Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-47251 | 1 M-privacy | 2 Mprivacy-tools, Tightgatevnc | 2024-11-21 | N/A | 6.5 MEDIUM |
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem. | |||||
CVE-2023-47250 | 1 M-privacy | 3 Mprivacy-tools, Rsbac-policy-tgpro, Tightgatevnc | 2024-11-21 | N/A | 8.8 HIGH |
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack. |