Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: novnc

Found 2 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2024-2182
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 11 months, 4 weeks ago
Ovn: insufficient validation of bfd packets may lead to denial of service

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.

References

Affected products

ovn
  • ==24.03.1
  • ==23.09.3
  • ==23.03.3
  • *
  • ==22.03.7
  • ==23.06.3
ovn2.11
ovn2.12
ovn2.13
ovn-2021
  • *
ovn22.03
  • *
ovn22.06
ovn22.09
ovn22.12
  • *
ovn23.03
  • *
ovn23.06
  • *
ovn23.09
  • *

Matching in nixpkgs

pkgs.novnc

VNC client web application

pkgs.turbovnc

High-speed version of VNC derived from TightVNC

pkgs.nanovna-saver

A tool for reading, displaying and saving data from the NanoVNA

Package maintainers

Untriaged
Permalink CVE-2025-0650
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 year, 1 month ago
Ovn: egress acls may be bypassed via specially crafted udp packet

A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.

References

Affected products

ovn
  • ==24.03.5
  • ==22.03.8
  • ==24.09.2
ovn2.11
ovn2.12
ovn2.13
ovn-2021
ovn22.03
  • *
ovn22.06
  • *
ovn22.09
  • *
ovn22.12
  • *
ovn23.03
  • *
ovn23.06
  • *
ovn23.09
  • *
ovn24.03
  • *
ovn24.09
  • *

Matching in nixpkgs

pkgs.novnc

VNC client web application

pkgs.turbovnc

High-speed version of VNC derived from TightVNC

pkgs.nanovna-saver

A tool for reading, displaying and saving data from the NanoVNA

Package maintainers