Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2013-10005 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 8 months ago @LeSuisse dismissed 7 months, 3 weeks ago Infinite loop in github.com/btcsuite/go-socks The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow. github.com/btcsuite/go-socks <0.0.0-20130808000456-233bccbb1abe github.com/btcsuitereleases/go-socks <0.0.0-20130808000456-233bccbb1abe CVE-2024-52337 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago CVE Program Container None tuned * <2.24.1 pkgs.python311Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0 pkgs.python312Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0 Package maintainers: 2 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mbalatsko Maksym Balatsko <mbalatsko@gmail.com> CVE-2024-49506 0.0 NONE CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): NONE updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago Fixed temporary file path in aeon-checks allows fixing of disk encryption key Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem tik <1.2.4 aeon-check <1.0.2 pkgs.tika A toolkit for extracting metadata and text from over a thousand different file types nixos-24.11 2.9.2 pkgs.batik Java based toolkit for handling SVG nixos-24.11 1.18 pkgs.qtikz Editor for the TikZ language nixos-24.11 0.12 pkgs.statik Embed files into a Go executable nixos-24.11 0.1.7 pkgs.tikzit Graphical tool for rapidly creating graphs and diagrams using PGF/TikZ nixos-24.11 2.1.6 pkgs.tootik Federated nanoblogging service with a Gemini frontend nixos-24.11 0.12.6 pkgs.semantik Mind-mapping application for KDE nixos-24.11 1.2.10 pkgs.svg2tikz Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 3.2.0 pkgs.authentik Authentication glue you need nixos-24.11 2024.6.4 pkgs.liberastika Liberation Sans fork with improved cyrillic support nixos-24.11 1.1.5 pkgs.emacsPackages.tikz nixos-24.11 20220526.521 pkgs.emacsPackages.tiktoken nixos-24.11 20240103.340 pkgs.python311Packages.tika Python binding to the Apache Tika™ REST services nixos-24.11 2.6.0 pkgs.python312Packages.tika Python binding to the Apache Tika™ REST services nixos-24.11 2.6.0 pkgs.authentik-outposts.ldap The authentik ldap outpost. Needed for the external ldap API. nixos-24.11 2024.6.4 pkgs.indi-3rdparty.indi-atik Third party drivers for the INDI astronomical software suite nixos-24.11 3rdparty-indi-atik-2.0.9 pkgs.authentik-outposts.radius Authentik radius outpost which is used for the external radius API nixos-24.11 2024.6.4 pkgs.luaPackages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1 pkgs.python311Packages.tiktoken tiktoken is a fast BPE tokeniser for use with OpenAI's models nixos-24.11 0.7.0 pkgs.python312Packages.svg2tikz Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0 pkgs.python312Packages.tiktoken tiktoken is a fast BPE tokeniser for use with OpenAI's models nixos-24.11 0.7.0 pkgs.lua51Packages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1 pkgs.lua53Packages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1 pkgs.lua54Packages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1 pkgs.luajitPackages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1 pkgs.prometheus-mikrotik-exporter Prometheus MikroTik device(s) exporter nixos-24.11 2021-08-10 pkgs.python311Packages.tika-client Modern Python REST client for Apache Tika server nixos-24.11 0.7.0 pkgs.python311Packages.tikzplotlib Save matplotlib figures as TikZ/PGFplots for smooth integration into LaTeX nixos-24.11 0.10.1 pkgs.python312Packages.tika-client Modern Python REST client for Apache Tika server nixos-24.11 0.7.0 pkgs.python312Packages.tikzplotlib Save matplotlib figures as TikZ/PGFplots for smooth integration into LaTeX nixos-24.11 0.10.1 pkgs.python312Packages.pytikz-allefeld Python interface to TikZ nixos-24.11 2022-11-01 pkgs.python312Packages.sphinxcontrib-tikz TikZ extension for Sphinx nixos-24.11 0.4.20 pkgs.home-assistant-component-tests.mikrotik Open source home automation that puts local control and privacy first nixos-24.11 2024.11.1 pkgs.python311Packages.svg2tikz.x86_64-linux Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0 pkgs.python311Packages.svg2tikz.aarch64-linux Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0 pkgs.python311Packages.svg2tikz.x86_64-darwin Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0 pkgs.python311Packages.svg2tikz.aarch64-darwin Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0 pkgs.python311Packages.pytikz-allefeld.x86_64-linux Python interface to TikZ nixos-24.11 2022-11-01 pkgs.python311Packages.pytikz-allefeld.aarch64-linux Python interface to TikZ nixos-24.11 2022-11-01 