This affects RealVNC VNC Server versions 5.0.6 – 6.8.0 and the issue has been fixed in VNC Server 6.9.0. RealVNC VNC Server has a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local users to escalate user privileges on Linux and potentially macOS. Internally identified (No remote threat, local access required) This affects RealVNC VNC Server versions 5.1.0 - 6.9.0 on Windows and the issue is fixed in VNC Server 6.9.1. CVE-2022-27502 (No remote threat, local access required)Ī vulnerability was discovered in RealVNC VNC Server installations on Windows when running MSI repair, which can lead to a local user privilege escalation. This affects RealVNC VNC Server versions 5.1.0 - 6.10.1 and RealVNC VNC Viewer 5.1.0 - 6.22.515 on Windows and the issue is fixed in VNC Server 6.11 and VNC Viewer 6.22.826.
CVE-2022-41975(No remote threat, local access required)Ī vulnerability was discovered in RealVNC VNC Server installations on Windows when running MSI repair, which can lead to a local user privilege escalation in certain specific circumstances.
We recommend customers run the latest versions of VNC Viewer and VNC Server, available from, to maximise the security of their RealVNC deployment.īelow is a complete list of security issues which have affected RealVNC software. RealVNC takes pride in our security position and believes in full transparency regarding the security of our software.
0 kommentar(er)
