Vulnerabilities (CVE)

Filtered by vendor Cybelsoft Subscribe
Filtered by product Thinvnc
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25226 1 Cybelsoft 1 Thinvnc 2024-11-21 7.5 HIGH 10.0 CRITICAL
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.
CVE-2019-17662 1 Cybelsoft 1 Thinvnc 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.