pkgs.python311Packages.pytikz-allefeld.x86_64-darwin Python interface to TikZ nixos-24.11 2022-11-01 pkgs.python311Packages.pytikz-allefeld.aarch64-darwin Python interface to TikZ nixos-24.11 2022-11-01 pkgs.python311Packages.sphinxcontrib-tikz.x86_64-linux TikZ extension for Sphinx nixos-24.11 0.4.20 pkgs.python311Packages.sphinxcontrib-tikz.aarch64-linux TikZ extension for Sphinx nixos-24.11 0.4.20 pkgs.python311Packages.sphinxcontrib-tikz.x86_64-darwin TikZ extension for Sphinx nixos-24.11 0.4.20 pkgs.python311Packages.sphinxcontrib-tikz.aarch64-darwin TikZ extension for Sphinx nixos-24.11 0.4.20 Package maintainers: 24 @layus Guillaume Maudoux <layus.on@gmail.com> @SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com> @sikmir Nikolay Korotkiy <sikmir@disroot.org> @Madouura Madoura <madouura@gmail.com> @natsukium Tomoya Otabi <nixpkgs@natsukium.com> @FlorentBecker Florent Becker <florent.becker@ens-lyon.org> @dotlambda Robert Schütz <rschuetz17@gmail.com> @jvanbruegge Jan van Brügge <supermanitu@gmail.com> @rissson Marc Schmitt <marc.schmitt@risson.space> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @Mic92 Jörg Thalheim <joerg@thalheim.io> @pbsds Peder Bergebakken Sundt <pbsds@hotmail.com> @Flakebi Sebastian Neubauer <flakebi@t-online.de> @e1mo Nina Fromm <nixpkgs@e1mo.de> @happysalada Raphael Megzari <raphael@megzari.com> @doronbehar Doron Behar <me@doronbehar.com> @returntoreality Linus Karl <linus@lotz.li> @hjones2199 Hunter Jones <hjones2199@gmail.com> @sheepforce Phillip Seeber <phillip.seeber@googlemail.com> @TomaSajt TomaSajt @iblech Ingo Blechschmidt <iblech@speicherleck.de> @mgttlinger Merlin Humml <megoettlinger@gmail.com> @mmilata Martin Milata <martin@martinmilata.cz> CVE-2024-52336 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. tuned * <2.24.1 pkgs.python311Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0 pkgs.python312Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0 Package maintainers: 2 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mbalatsko Maksym Balatsko <mbalatsko@gmail.com> CVE-2024-8553 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago Foreman: read-only access to entire db from templates A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information. foreman * pkgs.foreman Process manager for applications with multiple components nixos-24.11 0.87.2 pkgs.emacsPackages.foreman-mode nixos-24.11 20170725.1422 Package maintainers: 1 @zimbatm zimbatm <zimbatm@zimbatm.com> CVE-2023-27456 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 3 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19. total =<2.1.19 pkgs.autotalent Real-time pitch correction LADSPA plugin (no MIDI control) nixos-24.11 0.2 nixpkgs-24.11-darwin 0.2 nixos-unstable 0.2 nixos-unstable-small 0.2 nixpkgs-unstable 0.2 pkgs.haskellPackages.total Exhaustive pattern matching using lenses, traversals, and prisms nixos-24.11 1.0.6 nixpkgs-24.11-darwin 1.0.6 nixos-unstable 1.0.6 nixos-unstable-small 1.0.6 nixpkgs-unstable 1.0.6 pkgs.emacsPackages.total-lines nixos-24.11 20171227.1239 nixpkgs-24.11-darwin 20171227.1239 nixos-unstable 20171227.1239 nixos-unstable-small 20171227.1239 nixpkgs-unstable 20171227.1239 pkgs.haskellPackages.total-alternative Alternative interface for total versions of partial function on the Prelude nixos-24.11 0.1.0.1 nixpkgs-24.11-darwin 0.1.0.1 nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1 pkgs.python311Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-24.11 2024.5 nixpkgs-24.11-darwin 2024.5 nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12 pkgs.python312Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-24.11 2024.5 nixpkgs-24.11-darwin 2024.5 nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12 pkgs.home-assistant-component-tests.totalconnect Open source home automation that puts local control and privacy first nixos-24.11 2024.11.1 nixpkgs-24.11-darwin 2024.11.1 nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3 pkgs.python312Packages.total-connect-client.x86_64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.aarch64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.x86_64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.aarch64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 Package maintainers: 6 @Gabriella439 Gabriella Gonzalez <GenuineGabriella@gmail.com> @michalrus Michal Rus <m@michalrus.com> @dotlambda Robert Schütz <rschuetz17@gmail.com> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @Mic92 Jörg Thalheim <joerg@thalheim.io> CVE-2024-54245 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 3 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago WordPress Clients plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients