Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dimissed after initial triaging. Restore to select a suggestion for a revision. CVE-2024-45769 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @LeSuisse dismissed 2 weeks, 1 day ago Pcp: pmcd heap corruption through metric pmstore operations A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. pcp * pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-24.05 0.4.0 nixos-24.05-small 0.4.0 nixos-24.11 0.4.0 nixos-24.11-small 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.ncmpcpp A featureful ncurses based MPD client inspired by ncmpc nixos-24.05 0.9.2 nixos-24.05-small 0.9.2 nixos-24.11 0.10 nixos-24.11-small 0.10 nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10 pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-24.05 4.3.26 nixos-24.05-small 4.3.26 nixos-24.11 4.3.27 nixos-24.11-small 4.3.27 nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27 pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-24.05 1.30 nixos-24.05-small 1.30 nixos-24.11 1.30 nixos-24.11-small 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-24.05 1.30 nixos-24.05-small 1.30 nixos-24.11 1.30 nixos-24.11-small 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 Notify package maintainers: 5 @MatthewCroughan Matthew Croughan <matt@croughan.sh> @lovek323 Jason O'Conal <jason@oconal.id.au> @k0ral Koral <koral@mailoo.org> @MikePlayle Mike Playle <mike@mythik.co.uk> @Rakesh4G Rakesh Gupta <rakeshgupta4u@gmail.com> CVE-2024-7259 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @LeSuisse dismissed 2 weeks, 1 day ago Ovirt-engine: potential exposure of cleartext provider passwords via web ui A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. ovirt-engine pkgs.rubyPackages.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 pkgs.rubyPackages_3_1.ovirt-engine-sdk nixos-24.05 4.6.0 nixos-24.05-small 4.6.0 nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_2.ovirt-engine-sdk nixos-24.05 4.6.0 nixos-24.05-small 4.6.0 nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_3.ovirt-engine-sdk nixos-24.05 4.6.0 nixos-24.05-small 4.6.0 nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_4.ovirt-engine-sdk nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 CVE-2024-5154 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @fricklerhandwerk accepted as draft 2 weeks, 1 day ago @fricklerhandwerk marked as untriaged 2 weeks, 1 day ago @fricklerhandwerk removed 2 packages pkgs.conmon-rs 0.6.3 pkgs.conmon-rs 0.6.6 2 weeks, 1 day ago @fricklerhandwerk accepted as draft 2 weeks, 1 day ago @LeSuisse removed package pkgs.conmon 2.1.12 2 weeks, 1 day ago @LeSuisse dismissed 2 weeks, 1 day ago Cri-o: malicious container can create symlink on host A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. cri-o * <1.30.1 <1.29.5 <1.28.7 rhcos * conman conmon container-tools:rhel8/podman pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixpkgs-24.05-darwin 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixpkgs-24.11-darwin 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixpkgs-24.05-darwin 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixpkgs-24.11-darwin 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 Notify package maintainers: 2 @saschagrunert Sascha Grunert <mail@saschagrunert.de> @vdemeester Vincent Demeester <vincent@sbr.pm> CVE-2024-6861 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @fricklerhandwerk removed package pkgs.emacsPackages.foreman-mode 20170725.1422 2 weeks, 1 day ago @fricklerhandwerk accepted as draft 2 weeks, 1 day ago @LeSuisse removed package pkgs.foreman 0.87.2 2 weeks, 1 day ago @LeSuisse dismissed 2 weeks, 1 day ago Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. foreman * <3.3 satellite:el8/foreman satellite-utils:el8/foreman satellite-capsule:el8/foreman CVE-2024-8418 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @LeSuisse accepted as draft 2 weeks, 1 day ago @LeSuisse dismissed 2 weeks, 1 day ago Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime. rhcos aardvark-dns containers-common container-tools:rhel8/aardvark-dns container-tools:rhel8/containers-common pkgs.aardvark-dns Authoritative dns server for A/AAAA container records nixos-24.05 1.10.0 nixos-24.05-small 1.10.0 nixos-24.11 1.13.0 nixos-24.11-small 1.13.0 nixos-unstable 1.13.1 nixos-unstable-small 1.13.1 nixpkgs-unstable 1.13.1 Notify package maintainers: 2 @vdemeester Vincent Demeester <vincent@sbr.pm> @saschagrunert Sascha Grunert <mail@saschagrunert.de> CVE-2023-23456 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @LeSuisse dismissed 2 weeks, 1 day ago Upx: heap-buffer-overflow in packtmt::pack() A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. upx * pkgs.upx The Ultimate Packer for eXecutables nixos-24.05 4.2.3 nixpkgs-24.05-darwin 4.2.3 nixos-24.05-small 4.2.3 nixos-24.11 4.2.4 nixpkgs-24.11-darwin 4.2.4 nixos-24.11-small 4.2.4 nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4 CVE-2024-9341 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): LOW Availability impact (A): NONE updated 2 weeks, 1 day ago by @fricklerhandwerk Activity log Created automatic suggestion 2 weeks, 2 days ago @fricklerhandwerk dismissed 2 weeks, 1 day ago Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. cri-o * rhcos * podman * buildah * container-tools:rhel8 * container-tools:rhel8/podman container-tools:rhel8/buildah openshift4/ose-docker-builder openshift4/ose-docker-builder-rhel9 pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.podman Program for managing pods, containers and container images nixos-24.05 5.0.3 nixos-24.05-small 5.0.3 nixos-24.11 5.2.3 nixos-24.11-small 5.2.3 nixos-unstable 5.3.1 nixos-unstable-small 5.3.1 nixpkgs-unstable 5.3.1 pkgs.buildah Tool which facilitates building OCI images nixos-24.05 1.35.4 nixos-24.05-small 1.35.4 nixos-24.11 1.38.0 nixos-24.11-small 1.38.0 nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0 pkgs.podman-tui Podman Terminal UI nixos-24.05 1.0.1 nixos-24.05-small 1.0.1 nixos-24.11 1.2.3 nixos-24.11-small 1.2.3 nixos-unstable 1.3.0 nixos-unstable-small 1.3.0 nixpkgs-unstable 1.3.0 pkgs.nvidia-podman NVIDIA Container Toolkit nixos-24.05 ??? nixos-24.05-small pkgs.podman-compose Implementation of docker-compose with podman backend nixos-24.05 1.1.0 nixos-24.05-small 1.1.0 nixos-24.11 1.2.0 nixos-24.11-small 1.2.0 nixos-unstable 1.2.0 nixos-unstable-small 1.2.0 nixpkgs-unstable 1.2.0 pkgs.podman-desktop A graphical tool for developing on containers and Kubernetes nixos-24.05 0.12.0 nixos-24.05-small 0.12.0 nixos-24.11 1.13.2 nixos-24.11-small 1.13.2 nixos-unstable 1.13.2 nixos-unstable-small 1.13.2 nixpkgs-unstable 1.13.2 pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.buildah-unwrapped Tool which facilitates building OCI images nixos-24.05 1.35.4 nixos-24.05-small 1.35.4 nixos-24.11 1.38.0 nixos-24.11-small 1.38.0 nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0 pkgs.nomad-driver-podman Podman task driver for Nomad nixos-24.05 0.5.2 nixos-24.05-small 0.5.2 nixos-24.11 0.6.1 nixos-24.11-small 0.6.1 nixos-unstable 0.6.1 nixos-unstable-small 0.6.1 nixpkgs-unstable 0.6.1 pkgs.python311Packages.podman Python bindings for Podman's RESTful API nixos-24.05 5.0.0 nixos-24.05-small 5.0.0 nixos-24.11 5.2.0 nixos-24.11-small 5.2.0 nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0 pkgs.python312Packages.podman Python bindings for Podman's RESTful API nixos-24.05 5.0.0 nixos-24.05-small 5.0.0 nixos-24.11 5.2.0 nixos-24.11-small 5.2.0 nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0 Notify package maintainers: 7 @vdemeester Vincent Demeester <vincent@sbr.pm> @saschagrunert Sascha Grunert <mail@saschagrunert.de> @aaronjheng Aaron Jheng <wentworth@outlook.com> @cpcloud Phillip Cloud @sikmir Nikolay Korotkiy <sikmir@disroot.org> @panda2134 panda2134 <me+nixpkgs@panda2134.site> @fabaff Fabian Affolter <mail@fabian-affolter.ch> CVE-2024-9902 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): LOW updated 2 weeks, 1 day ago by @fricklerhandwerk Activity log Created automatic suggestion 3 weeks, 1 day ago @fricklerhandwerk accepted as draft 2 weeks, 1 day ago @fricklerhandwerk dismissed 2 weeks, 1 day ago Ansible-core: ansible-core user may read/write unauthorized content A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. core ansible-core * ee-29-container * ee-minimal-container * openstack-ansible-core ansible-builder-container * ansible-automation-platform/ee-29-rhel8 * ansible-automation-platform/ee-minimal-rhel8 * ansible-automation-platform/ee-minimal-rhel9 * ansible-automation-platform/ansible-builder-rhel8 * ansible-automation-platform/ansible-builder-rhel9 * CVE-2024-9924 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 2 weeks, 1 day ago by @fricklerhandwerk Activity log Created automatic suggestion 3 weeks, 1 day ago @fricklerhandwerk dismissed 2 weeks, 1 day ago Hgiga OAKlouds - Arbitrary File Read And Delete The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . OAKlouds-webbase-2.0 <1162 CVE-2024-9924 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 2 weeks, 1 day ago by @fricklerhandwerk Activity log Created automatic suggestion 3 weeks, 1 day ago @fricklerhandwerk dismissed 2 weeks, 1 day ago Hgiga OAKlouds - Arbitrary File Read And Delete The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . OAKlouds-webbase-2.0 <1162
CVE-2024-45769 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @LeSuisse dismissed 2 weeks, 1 day ago Pcp: pmcd heap corruption through metric pmstore operations A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. pcp * pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-24.05 0.4.0 nixos-24.05-small 0.4.0 nixos-24.11 0.4.0 nixos-24.11-small 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.ncmpcpp A featureful ncurses based MPD client inspired by ncmpc nixos-24.05 0.9.2 nixos-24.05-small 0.9.2 nixos-24.11 0.10 nixos-24.11-small 0.10 nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10 pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-24.05 4.3.26 nixos-24.05-small 4.3.26 nixos-24.11 4.3.27 nixos-24.11-small 4.3.27 nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27 pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-24.05 1.30 nixos-24.05-small 1.30 nixos-24.11 1.30 nixos-24.11-small 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-24.05 1.30 nixos-24.05-small 1.30 nixos-24.11 1.30 nixos-24.11-small 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 Notify package maintainers: 5 @MatthewCroughan Matthew Croughan <matt@croughan.sh> @lovek323 Jason O'Conal <jason@oconal.id.au> @k0ral Koral <koral@mailoo.org> @MikePlayle Mike Playle <mike@mythik.co.uk> @Rakesh4G Rakesh Gupta <rakeshgupta4u@gmail.com>
pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-24.05 0.4.0 nixos-24.05-small 0.4.0 nixos-24.11 0.4.0 nixos-24.11-small 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0
pkgs.ncmpcpp A featureful ncurses based MPD client inspired by ncmpc nixos-24.05 0.9.2 nixos-24.05-small 0.9.2 nixos-24.11 0.10 nixos-24.11-small 0.10 nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10
pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-24.05 4.3.26 nixos-24.05-small 4.3.26 nixos-24.11 4.3.27 nixos-24.11-small 4.3.27 nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27
pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-24.05 1.30 nixos-24.05-small 1.30 nixos-24.11 1.30 nixos-24.11-small 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30
pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-24.05 1.30 nixos-24.05-small 1.30 nixos-24.11 1.30 nixos-24.11-small 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30
CVE-2024-7259 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @LeSuisse dismissed 2 weeks, 1 day ago Ovirt-engine: potential exposure of cleartext provider passwords via web ui A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. ovirt-engine pkgs.rubyPackages.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 pkgs.rubyPackages_3_1.ovirt-engine-sdk nixos-24.05 4.6.0 nixos-24.05-small 4.6.0 nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_2.ovirt-engine-sdk nixos-24.05 4.6.0 nixos-24.05-small 4.6.0 nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_3.ovirt-engine-sdk nixos-24.05 4.6.0 nixos-24.05-small 4.6.0 nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_4.ovirt-engine-sdk nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_1.ovirt-engine-sdk nixos-24.05 4.6.0 nixos-24.05-small 4.6.0 nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_2.ovirt-engine-sdk nixos-24.05 4.6.0 nixos-24.05-small 4.6.0 nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_3.ovirt-engine-sdk nixos-24.05 4.6.0 nixos-24.05-small 4.6.0 nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_4.ovirt-engine-sdk nixos-24.11 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
CVE-2024-5154 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @fricklerhandwerk accepted as draft 2 weeks, 1 day ago @fricklerhandwerk marked as untriaged 2 weeks, 1 day ago @fricklerhandwerk removed 2 packages pkgs.conmon-rs 0.6.3 pkgs.conmon-rs 0.6.6 2 weeks, 1 day ago @fricklerhandwerk accepted as draft 2 weeks, 1 day ago @LeSuisse removed package pkgs.conmon 2.1.12 2 weeks, 1 day ago @LeSuisse dismissed 2 weeks, 1 day ago Cri-o: malicious container can create symlink on host A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. cri-o * <1.30.1 <1.29.5 <1.28.7 rhcos * conman conmon container-tools:rhel8/podman pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixpkgs-24.05-darwin 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixpkgs-24.11-darwin 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixpkgs-24.05-darwin 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixpkgs-24.11-darwin 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 Notify package maintainers: 2 @saschagrunert Sascha Grunert <mail@saschagrunert.de> @vdemeester Vincent Demeester <vincent@sbr.pm>
pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixpkgs-24.05-darwin 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixpkgs-24.11-darwin 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2
pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixpkgs-24.05-darwin 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixpkgs-24.11-darwin 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2
CVE-2024-6861 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @fricklerhandwerk removed package pkgs.emacsPackages.foreman-mode 20170725.1422 2 weeks, 1 day ago @fricklerhandwerk accepted as draft 2 weeks, 1 day ago @LeSuisse removed package pkgs.foreman 0.87.2 2 weeks, 1 day ago @LeSuisse dismissed 2 weeks, 1 day ago Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. foreman * <3.3 satellite:el8/foreman satellite-utils:el8/foreman satellite-capsule:el8/foreman
CVE-2024-8418 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @LeSuisse accepted as draft 2 weeks, 1 day ago @LeSuisse dismissed 2 weeks, 1 day ago Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime. rhcos aardvark-dns containers-common container-tools:rhel8/aardvark-dns container-tools:rhel8/containers-common pkgs.aardvark-dns Authoritative dns server for A/AAAA container records nixos-24.05 1.10.0 nixos-24.05-small 1.10.0 nixos-24.11 1.13.0 nixos-24.11-small 1.13.0 nixos-unstable 1.13.1 nixos-unstable-small 1.13.1 nixpkgs-unstable 1.13.1 Notify package maintainers: 2 @vdemeester Vincent Demeester <vincent@sbr.pm> @saschagrunert Sascha Grunert <mail@saschagrunert.de>
pkgs.aardvark-dns Authoritative dns server for A/AAAA container records nixos-24.05 1.10.0 nixos-24.05-small 1.10.0 nixos-24.11 1.13.0 nixos-24.11-small 1.13.0 nixos-unstable 1.13.1 nixos-unstable-small 1.13.1 nixpkgs-unstable 1.13.1
CVE-2023-23456 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 2 days ago @LeSuisse dismissed 2 weeks, 1 day ago Upx: heap-buffer-overflow in packtmt::pack() A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. upx * pkgs.upx The Ultimate Packer for eXecutables nixos-24.05 4.2.3 nixpkgs-24.05-darwin 4.2.3 nixos-24.05-small 4.2.3 nixos-24.11 4.2.4 nixpkgs-24.11-darwin 4.2.4 nixos-24.11-small 4.2.4 nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4
pkgs.upx The Ultimate Packer for eXecutables nixos-24.05 4.2.3 nixpkgs-24.05-darwin 4.2.3 nixos-24.05-small 4.2.3 nixos-24.11 4.2.4 nixpkgs-24.11-darwin 4.2.4 nixos-24.11-small 4.2.4 nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4
CVE-2024-9341 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): LOW Availability impact (A): NONE updated 2 weeks, 1 day ago by @fricklerhandwerk Activity log Created automatic suggestion 2 weeks, 2 days ago @fricklerhandwerk dismissed 2 weeks, 1 day ago Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. cri-o * rhcos * podman * buildah * container-tools:rhel8 * container-tools:rhel8/podman container-tools:rhel8/buildah openshift4/ose-docker-builder openshift4/ose-docker-builder-rhel9 pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.podman Program for managing pods, containers and container images nixos-24.05 5.0.3 nixos-24.05-small 5.0.3 nixos-24.11 5.2.3 nixos-24.11-small 5.2.3 nixos-unstable 5.3.1 nixos-unstable-small 5.3.1 nixpkgs-unstable 5.3.1 pkgs.buildah Tool which facilitates building OCI images nixos-24.05 1.35.4 nixos-24.05-small 1.35.4 nixos-24.11 1.38.0 nixos-24.11-small 1.38.0 nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0 pkgs.podman-tui Podman Terminal UI nixos-24.05 1.0.1 nixos-24.05-small 1.0.1 nixos-24.11 1.2.3 nixos-24.11-small 1.2.3 nixos-unstable 1.3.0 nixos-unstable-small 1.3.0 nixpkgs-unstable 1.3.0 pkgs.nvidia-podman NVIDIA Container Toolkit nixos-24.05 ??? nixos-24.05-small pkgs.podman-compose Implementation of docker-compose with podman backend nixos-24.05 1.1.0 nixos-24.05-small 1.1.0 nixos-24.11 1.2.0 nixos-24.11-small 1.2.0 nixos-unstable 1.2.0 nixos-unstable-small 1.2.0 nixpkgs-unstable 1.2.0 pkgs.podman-desktop A graphical tool for developing on containers and Kubernetes nixos-24.05 0.12.0 nixos-24.05-small 0.12.0 nixos-24.11 1.13.2 nixos-24.11-small 1.13.2 nixos-unstable 1.13.2 nixos-unstable-small 1.13.2 nixpkgs-unstable 1.13.2 pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.buildah-unwrapped Tool which facilitates building OCI images nixos-24.05 1.35.4 nixos-24.05-small 1.35.4 nixos-24.11 1.38.0 nixos-24.11-small 1.38.0 nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0 pkgs.nomad-driver-podman Podman task driver for Nomad nixos-24.05 0.5.2 nixos-24.05-small 0.5.2 nixos-24.11 0.6.1 nixos-24.11-small 0.6.1 nixos-unstable 0.6.1 nixos-unstable-small 0.6.1 nixpkgs-unstable 0.6.1 pkgs.python311Packages.podman Python bindings for Podman's RESTful API nixos-24.05 5.0.0 nixos-24.05-small 5.0.0 nixos-24.11 5.2.0 nixos-24.11-small 5.2.0 nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0 pkgs.python312Packages.podman Python bindings for Podman's RESTful API nixos-24.05 5.0.0 nixos-24.05-small 5.0.0 nixos-24.11 5.2.0 nixos-24.11-small 5.2.0 nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0 Notify package maintainers: 7 @vdemeester Vincent Demeester <vincent@sbr.pm> @saschagrunert Sascha Grunert <mail@saschagrunert.de> @aaronjheng Aaron Jheng <wentworth@outlook.com> @cpcloud Phillip Cloud @sikmir Nikolay Korotkiy <sikmir@disroot.org> @panda2134 panda2134 <me+nixpkgs@panda2134.site> @fabaff Fabian Affolter <mail@fabian-affolter.ch>
pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2
pkgs.podman Program for managing pods, containers and container images nixos-24.05 5.0.3 nixos-24.05-small 5.0.3 nixos-24.11 5.2.3 nixos-24.11-small 5.2.3 nixos-unstable 5.3.1 nixos-unstable-small 5.3.1 nixpkgs-unstable 5.3.1
pkgs.buildah Tool which facilitates building OCI images nixos-24.05 1.35.4 nixos-24.05-small 1.35.4 nixos-24.11 1.38.0 nixos-24.11-small 1.38.0 nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0
pkgs.podman-tui Podman Terminal UI nixos-24.05 1.0.1 nixos-24.05-small 1.0.1 nixos-24.11 1.2.3 nixos-24.11-small 1.2.3 nixos-unstable 1.3.0 nixos-unstable-small 1.3.0 nixpkgs-unstable 1.3.0
pkgs.podman-compose Implementation of docker-compose with podman backend nixos-24.05 1.1.0 nixos-24.05-small 1.1.0 nixos-24.11 1.2.0 nixos-24.11-small 1.2.0 nixos-unstable 1.2.0 nixos-unstable-small 1.2.0 nixpkgs-unstable 1.2.0
pkgs.podman-desktop A graphical tool for developing on containers and Kubernetes nixos-24.05 0.12.0 nixos-24.05-small 0.12.0 nixos-24.11 1.13.2 nixos-24.11-small 1.13.2 nixos-unstable 1.13.2 nixos-unstable-small 1.13.2 nixpkgs-unstable 1.13.2
pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-24.05 1.30.1 nixos-24.05-small 1.30.1 nixos-24.11 1.31.2 nixos-24.11-small 1.31.2 nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2
pkgs.buildah-unwrapped Tool which facilitates building OCI images nixos-24.05 1.35.4 nixos-24.05-small 1.35.4 nixos-24.11 1.38.0 nixos-24.11-small 1.38.0 nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0
pkgs.nomad-driver-podman Podman task driver for Nomad nixos-24.05 0.5.2 nixos-24.05-small 0.5.2 nixos-24.11 0.6.1 nixos-24.11-small 0.6.1 nixos-unstable 0.6.1 nixos-unstable-small 0.6.1 nixpkgs-unstable 0.6.1
pkgs.python311Packages.podman Python bindings for Podman's RESTful API nixos-24.05 5.0.0 nixos-24.05-small 5.0.0 nixos-24.11 5.2.0 nixos-24.11-small 5.2.0 nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0
pkgs.python312Packages.podman Python bindings for Podman's RESTful API nixos-24.05 5.0.0 nixos-24.05-small 5.0.0 nixos-24.11 5.2.0 nixos-24.11-small 5.2.0 nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0
CVE-2024-9902 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): LOW updated 2 weeks, 1 day ago by @fricklerhandwerk Activity log Created automatic suggestion 3 weeks, 1 day ago @fricklerhandwerk accepted as draft 2 weeks, 1 day ago @fricklerhandwerk dismissed 2 weeks, 1 day ago Ansible-core: ansible-core user may read/write unauthorized content A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. core ansible-core * ee-29-container * ee-minimal-container * openstack-ansible-core ansible-builder-container * ansible-automation-platform/ee-29-rhel8 * ansible-automation-platform/ee-minimal-rhel8 * ansible-automation-platform/ee-minimal-rhel9 * ansible-automation-platform/ansible-builder-rhel8 * ansible-automation-platform/ansible-builder-rhel9 *
CVE-2024-9924 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 2 weeks, 1 day ago by @fricklerhandwerk Activity log Created automatic suggestion 3 weeks, 1 day ago @fricklerhandwerk dismissed 2 weeks, 1 day ago Hgiga OAKlouds - Arbitrary File Read And Delete The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . OAKlouds-webbase-2.0 <1162
CVE-2024-9924 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 2 weeks, 1 day ago by @fricklerhandwerk Activity log Created automatic suggestion 3 weeks, 1 day ago @fricklerhandwerk dismissed 2 weeks, 1 day ago Hgiga OAKlouds - Arbitrary File Read And Delete The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . OAKlouds-webbase-2.0 <1162