https://www.theregister.co.uk/2019/11/23/kaspersky_vnc_bugs/

VNC remote desktop software has no shortage of potentially serious memory-corruption vulnerabilities, you'll no doubt be shocked to hear.

This is all according to [PDF] a team at Kaspersky Lab, which has uncovered and reported more than three dozen CVE-listed security holes, some allowing for remote code execution.