC port to host loopback only 127.0.0.1, so default exposure is local to the host unless operators explicitly expose the port more broadly or run...

EUVD-2020-21456

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-29074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scan.c in x11vnc 0.9.16 uses IPCCREAT|0777 in shmget calls, which allows access by actors other than the current user. CVE-2020-29074 Note that Nessus relies on...

FreeBSD : x11vnc -- access to shared memory segments (305ceb2c-9df8-11ef-a660-d85ed309193e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 305ceb2c-9df8-11ef-a660-d85ed309193e advisory. [email protected] reports: scan.c in x11vnc 0.9.16 uses IPCCREAT|0777 in shmget calls, which allows access ...

SUSE CVE-2020-29074

scan.c in x11vnc 0.9.16 uses IPCCREAT|0777 in shmget calls, which allows access by actors other than the current user...

Mageia: Security Advisory (MGASA-2019-0037)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0361)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2020-0454)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for x11vnc (FEDORA-2021-069c0c3950)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: x11vnc-0.9.16-6.fc34

What WinVNC is to Windows x11vnc is to X Window System, i.e. a server which serves the current X Window System desktop via RFB VNC protocol to the us er. Based on the ideas of x0rfbserver and on LibVNCServer it has evolved into a versatile and productive while still easy to use program...

[SECURITY] Fedora 33 Update: x11vnc-0.9.16-5.fc33

What WinVNC is to Windows x11vnc is to X Window System, i.e. a server which serves the current X Window System desktop via RFB VNC protocol to the us er. Based on the ideas of x0rfbserver and on LibVNCServer it has evolved into a versatile and productive while still easy to use program...

[SECURITY] Fedora 32 Update: x11vnc-0.9.16-3.fc32

What WinVNC is to Windows x11vnc is to X Window System, i.e. a server which serves the current X Window System desktop via RFB VNC protocol to the us er. Based on the ideas of x0rfbserver and on LibVNCServer it has evolved into a versatile and productive while still easy to use program...

Fedora 33 : x11vnc (2021-93911302d6)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-93911302d6 advisory. - scan.c in x11vnc 0.9.16 uses IPCCREAT|0777 in shmget calls, which allows access by actors other than the current user. CVE-2020-29074 Note that...

Fedora: Security Advisory for x11vnc (FEDORA-2021-c5b679877e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for x11vnc (FEDORA-2021-93911302d6)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 32 : x11vnc (2021-c5b679877e)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-c5b679877e advisory. - scan.c in x11vnc 0.9.16 uses IPCCREAT|0777 in shmget calls, which allows access by actors other than the current user. CVE-2020-29074 Note that...