Marco Schillinger

**Name of the Vulnerable Software and Affected Versions** mprivacy-tools versions prior to 2.0.406g **Description** The issue allows authenticated attackers with access to a VNC session to bypass access control on X11 server sockets. By specifying the `DISPLAY ID` of other users, attackers can gain complete control of their desktop. This control includes the ability to inject keystrokes, which can be used to perform keylogging attacks. **Recommendations** For versions prior to 2.0.406g, update to version 2.0.406g or later to resolve the issue. As a temporary workaround, consider restricting access to the X11 server sockets to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mprivacy-tools versions prior to 2.0.406g **Description** A Directory Traversal issue in the print function of the VNC service allows authenticated attackers with access to a VNC session to transfer malicious PDF documents. This is done by moving the documents into the .spool directory and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem. **Recommendations** For versions prior to 2.0.406g, update to version 2.0.406g or later to resolve the issue. As a temporary workaround, consider restricting access to the VNC service or disabling the print function to minimize the risk of exploitation.