Virtual Network Computing (VNC) is vulnerable to remote code execution (RCE). It can happen due to stack buffer overflow in CMsgReader::readSetCursor.
lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
access.redhat.com/errata/RHSA-2020:3875
access.redhat.com/security/updates/classification/#moderate
github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89
github.com/TigerVNC/tigervnc/releases/tag/v1.10.1
www.openwall.com/lists/oss-security/2019/12/20/2