The RealVNC Server fails to properly authenticate clients.
This may allow a remote attacker to bypass authentication and gain access to the VNC server

The RealVNC Server fails to properly authenticate clients. When a RealVNC client connects to a RealVNC server, the server provides a list of supported authentication methods. By design, the client then selects a method from the list. Due to an implementation flaw, if the client specifies that no (null) authentication should be used, the server accepts this method and authenticates the client, whether or not null authentication was offered by the server.

Note that exploit code for this vulnerability is publicly available.

Easy-to-manage appliances allow Internet Service Providers to provide security protection and connectivity in a single solution
Check Point® Software Technologies Ltd., the worldwide leader in securing the Internet, today announced the availability of new Check Point "Safe @ Office 500/500W ADSL" appliances, providing complete network security and a choice of wired or wireless Internet connectivity in a single, all-in-one solution for small businesses worldwide.

Maximum Severity Rating: Critical

* A vulnerability exists in the Graphics Rendering Engine that could allow remote code execution.
* A vulnerability exists when viewing Embedded Web Fonts that could lead to remote code execution.
* A vulnerability exists in TNEF messages that could allow remote code execution.