allows Stored XSS.This issue affects Clients: from n/a through 1.1.4. clients =<1.1.4 pkgs.argus-clients Clients for ARGUS nixos-24.11 3.0.8.3 nixpkgs-24.11-darwin 3.0.8.3 nixos-unstable 3.0.8.3 nixos-unstable-small 3.0.8.3 nixpkgs-unstable 3.0.8.3 pkgs.xorg.xlsclients nixos-24.11 1.1.5 nixpkgs-24.11-darwin 1.1.5 nixos-unstable 1.1.5 nixos-unstable-small 1.1.5 nixpkgs-unstable 1.1.5 pkgs.haskellPackages.clientsession Securely store session data in a client-side cookie nixos-24.11 0.9.2.0 nixos-unstable 0.9.2.0 nixos-unstable-small 0.9.2.0 nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.wai-session-clientsession Session store based on clientsession nixos-24.11 0.1 nixpkgs-24.11-darwin 0.1 nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 pkgs.haskellPackages.clientsession.x86_64-linux Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-linux Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.x86_64-darwin Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-darwin Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0 Package maintainers: 1 @leenaars Michiel Leenaars <ml.software@leenaa.rs> CVE-2024-54322 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 3 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago WordPress Media Downloader plugin <= 0.4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through 0.4.7.4. media-downloader =<0.4.7.4 CVE-2024-45770 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago Pcp: pmpost symlink attack allows escalating pcp to root user A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges. pcp * pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-24.11 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-24.11 0.10 nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10 pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-24.11 4.3.27 nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27 pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-24.11 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python311Packages.pcpp.x86_64-linux C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.aarch64-linux C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.x86_64-darwin C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.aarch64-darwin C99 preprocessor written in pure Python nixos-24.11 1.30 Package maintainers: 5 @Rakesh4G Rakesh Gupta <rakeshgupta4u@gmail.com> @MikePlayle Mike Playle <mike@mythik.co.uk> @MatthewCroughan Matthew Croughan <matt@croughan.sh> @k0ral Koral <koral@mailoo.org> @lovek323 Jason O'Conal <jason@oconal.id.au> CVE-2024-45769 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago Pcp: pmcd heap corruption through metric pmstore operations A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. pcp * pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-24.11 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-24.11 0.10 nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10 pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-24.11 4.3.27 nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27 pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-24.11 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python311Packages.pcpp.x86_64-linux C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.aarch64-linux C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.x86_64-darwin C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.aarch64-darwin C99 preprocessor written in pure Python nixos-24.11 1.30 Package maintainers: 5 @Rakesh4G Rakesh Gupta <rakeshgupta4u@gmail.com> @MikePlayle Mike Playle <mike@mythik.co.uk> @MatthewCroughan Matthew Croughan <matt@croughan.sh> @k0ral Koral <koral@mailoo.org> @lovek323 Jason O'Conal <jason@oconal.id.au>
CVE-2013-10005 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 8 months ago @LeSuisse dismissed 7 months, 3 weeks ago Infinite loop in github.com/btcsuite/go-socks The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow. github.com/btcsuite/go-socks <0.0.0-20130808000456-233bccbb1abe github.com/btcsuitereleases/go-socks <0.0.0-20130808000456-233bccbb1abe
CVE-2024-52337 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago CVE Program Container None tuned * <2.24.1 pkgs.python311Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0 pkgs.python312Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0 Package maintainers: 2 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
pkgs.python311Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0
pkgs.python312Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0
