VYPR

ThinVNC

by ThinVNC

CVEs (2)

  • CVE-2019-17662CriOct 16, 2019
    risk 0.74cvss 9.8epss 0.97

    ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be…

  • CVE-2022-25226CriApr 18, 2022
    risk 0.66cvss 10.0epss 0.11

    ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse…