MidnightBSD

Advisories for kanaka

CVE-2013-7436 MEDIUM

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
kanaka novnc 0.4
CVE-2024-35410

wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.

Products Affected

Vendor Product Version
kanaka wac 2019-10-01
CVE-2024-35418

wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.

Products Affected

Vendor Product Version
kanaka wac 2019-10-01
CVE-2024-35419

wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
kanaka wac 2019-10-01
CVE-2024-35420

wac commit 385e1 was discovered to contain a heap overflow.

Products Affected

Vendor Product Version
kanaka wac 2019-10-01