Suggestions search

All statuses

Filter by:

With package: gnomeExtensions.gnordvpn-local

Found 2 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2019-25572

6.2 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 4 hours ago

NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.

References

Official Product Homepage product
Product Reference product
VulnCheck Advisory: NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow third-party-advisory
ExploitDB-46343 exploit

Affected products

NordVPN

==6.19.6

Matching in nixpkgs

pkgs.gnomeExtensions.gnordvpn-local

A Gnome extension that shows the NordVPN status in the top bar and provides the ability to configure certain aspects of the connection.

nixos-unstable 31
- nixpkgs-unstable 31
- nixos-unstable-small 31
nixos-25.11 30
- nixos-25.11-small 30
- nixpkgs-25.11-darwin 30

pkgs.gnomeExtensions.nordvpn-quick-toggle

GNOME extension that shows a quick toggle to connect/disconnect NordVPN.

nixos-unstable 13
- nixpkgs-unstable 13
- nixos-unstable-small 13
nixos-25.11 13
- nixos-25.11-small 13
- nixpkgs-25.11-darwin 13

Package maintainers

@honnip Jung seungwoo <me@honnip.page>

Untriaged

Permalink CVE-2020-36992

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 month, 3 weeks ago

Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path

Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permissions.