CVE-2024-49506 0.0 NONE CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): NONE updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago Fixed temporary file path in aeon-checks allows fixing of disk encryption key Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem tik <1.2.4 aeon-check <1.0.2 pkgs.tika A toolkit for extracting metadata and text from over a thousand different file types nixos-24.11 2.9.2 pkgs.batik Java based toolkit for handling SVG nixos-24.11 1.18 pkgs.qtikz Editor for the TikZ language nixos-24.11 0.12 pkgs.statik Embed files into a Go executable nixos-24.11 0.1.7 pkgs.tikzit Graphical tool for rapidly creating graphs and diagrams using PGF/TikZ nixos-24.11 2.1.6 pkgs.tootik Federated nanoblogging service with a Gemini frontend nixos-24.11 0.12.6 pkgs.semantik Mind-mapping application for KDE nixos-24.11 1.2.10 pkgs.svg2tikz Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 3.2.0 pkgs.authentik Authentication glue you need nixos-24.11 2024.6.4 pkgs.liberastika Liberation Sans fork with improved cyrillic support nixos-24.11 1.1.5 pkgs.emacsPackages.tikz nixos-24.11 20220526.521 pkgs.emacsPackages.tiktoken nixos-24.11 20240103.340 pkgs.python311Packages.tika Python binding to the Apache Tika™ REST services nixos-24.11 2.6.0 pkgs.python312Packages.tika Python binding to the Apache Tika™ REST services nixos-24.11 2.6.0 pkgs.authentik-outposts.ldap The authentik ldap outpost. Needed for the external ldap API. nixos-24.11 2024.6.4 pkgs.indi-3rdparty.indi-atik Third party drivers for the INDI astronomical software suite nixos-24.11 3rdparty-indi-atik-2.0.9 pkgs.authentik-outposts.radius Authentik radius outpost which is used for the external radius API nixos-24.11 2024.6.4 pkgs.luaPackages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1 pkgs.python311Packages.tiktoken tiktoken is a fast BPE tokeniser for use with OpenAI's models nixos-24.11 0.7.0 pkgs.python312Packages.svg2tikz Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0 pkgs.python312Packages.tiktoken tiktoken is a fast BPE tokeniser for use with OpenAI's models nixos-24.11 0.7.0 pkgs.lua51Packages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1 pkgs.lua53Packages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1 pkgs.lua54Packages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1 pkgs.luajitPackages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1 pkgs.prometheus-mikrotik-exporter Prometheus MikroTik device(s) exporter nixos-24.11 2021-08-10 pkgs.python311Packages.tika-client Modern Python REST client for Apache Tika server nixos-24.11 0.7.0 pkgs.python311Packages.tikzplotlib Save matplotlib figures as TikZ/PGFplots for smooth integration into LaTeX nixos-24.11 0.10.1 pkgs.python312Packages.tika-client Modern Python REST client for Apache Tika server nixos-24.11 0.7.0 pkgs.python312Packages.tikzplotlib Save matplotlib figures as TikZ/PGFplots for smooth integration into LaTeX nixos-24.11 0.10.1 pkgs.python312Packages.pytikz-allefeld Python interface to TikZ nixos-24.11 2022-11-01 pkgs.python312Packages.sphinxcontrib-tikz TikZ extension for Sphinx nixos-24.11 0.4.20 pkgs.home-assistant-component-tests.mikrotik Open source home automation that puts local control and privacy first nixos-24.11 2024.11.1 pkgs.python311Packages.svg2tikz.x86_64-linux Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0 pkgs.python311Packages.svg2tikz.aarch64-linux Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0 pkgs.python311Packages.svg2tikz.x86_64-darwin Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0 pkgs.python311Packages.svg2tikz.aarch64-darwin Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0 pkgs.python311Packages.pytikz-allefeld.x86_64-linux Python interface to TikZ nixos-24.11 2022-11-01 pkgs.python311Packages.pytikz-allefeld.aarch64-linux Python interface to TikZ nixos-24.11 2022-11-01 pkgs.python311Packages.pytikz-allefeld.x86_64-darwin Python interface to TikZ nixos-24.11 2022-11-01 pkgs.python311Packages.pytikz-allefeld.aarch64-darwin Python interface to TikZ nixos-24.11 2022-11-01 pkgs.python311Packages.sphinxcontrib-tikz.x86_64-linux TikZ extension for Sphinx nixos-24.11 0.4.20 pkgs.python311Packages.sphinxcontrib-tikz.aarch64-linux TikZ extension for Sphinx nixos-24.11 0.4.20 pkgs.python311Packages.sphinxcontrib-tikz.x86_64-darwin TikZ extension for Sphinx nixos-24.11 0.4.20 pkgs.python311Packages.sphinxcontrib-tikz.aarch64-darwin TikZ extension for Sphinx nixos-24.11 0.4.20 Package maintainers: 24 @layus Guillaume Maudoux <layus.on@gmail.com> @SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com> @sikmir Nikolay Korotkiy <sikmir@disroot.org> @Madouura Madoura <madouura@gmail.com> @natsukium Tomoya Otabi <nixpkgs@natsukium.com> @FlorentBecker Florent Becker <florent.becker@ens-lyon.org> @dotlambda Robert Schütz <rschuetz17@gmail.com> @jvanbruegge Jan van Brügge <supermanitu@gmail.com> @rissson Marc Schmitt <marc.schmitt@risson.space> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @Mic92 Jörg Thalheim <joerg@thalheim.io> @pbsds Peder Bergebakken Sundt <pbsds@hotmail.com> @Flakebi Sebastian Neubauer <flakebi@t-online.de> @e1mo Nina Fromm <nixpkgs@e1mo.de> @happysalada Raphael Megzari <raphael@megzari.com> @doronbehar Doron Behar <me@doronbehar.com> @returntoreality Linus Karl <linus@lotz.li> @hjones2199 Hunter Jones <hjones2199@gmail.com> @sheepforce Phillip Seeber <phillip.seeber@googlemail.com> @TomaSajt TomaSajt @iblech Ingo Blechschmidt <iblech@speicherleck.de> @mgttlinger Merlin Humml <megoettlinger@gmail.com> @mmilata Martin Milata <martin@martinmilata.cz>
pkgs.tika A toolkit for extracting metadata and text from over a thousand different file types nixos-24.11 2.9.2
pkgs.authentik-outposts.ldap The authentik ldap outpost. Needed for the external ldap API. nixos-24.11 2024.6.4
pkgs.indi-3rdparty.indi-atik Third party drivers for the INDI astronomical software suite nixos-24.11 3rdparty-indi-atik-2.0.9
pkgs.authentik-outposts.radius Authentik radius outpost which is used for the external radius API nixos-24.11 2024.6.4
pkgs.python311Packages.tiktoken tiktoken is a fast BPE tokeniser for use with OpenAI's models nixos-24.11 0.7.0
pkgs.python312Packages.svg2tikz Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0
pkgs.python312Packages.tiktoken tiktoken is a fast BPE tokeniser for use with OpenAI's models nixos-24.11 0.7.0
pkgs.lua51Packages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1
pkgs.lua53Packages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1
pkgs.lua54Packages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1
pkgs.luajitPackages.tiktoken_core An experimental port of OpenAI's Tokenizer to lua nixos-24.11 0.2.2-1
pkgs.python311Packages.tika-client Modern Python REST client for Apache Tika server nixos-24.11 0.7.0
pkgs.python311Packages.tikzplotlib Save matplotlib figures as TikZ/PGFplots for smooth integration into LaTeX nixos-24.11 0.10.1
pkgs.python312Packages.tika-client Modern Python REST client for Apache Tika server nixos-24.11 0.7.0
pkgs.python312Packages.tikzplotlib Save matplotlib figures as TikZ/PGFplots for smooth integration into LaTeX nixos-24.11 0.10.1
pkgs.home-assistant-component-tests.mikrotik Open source home automation that puts local control and privacy first nixos-24.11 2024.11.1
pkgs.python311Packages.svg2tikz.x86_64-linux Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0
pkgs.python311Packages.svg2tikz.aarch64-linux Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0
pkgs.python311Packages.svg2tikz.x86_64-darwin Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0
pkgs.python311Packages.svg2tikz.aarch64-darwin Set of tools for converting SVG graphics to TikZ/PGF code nixos-24.11 svg2tikz-3.2.0
pkgs.python311Packages.pytikz-allefeld.aarch64-darwin Python interface to TikZ nixos-24.11 2022-11-01
pkgs.python311Packages.sphinxcontrib-tikz.aarch64-darwin TikZ extension for Sphinx nixos-24.11 0.4.20
CVE-2024-52336 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. tuned * <2.24.1 pkgs.python311Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0 pkgs.python312Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0 Package maintainers: 2 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
pkgs.python311Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0
pkgs.python312Packages.mypy-boto3-neptunedata Type annotations for boto3 neptunedata nixos-24.11 boto3-neptunedata-1.35.0
CVE-2024-8553 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago Foreman: read-only access to entire db from templates A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information. foreman * pkgs.foreman Process manager for applications with multiple components nixos-24.11 0.87.2 pkgs.emacsPackages.foreman-mode nixos-24.11 20170725.1422 Package maintainers: 1 @zimbatm zimbatm <zimbatm@zimbatm.com>
CVE-2023-27456 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 3 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19. total =<2.1.19 pkgs.autotalent Real-time pitch correction LADSPA plugin (no MIDI control) nixos-24.11 0.2 nixpkgs-24.11-darwin 0.2 nixos-unstable 0.2 nixos-unstable-small 0.2 nixpkgs-unstable 0.2 pkgs.haskellPackages.total Exhaustive pattern matching using lenses, traversals, and prisms nixos-24.11 1.0.6 nixpkgs-24.11-darwin 1.0.6 nixos-unstable 1.0.6 nixos-unstable-small 1.0.6 nixpkgs-unstable 1.0.6 pkgs.emacsPackages.total-lines nixos-24.11 20171227.1239 nixpkgs-24.11-darwin 20171227.1239 nixos-unstable 20171227.1239 nixos-unstable-small 20171227.1239 nixpkgs-unstable 20171227.1239 pkgs.haskellPackages.total-alternative Alternative interface for total versions of partial function on the Prelude nixos-24.11 0.1.0.1 nixpkgs-24.11-darwin 0.1.0.1 nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1 pkgs.python311Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-24.11 2024.5 nixpkgs-24.11-darwin 2024.5 nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12 pkgs.python312Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-24.11 2024.5 nixpkgs-24.11-darwin 2024.5 nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12 pkgs.home-assistant-component-tests.totalconnect Open source home automation that puts local control and privacy first nixos-24.11 2024.11.1 nixpkgs-24.11-darwin 2024.11.1 nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3 pkgs.python312Packages.total-connect-client.x86_64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.aarch64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.x86_64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.aarch64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 Package maintainers: 6 @Gabriella439 Gabriella Gonzalez <GenuineGabriella@gmail.com> @michalrus Michal Rus <m@michalrus.com> @dotlambda Robert Schütz <rschuetz17@gmail.com> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @Mic92 Jörg Thalheim <joerg@thalheim.io>
pkgs.autotalent Real-time pitch correction LADSPA plugin (no MIDI control) nixos-24.11 0.2 nixpkgs-24.11-darwin 0.2 nixos-unstable 0.2 nixos-unstable-small 0.2 nixpkgs-unstable 0.2
pkgs.haskellPackages.total Exhaustive pattern matching using lenses, traversals, and prisms nixos-24.11 1.0.6 nixpkgs-24.11-darwin 1.0.6 nixos-unstable 1.0.6 nixos-unstable-small 1.0.6 nixpkgs-unstable 1.0.6
pkgs.emacsPackages.total-lines nixos-24.11 20171227.1239 nixpkgs-24.11-darwin 20171227.1239 nixos-unstable 20171227.1239 nixos-unstable-small 20171227.1239 nixpkgs-unstable 20171227.1239
pkgs.haskellPackages.total-alternative Alternative interface for total versions of partial function on the Prelude nixos-24.11 0.1.0.1 nixpkgs-24.11-darwin 0.1.0.1 nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1
pkgs.python311Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-24.11 2024.5 nixpkgs-24.11-darwin 2024.5 nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12
pkgs.python312Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-24.11 2024.5 nixpkgs-24.11-darwin 2024.5 nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12
pkgs.home-assistant-component-tests.totalconnect Open source home automation that puts local control and privacy first nixos-24.11 2024.11.1 nixpkgs-24.11-darwin 2024.11.1 nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3
pkgs.python312Packages.total-connect-client.x86_64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
pkgs.python312Packages.total-connect-client.aarch64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
pkgs.python312Packages.total-connect-client.x86_64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
pkgs.python312Packages.total-connect-client.aarch64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
CVE-2024-54245 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 3 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago WordPress Clients plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients allows Stored XSS.This issue affects Clients: from n/a through 1.1.4. clients =<1.1.4 pkgs.argus-clients Clients for ARGUS nixos-24.11 3.0.8.3 nixpkgs-24.11-darwin 3.0.8.3 nixos-unstable 3.0.8.3 nixos-unstable-small 3.0.8.3 nixpkgs-unstable 3.0.8.3 pkgs.xorg.xlsclients nixos-24.11 1.1.5 nixpkgs-24.11-darwin 1.1.5 nixos-unstable 1.1.5 nixos-unstable-small 1.1.5 nixpkgs-unstable 1.1.5 pkgs.haskellPackages.clientsession Securely store session data in a client-side cookie nixos-24.11 0.9.2.0 nixos-unstable 0.9.2.0 nixos-unstable-small 0.9.2.0 nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.wai-session-clientsession Session store based on clientsession nixos-24.11 0.1 nixpkgs-24.11-darwin 0.1 nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 pkgs.haskellPackages.clientsession.x86_64-linux Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-linux Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.x86_64-darwin Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-darwin Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0 Package maintainers: 1 @leenaars Michiel Leenaars <ml.software@leenaa.rs>
pkgs.argus-clients Clients for ARGUS nixos-24.11 3.0.8.3 nixpkgs-24.11-darwin 3.0.8.3 nixos-unstable 3.0.8.3 nixos-unstable-small 3.0.8.3 nixpkgs-unstable 3.0.8.3
pkgs.xorg.xlsclients nixos-24.11 1.1.5 nixpkgs-24.11-darwin 1.1.5 nixos-unstable 1.1.5 nixos-unstable-small 1.1.5 nixpkgs-unstable 1.1.5
pkgs.haskellPackages.clientsession Securely store session data in a client-side cookie nixos-24.11 0.9.2.0 nixos-unstable 0.9.2.0 nixos-unstable-small 0.9.2.0 nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.wai-session-clientsession Session store based on clientsession nixos-24.11 0.1 nixpkgs-24.11-darwin 0.1 nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1
pkgs.haskellPackages.clientsession.x86_64-linux Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.aarch64-linux Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.x86_64-darwin Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.aarch64-darwin Securely store session data in a client-side cookie nixos-24.11 ??? nixpkgs-24.11-darwin 0.9.2.0 nixos-unstable ??? nixpkgs-unstable 0.9.2.0
CVE-2024-54322 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 3 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago WordPress Media Downloader plugin <= 0.4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through 0.4.7.4. media-downloader =<0.4.7.4
CVE-2024-45770 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago Pcp: pmpost symlink attack allows escalating pcp to root user A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges. pcp * pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-24.11 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-24.11 0.10 nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10 pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-24.11 4.3.27 nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27 pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-24.11 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python311Packages.pcpp.x86_64-linux C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.aarch64-linux C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.x86_64-darwin C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.aarch64-darwin C99 preprocessor written in pure Python nixos-24.11 1.30 Package maintainers: 5 @Rakesh4G Rakesh Gupta <rakeshgupta4u@gmail.com> @MikePlayle Mike Playle <mike@mythik.co.uk> @MatthewCroughan Matthew Croughan <matt@croughan.sh> @k0ral Koral <koral@mailoo.org> @lovek323 Jason O'Conal <jason@oconal.id.au>
pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-24.11 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0
pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-24.11 0.10 nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10
pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-24.11 4.3.27 nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27
pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30
pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-24.11 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30
CVE-2024-45769 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 7 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 7 months, 4 weeks ago @LeSuisse dismissed 7 months, 3 weeks ago Pcp: pmcd heap corruption through metric pmstore operations A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. pcp * pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-24.11 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-24.11 0.10 nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10 pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-24.11 4.3.27 nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27 pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-24.11 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python311Packages.pcpp.x86_64-linux C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.aarch64-linux C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.x86_64-darwin C99 preprocessor written in pure Python nixos-24.11 1.30 pkgs.python311Packages.pcpp.aarch64-darwin C99 preprocessor written in pure Python nixos-24.11 1.30 Package maintainers: 5 @Rakesh4G Rakesh Gupta <rakeshgupta4u@gmail.com> @MikePlayle Mike Playle <mike@mythik.co.uk> @MatthewCroughan Matthew Croughan <matt@croughan.sh> @k0ral Koral <koral@mailoo.org> @lovek323 Jason O'Conal <jason@oconal.id.au>
pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-24.11 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0
pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-24.11 0.10 nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10
pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-24.11 4.3.27 nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27
pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30
pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-24.11 1.30 nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30