⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

Restore to select a suggestion for a revision.

CVE-2013-10005
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 6 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Infinite loop in github.com/btcsuite/go-socks

The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.

github.com/btcsuite/go-socks
<0.0.0-20130808000456-233bccbb1abe
github.com/btcsuitereleases/go-socks
<0.0.0-20130808000456-233bccbb1abe
CVE-2024-52337
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 6 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
CVE Program Container

None

tuned
*
<2.24.1

pkgs.python311Packages.mypy-boto3-neptunedata.x86_64-linux

Type annotations for boto3 neptunedata

pkgs.python311Packages.mypy-boto3-neptunedata.aarch64-linux

Type annotations for boto3 neptunedata

pkgs.python311Packages.mypy-boto3-neptunedata.x86_64-darwin

Type annotations for boto3 neptunedata

pkgs.python311Packages.mypy-boto3-neptunedata.aarch64-darwin

Type annotations for boto3 neptunedata
Package maintainers: 2
CVE-2024-49506
0.0 NONE
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 6 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Fixed temporary file path in aeon-checks allows fixing of disk encryption key

Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem

tik
<1.2.4
aeon-check
<1.0.2

pkgs.batik

Java based toolkit for handling SVG

pkgs.qtikz

Editor for the TikZ language

pkgs.authentik

Authentication glue you need

pkgs.liberastika

Liberation Sans fork with improved cyrillic support

pkgs.tika.x86_64-linux

A toolkit for extracting metadata and text from over a thousand different file types

pkgs.tika.aarch64-linux

A toolkit for extracting metadata and text from over a thousand different file types

pkgs.statik.x86_64-linux

Embed files into a Go executable

pkgs.tikzit.x86_64-linux

Graphical tool for rapidly creating graphs and diagrams using PGF/TikZ

pkgs.tootik.x86_64-linux

Federated nanoblogging service with a Gemini frontend

pkgs.statik.aarch64-linux

Embed files into a Go executable

pkgs.statik.x86_64-darwin

Embed files into a Go executable

pkgs.tikzit.aarch64-linux

Graphical tool for rapidly creating graphs and diagrams using PGF/TikZ

pkgs.tikzit.x86_64-darwin

Graphical tool for rapidly creating graphs and diagrams using PGF/TikZ

pkgs.tootik.aarch64-linux

Federated nanoblogging service with a Gemini frontend

pkgs.tootik.x86_64-darwin

Federated nanoblogging service with a Gemini frontend

pkgs.semantik.x86_64-linux

Mind-mapping application for KDE

pkgs.statik.aarch64-darwin

Embed files into a Go executable

pkgs.svg2tikz.x86_64-linux

Set of tools for converting SVG graphics to TikZ/PGF code

pkgs.tikzit.aarch64-darwin

Graphical tool for rapidly creating graphs and diagrams using PGF/TikZ

pkgs.tootik.aarch64-darwin

Federated nanoblogging service with a Gemini frontend

pkgs.python312Packages.tika

Python binding to the Apache Tika™ REST services

pkgs.semantik.aarch64-linux

Mind-mapping application for KDE

pkgs.svg2tikz.aarch64-linux

Set of tools for converting SVG graphics to TikZ/PGF code

pkgs.svg2tikz.x86_64-darwin

Set of tools for converting SVG graphics to TikZ/PGF code

pkgs.authentik-outposts.ldap

The authentik ldap outpost. Needed for the external ldap API.

pkgs.svg2tikz.aarch64-darwin

Set of tools for converting SVG graphics to TikZ/PGF code

pkgs.authentik-outposts.radius

Authentik radius outpost which is used for the external radius API

pkgs.luaPackages.tiktoken_core

An experimental port of OpenAI's Tokenizer to lua

pkgs.python312Packages.svg2tikz

Set of tools for converting SVG graphics to TikZ/PGF code

pkgs.python312Packages.tiktoken

tiktoken is a fast BPE tokeniser for use with OpenAI's models

pkgs.lua51Packages.tiktoken_core

An experimental port of OpenAI's Tokenizer to lua

pkgs.lua53Packages.tiktoken_core

An experimental port of OpenAI's Tokenizer to lua

pkgs.lua54Packages.tiktoken_core

An experimental port of OpenAI's Tokenizer to lua

pkgs.luajitPackages.tiktoken_core

An experimental port of OpenAI's Tokenizer to lua

pkgs.prometheus-mikrotik-exporter

Prometheus MikroTik device(s) exporter

pkgs.python312Packages.tika-client

Modern Python REST client for Apache Tika server

pkgs.python312Packages.tikzplotlib

Save matplotlib figures as TikZ/PGFplots for smooth integration into LaTeX

pkgs.python312Packages.pytikz-allefeld

Python interface to TikZ

pkgs.python311Packages.tika.x86_64-linux

Python binding to the Apache Tika™ REST services

pkgs.python311Packages.tika.aarch64-linux

Python binding to the Apache Tika™ REST services

pkgs.python311Packages.tika.x86_64-darwin

Python binding to the Apache Tika™ REST services

pkgs.python312Packages.sphinxcontrib-tikz

TikZ extension for Sphinx

pkgs.python311Packages.tika.aarch64-darwin

Python binding to the Apache Tika™ REST services

pkgs.home-assistant-component-tests.mikrotik

Open source home automation that puts local control and privacy first

pkgs.python311Packages.svg2tikz.x86_64-linux

Set of tools for converting SVG graphics to TikZ/PGF code

pkgs.python311Packages.tiktoken.x86_64-linux

tiktoken is a fast BPE tokeniser for use with OpenAI's models

pkgs.python311Packages.svg2tikz.aarch64-linux

Set of tools for converting SVG graphics to TikZ/PGF code

pkgs.python311Packages.svg2tikz.x86_64-darwin

Set of tools for converting SVG graphics to TikZ/PGF code

pkgs.python311Packages.tiktoken.aarch64-linux

tiktoken is a fast BPE tokeniser for use with OpenAI's models

pkgs.python311Packages.tiktoken.x86_64-darwin

tiktoken is a fast BPE tokeniser for use with OpenAI's models

pkgs.python311Packages.svg2tikz.aarch64-darwin

Set of tools for converting SVG graphics to TikZ/PGF code

pkgs.python311Packages.tiktoken.aarch64-darwin

tiktoken is a fast BPE tokeniser for use with OpenAI's models

pkgs.python311Packages.tika-client.x86_64-linux

Modern Python REST client for Apache Tika server

pkgs.python311Packages.tikzplotlib.x86_64-linux

Save matplotlib figures as TikZ/PGFplots for smooth integration into LaTeX

pkgs.python311Packages.tika-client.aarch64-linux

Modern Python REST client for Apache Tika server

pkgs.python311Packages.tika-client.x86_64-darwin

Modern Python REST client for Apache Tika server

pkgs.python311Packages.tikzplotlib.aarch64-linux

Save matplotlib figures as TikZ/PGFplots for smooth integration into LaTeX

pkgs.python311Packages.tikzplotlib.x86_64-darwin

Save matplotlib figures as TikZ/PGFplots for smooth integration into LaTeX

pkgs.python311Packages.tika-client.aarch64-darwin

Modern Python REST client for Apache Tika server

pkgs.python311Packages.tikzplotlib.aarch64-darwin

Save matplotlib figures as TikZ/PGFplots for smooth integration into LaTeX

pkgs.python311Packages.pytikz-allefeld.x86_64-linux

Python interface to TikZ

pkgs.python311Packages.pytikz-allefeld.aarch64-linux

Python interface to TikZ

pkgs.python311Packages.pytikz-allefeld.x86_64-darwin

Python interface to TikZ

pkgs.python311Packages.pytikz-allefeld.aarch64-darwin

Python interface to TikZ

pkgs.python311Packages.sphinxcontrib-tikz.x86_64-linux

TikZ extension for Sphinx

pkgs.python311Packages.sphinxcontrib-tikz.aarch64-linux

TikZ extension for Sphinx

pkgs.python311Packages.sphinxcontrib-tikz.x86_64-darwin

TikZ extension for Sphinx

pkgs.python311Packages.sphinxcontrib-tikz.aarch64-darwin

TikZ extension for Sphinx
Package maintainers: 24
CVE-2024-52336
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 6 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root

A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.

tuned
*
<2.24.1

pkgs.python311Packages.mypy-boto3-neptunedata.x86_64-linux

Type annotations for boto3 neptunedata

pkgs.python311Packages.mypy-boto3-neptunedata.aarch64-linux

Type annotations for boto3 neptunedata

pkgs.python311Packages.mypy-boto3-neptunedata.x86_64-darwin

Type annotations for boto3 neptunedata

pkgs.python311Packages.mypy-boto3-neptunedata.aarch64-darwin

Type annotations for boto3 neptunedata
Package maintainers: 2
CVE-2024-8553
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 6 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Foreman: read-only access to entire db from templates

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

foreman
*

pkgs.foreman

Process manager for applications with multiple components
Package maintainers: 1
CVE-2023-27456
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 6 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19.

total
=<2.1.19

pkgs.autotalent

Real-time pitch correction LADSPA plugin (no MIDI control)

pkgs.autotalent.x86_64-linux

Real-time pitch correction LADSPA plugin (no MIDI control)

pkgs.autotalent.aarch64-linux

Real-time pitch correction LADSPA plugin (no MIDI control)

pkgs.texlivePackages.totalcount

Commands for typesetting total values of counters

pkgs.haskellPackages.total.x86_64-linux

Exhaustive pattern matching using lenses, traversals, and prisms

pkgs.haskellPackages.total.aarch64-linux

Exhaustive pattern matching using lenses, traversals, and prisms

pkgs.haskellPackages.total.x86_64-darwin

Exhaustive pattern matching using lenses, traversals, and prisms

pkgs.haskellPackages.total.aarch64-darwin

Exhaustive pattern matching using lenses, traversals, and prisms

pkgs.texlivePackages.totalcount.x86_64-linux

Commands for typesetting total values of counters

pkgs.haskellPackages.total-alternative.x86_64-linux

Alternative interface for total versions of partial function on the Prelude

pkgs.haskellPackages.total-alternative.aarch64-linux

Alternative interface for total versions of partial function on the Prelude

pkgs.haskellPackages.total-alternative.x86_64-darwin

Alternative interface for total versions of partial function on the Prelude

pkgs.haskellPackages.total-alternative.aarch64-darwin

Alternative interface for total versions of partial function on the Prelude

pkgs.python312Packages.total-connect-client.x86_64-linux

Interact with Total Connect 2 alarm systems

pkgs.python312Packages.total-connect-client.aarch64-linux

Interact with Total Connect 2 alarm systems

pkgs.python312Packages.total-connect-client.x86_64-darwin

Interact with Total Connect 2 alarm systems

pkgs.python312Packages.total-connect-client.aarch64-darwin

Interact with Total Connect 2 alarm systems

pkgs.home-assistant-component-tests.totalconnect.x86_64-linux

Open source home automation that puts local control and privacy first

pkgs.home-assistant-component-tests.totalconnect.aarch64-linux

Open source home automation that puts local control and privacy first
Package maintainers: 6
CVE-2024-54245
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 6 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Clients plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients allows Stored XSS.This issue affects Clients: from n/a through 1.1.4.

clients
=<1.1.4

pkgs.haskellPackages.wai-session-clientsession

Session store based on clientsession

pkgs.haskellPackages.wai-session-clientsession.x86_64-linux

Session store based on clientsession

pkgs.haskellPackages.wai-session-clientsession.aarch64-linux

Session store based on clientsession

pkgs.haskellPackages.wai-session-clientsession.x86_64-darwin

Session store based on clientsession

pkgs.haskellPackages.wai-session-clientsession.aarch64-darwin

Session store based on clientsession
Package maintainers: 1
CVE-2024-54322
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 6 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse removed
    34 packages
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 4.6.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
    • pkgs.media-downloader 5.2.0
  • @LeSuisse dismissed
WordPress Media Downloader plugin <= 0.4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through 0.4.7.4.

media-downloader
=<0.4.7.4
CVE-2024-45770
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 6 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Pcp: pmpost symlink attack allows escalating pcp to root user

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

pcp
*

pkgs.pcp

Command line peer-to-peer data transfer tool based on libp2p

pkgs.ncmpcpp

A featureful ncurses based MPD client inspired by ncmpc

pkgs.pcp.x86_64-linux

Command line peer-to-peer data transfer tool based on libp2p

pkgs.pcp.aarch64-linux

Command line peer-to-peer data transfer tool based on libp2p

pkgs.ncmpcpp.x86_64-linux

A featureful ncurses based MPD client inspired by ncmpc

pkgs.ncmpcpp.aarch64-linux

A featureful ncurses based MPD client inspired by ncmpc

pkgs.ncmpcpp.x86_64-darwin

A featureful ncurses based MPD client inspired by ncmpc

pkgs.ncmpcpp.aarch64-darwin

A featureful ncurses based MPD client inspired by ncmpc

pkgs.python311Packages.pcpp

A C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp

C99 preprocessor written in pure Python

pkgs.libamqpcpp.x86_64-linux

Library for communicating with a RabbitMQ server

pkgs.libamqpcpp.aarch64-linux

Library for communicating with a RabbitMQ server

pkgs.libamqpcpp.x86_64-darwin

Library for communicating with a RabbitMQ server

pkgs.libamqpcpp.aarch64-darwin

Library for communicating with a RabbitMQ server

pkgs.python311Packages.pcpp.x86_64-linux

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.x86_64-linux

C99 preprocessor written in pure Python

pkgs.python311Packages.pcpp.aarch64-linux

C99 preprocessor written in pure Python

pkgs.python311Packages.pcpp.x86_64-darwin

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.aarch64-linux

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.x86_64-darwin

C99 preprocessor written in pure Python

pkgs.python311Packages.pcpp.aarch64-darwin

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.aarch64-darwin

C99 preprocessor written in pure Python
Package maintainers: 5
CVE-2024-45769
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 6 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Pcp: pmcd heap corruption through metric pmstore operations

A vulnerability was found in Performance Co-Pilot (PCP).  This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.

pcp
*

pkgs.pcp

Command line peer-to-peer data transfer tool based on libp2p

pkgs.ncmpcpp

A featureful ncurses based MPD client inspired by ncmpc

pkgs.pcp.x86_64-linux

Command line peer-to-peer data transfer tool based on libp2p

pkgs.pcp.aarch64-linux

Command line peer-to-peer data transfer tool based on libp2p

pkgs.ncmpcpp.x86_64-linux

A featureful ncurses based MPD client inspired by ncmpc

pkgs.ncmpcpp.aarch64-linux

A featureful ncurses based MPD client inspired by ncmpc

pkgs.ncmpcpp.x86_64-darwin

A featureful ncurses based MPD client inspired by ncmpc

pkgs.ncmpcpp.aarch64-darwin

A featureful ncurses based MPD client inspired by ncmpc

pkgs.python311Packages.pcpp

A C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp

C99 preprocessor written in pure Python

pkgs.libamqpcpp.x86_64-linux

Library for communicating with a RabbitMQ server

pkgs.libamqpcpp.aarch64-linux

Library for communicating with a RabbitMQ server

pkgs.libamqpcpp.x86_64-darwin

Library for communicating with a RabbitMQ server

pkgs.libamqpcpp.aarch64-darwin

Library for communicating with a RabbitMQ server

pkgs.python311Packages.pcpp.x86_64-linux

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.x86_64-linux

C99 preprocessor written in pure Python

pkgs.python311Packages.pcpp.aarch64-linux

C99 preprocessor written in pure Python

pkgs.python311Packages.pcpp.x86_64-darwin

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.aarch64-linux

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.x86_64-darwin

C99 preprocessor written in pure Python

pkgs.python311Packages.pcpp.aarch64-darwin

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.aarch64-darwin

C99 preprocessor written in pure Python
Package maintainers: 5