Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vnc vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2017-4933
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x prior to 12.5.8), and Fusion (8.x prior to 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Succes...
Vmware Workstation Pro
Vmware Workstation Pro 14.0
Vmware Workstation Pro 14.1.0
Vmware Esxi 6.5
Vmware Fusion
NA
CVE-2023-47251
In mprivacy-tools prior to 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool dir...
M-privacy Mprivacy-tools
M-privacy Tightgatevnc
7.2
CVSSv2
CVE-2014-7872
Comodo GeekBuddy prior to 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.
Comodo Geekbuddy
1 EDB exploit
6
CVSSv2
CVE-2015-3252
Apache CloudStack prior to 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote malicious users to gain access by connecting to the VNC server.
Apache Cloudstack
4.4
CVSSv2
CVE-2011-1773
virt-v2v prior to 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.
Matthew Booth Virt-v2v 0.6.0
Matthew Booth Virt-v2v 0.5.4
Matthew Booth Virt-v2v 0.5.3
Matthew Booth Virt-v2v 0.5.2
Matthew Booth Virt-v2v 0.8.2
Matthew Booth Virt-v2v 0.8.1
Matthew Booth Virt-v2v 0.8.0
Matthew Booth Virt-v2v 0.7.1
Matthew Booth Virt-v2v 0.4.0
Matthew Booth Virt-v2v 0.3.2
Matthew Booth Virt-v2v 0.3.0
Matthew Booth Virt-v2v 0.2.0
Matthew Booth Virt-v2v 0.1.0
Matthew Booth Virt-v2v 0.6.3
Matthew Booth Virt-v2v 0.6.1
Matthew Booth Virt-v2v 0.5.1
Matthew Booth Virt-v2v 0.4.10
Matthew Booth Virt-v2v
Matthew Booth Virt-v2v 0.7.0
Matthew Booth Virt-v2v 0.6.2
Matthew Booth Virt-v2v 0.5.0
Matthew Booth Virt-v2v 0.4.9
4.6
CVSSv2
CVE-2002-0971
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
Tridia Tridiavnc 1.5.1
Tridia Tridiavnc 1.5.2
Att Winvnc Server 3.3.3 R7
Tridia Tridiavnc 1.5.4
Att Winvnc Server
Tightvnc Tightvnc 1.2.0
Tightvnc Tightvnc 1.2.1
Tightvnc Tightvnc 1.2.5
Tridia Tridiavnc 1.5
NA
CVE-2023-3255
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is ...
Qemu Qemu
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 38
NA
CVE-2023-6683
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. ...
Qemu Qemu
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
4.3
CVSSv2
CVE-2012-0681
Apple Remote Desktop prior to 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote malicious users to obtain cleartext VNC session content by sniffing the network.
Apple Apple Remote Desktop 3.5.3
Apple Apple Remote Desktop 3.5.2
Apple Apple Remote Desktop 3.6.0
4.3
CVSSv2
CVE-2017-18635
An XSS vulnerability exists in noVNC prior to 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
Novnc Novnc
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Redhat Openstack 13
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »