⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

Restore to select a suggestion for a revision.

CVE-2013-10005
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 8 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Infinite loop in github.com/btcsuite/go-socks

The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.

github.com/btcsuite/go-socks
<0.0.0-20130808000456-233bccbb1abe
github.com/btcsuitereleases/go-socks
<0.0.0-20130808000456-233bccbb1abe
CVE-2024-52337
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 8 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
CVE Program Container

None

tuned
*
<2.24.1
CVE-2024-49506
0.0 NONE
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 8 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Fixed temporary file path in aeon-checks allows fixing of disk encryption key

Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem

tik
<1.2.4
aeon-check
<1.0.2
CVE-2024-52336
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 8 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root

A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.

tuned
*
<2.24.1
CVE-2024-8553
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 8 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Foreman: read-only access to entire db from templates

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

foreman
*
CVE-2023-27456
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 8 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19.

total
=<2.1.19

pkgs.autotalent

Real-time pitch correction LADSPA plugin (no MIDI control)

pkgs.haskellPackages.total

Exhaustive pattern matching using lenses, traversals, and prisms

pkgs.haskellPackages.total-alternative

Alternative interface for total versions of partial function on the Prelude

pkgs.python311Packages.total-connect-client

Interact with Total Connect 2 alarm systems

pkgs.python312Packages.total-connect-client

Interact with Total Connect 2 alarm systems

pkgs.home-assistant-component-tests.totalconnect

Open source home automation that puts local control and privacy first

pkgs.python312Packages.total-connect-client.x86_64-linux

Interact with Total Connect 2 alarm systems

pkgs.python312Packages.total-connect-client.aarch64-linux

Interact with Total Connect 2 alarm systems

pkgs.python312Packages.total-connect-client.x86_64-darwin

Interact with Total Connect 2 alarm systems

pkgs.python312Packages.total-connect-client.aarch64-darwin

Interact with Total Connect 2 alarm systems
Package maintainers: 6
CVE-2024-54245
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 8 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Clients plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients allows Stored XSS.This issue affects Clients: from n/a through 1.1.4.

clients
=<1.1.4

pkgs.haskellPackages.clientsession

Securely store session data in a client-side cookie

pkgs.haskellPackages.wai-session-clientsession

Session store based on clientsession

pkgs.haskellPackages.clientsession.x86_64-linux

Securely store session data in a client-side cookie

pkgs.haskellPackages.clientsession.aarch64-linux

Securely store session data in a client-side cookie

pkgs.haskellPackages.clientsession.x86_64-darwin

Securely store session data in a client-side cookie

pkgs.haskellPackages.clientsession.aarch64-darwin

Securely store session data in a client-side cookie
Package maintainers: 1
CVE-2024-54322
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 8 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Media Downloader plugin <= 0.4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through 0.4.7.4.

media-downloader
=<0.4.7.4
CVE-2024-45770
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 8 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Pcp: pmpost symlink attack allows escalating pcp to root user

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

pcp
*

pkgs.pcp

Command line peer-to-peer data transfer tool based on libp2p

pkgs.ncmpcpp

Featureful ncurses based MPD client inspired by ncmpc

pkgs.libamqpcpp

Library for communicating with a RabbitMQ server

pkgs.python311Packages.pcpp

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp

C99 preprocessor written in pure Python
Package maintainers: 5
CVE-2024-45769
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 8 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Pcp: pmcd heap corruption through metric pmstore operations

A vulnerability was found in Performance Co-Pilot (PCP).  This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.

pcp
*

pkgs.pcp

Command line peer-to-peer data transfer tool based on libp2p

pkgs.ncmpcpp

Featureful ncurses based MPD client inspired by ncmpc

pkgs.libamqpcpp

Library for communicating with a RabbitMQ server

pkgs.python311Packages.pcpp

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp

C99 preprocessor written in pure Python
Package maintainers: 5