The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1252-1 advisory.

    - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is     sent to the client. (bsc#1260871)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3231 advisory.

    In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen     contents, or cause an application crash, because of incorrect permissions. (CVE-2026-34352)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10739 advisory.

    Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop     environment not only on the machine where it is running, but from anywhere on the Internet and from a wide     variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

    Security Fix(es):

    * xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map     handling (CVE-2026-33999)

    * xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory     corruption (CVE-2026-34001)

    * xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory     access (CVE-2026-34003)

    * TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of     service via incorrect permissions (CVE-2026-34352)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1302-1 advisory.

    - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is     sent to the client. (bsc#1260871)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen     contents, or cause an application crash, because of incorrect permissions. (CVE-2026-34352)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10739 advisory.

    * xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map     handling (CVE-2026-33999)

    * xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory     corruption (CVE-2026-34001)

    * xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory     access (CVE-2026-34003)

    * TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of     service via incorrect permissions (CVE-2026-34352)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20465-1 advisory.

    - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is     sent to the client. (bsc#1260871)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1537 advisory.

    In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen     contents, or cause an application crash, because of incorrect permissions. (CVE-2026-34352)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1301-1 advisory.

    - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is     sent to the client. (bsc#1260871)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1303-1 advisory.

    - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is     sent to the client. (bsc#1260871)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1360-1 advisory.

    - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is     sent to the client. (bsc#1260871)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-10739 advisory.

    - Fix CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002,       CVE-2026-34003 xorg-x11-server: various XKB and XSYNC vulnerabilities       Resolves: RHEL-163212       Resolves: RHEL-163280       Resolves: RHEL-163266

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
305987	SUSE SLES15 / openSUSE 15 Security Update : tigervnc (SUSE-SU-2026:1252-1)	Nessus	SuSE Local Security Checks	4/11/2026	4/11/2026	critical
306286	Amazon Linux 2 : tigervnc, --advisory ALAS2-2026-3231 (ALAS-2026-3231)	Nessus	Amazon Linux Local Security Checks	4/14/2026	4/14/2026	critical
310410	RHEL 9 : tigervnc (RHSA-2026:10739)	Nessus	Red Hat Local Security Checks	4/27/2026	4/27/2026	critical
306483	SUSE SLES15 Security Update : tigervnc (SUSE-SU-2026:1302-1)	Nessus	SuSE Local Security Checks	4/15/2026	4/15/2026	critical
303993	Linux Distros Unpatched Vulnerability : CVE-2026-34352	Nessus	Misc.	3/27/2026	4/27/2026	critical
310566	RockyLinux 9 : tigervnc (RLSA-2026:10739)	Nessus	Rocky Linux Local Security Checks	4/28/2026	4/28/2026	critical
305835	openSUSE 16 Security Update : tigervnc (openSUSE-SU-2026:20465-1)	Nessus	SuSE Local Security Checks	4/10/2026	4/10/2026	critical
306204	Amazon Linux 2023 : tigervnc, tigervnc-icons, tigervnc-license (ALAS2023-2026-1537)	Nessus	Amazon Linux Local Security Checks	4/13/2026	4/13/2026	critical
306498	SUSE SLES12 Security Update : tigervnc (SUSE-SU-2026:1301-1)	Nessus	SuSE Local Security Checks	4/15/2026	4/15/2026	critical
306499	SUSE SLES15 Security Update : tigervnc (SUSE-SU-2026:1303-1)	Nessus	SuSE Local Security Checks	4/15/2026	4/15/2026	critical
306688	SUSE SLED15 / SLES15 Security Update : tigervnc (SUSE-SU-2026:1360-1)	Nessus	SuSE Local Security Checks	4/16/2026	4/16/2026	critical
310546	Oracle Linux 9 : tigervnc (ELSA-2026-10739)	Nessus	Oracle Linux Local Security Checks	4/27/2026	4/27/2026	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical