Filtered by vendor Cybelsoft
Subscriptions
Filtered by product Thinvnc
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25226 | 1 Cybelsoft | 1 Thinvnc | 2023-08-08 | 10.0 Critical |
| ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server. | ||||
| CVE-2019-17662 | 1 Cybelsoft | 1 Thinvnc | 2020-08-24 | 9.8 Critical |
| ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. | ||||
Page 1 of 1.