Cybelsoft Thinvnc vulnerabilities
2 known vulnerabilities affecting cybelsoft/thinvnc.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2019-17662P1CRITICALCVSS 9.8PoCv1.02019-10-16
CVE-2019-17662 [CRITICAL] CWE-22 CVE-2019-17662: ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. T
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
nvd
CVE-2022-25226P1CRITICALCVSS 10.0PoCv1.0v1.0b12022-04-18
CVE-2022-25226 [CRITICAL] CVE-2022-25226: ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http:
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.
nvd