NIXPKGS-2026-1166

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-40341

3.5 LOW

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Physical (P)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): Low (L)
• Integrity (I): None (N)
• Availability (A): Low (L)
• Modified Attack Vector (MAV): Physical (P)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): Low (L)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): Low (L)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx

• https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2 x_refsource_CONFIRM
• https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987 x_refsource_MISC

---

libgphoto2

• ==<= 2.5.33

NIXPKGS-2026-1164

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-28224

8.2 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): Low (L)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): Low (L)
• Modified Availability (MA): High (H)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse ignored package firebird-emu 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Firebird Null Pointer Dereference via CryptCallback causes DOS

• https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95 x_refsource_CONFIRMexploit

Ignored references (3)

• https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4 x_refsource_MISC

---

firebird

• ==>= 4.0.0, < 4.0.7
• ==>= 3.0.0, < 3.0.14
• ==>= 5.0.0, < 5.0.4

NIXPKGS-2026-1163

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-34232

7.5 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse ignored package firebird-emu 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Firebird: DoS via `op_response` packet from client

• https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2 x_refsource_CONFIRM

Ignored references (3)

• https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4 x_refsource_MISC

---

firebird

• ==>= 4.0.0, < 4.0.7
• ==>= 3.0.0, < 3.0.14
• ==>= 5.0.0, < 5.0.4

NIXPKGS-2026-1165

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-28214

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse ignored package firebird-emu 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Firebird server hangs when using specific clumplet on batch creation

• https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf x_refsource_CONFIRM

Ignored references (3)

• https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4 x_refsource_MISC

---

firebird

• ==>= 4.0.0, < 4.0.7
• ==>= 3.0.0, < 3.0.14
• ==>= 5.0.0, < 5.0.4

NIXPKGS-2026-1161

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-40335

5.2 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Physical (P)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): High (H)
• Integrity (I): None (N)
• Availability (A): Low (L)
• Modified Attack Vector (MAV): Physical (P)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): Low (L)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

libgphoto2 has OOB read in ptp_unpack_DPV() UINT128/INT128 handling in ptp-pack.c

• https://github.com/gphoto/libgphoto2/security/advisories/GHSA-g4g5-c2x9-cqfj x_refsource_CONFIRM
• https://github.com/gphoto/libgphoto2/commit/433bde9888d70aa726e32744cd751d7dbe94379a x_refsource_MISC

---

libgphoto2

• ==<= 2.5.33

NIXPKGS-2026-1162

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-40342

9.9 CRITICAL

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Changed (C)
• Confidentiality (C): High (H)
• Integrity (I): High (H)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Changed (C)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): High (H)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse ignored package firebird-emu 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution

• https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257 x_refsource_CONFIRM

Ignored references (3)

• https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4 x_refsource_MISC

---

firebird

• ==< 3.0.14
• ==>= 4.0.0, < 4.0.7
• ==>= 5.0.0, < 5.0.4

NIXPKGS-2026-1160

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-35215

7.5 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse ignored package firebird-emu 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Firebird: DoS via malicious slice descriptor in slice packet

• https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6 x_refsource_CONFIRM

Ignored references (3)

• https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4 x_refsource_MISC

---

firebird

• ==>= 4.0.0, < 4.0.7
• ==>= 3.0.0, < 3.0.14
• ==>= 5.0.0, < 5.0.4

NIXPKGS-2026-1159

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-27890

8.2 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): Low (L)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): Low (L)
• Modified Availability (MA): High (H)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse ignored package firebird-emu 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments

• https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49 x_refsource_CONFIRM

Ignored references (3)

• https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4 x_refsource_MISC

---

firebird

• ==>= 4.0.0, < 4.0.7
• ==>= 3.0.0, < 3.0.14
• ==>= 5.0.0, < 5.0.4

NIXPKGS-2026-1158

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-40479

5.4 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L)
• User Interaction (UI): Required (R)
• Scope (S): Changed (C)
• Confidentiality (C): Low (L)
• Integrity (I): Low (L)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): Required (R)
• Modified Confidentiality (MC): Low (L)
• Modified Scope (MS): Changed (C)
• Modified Integrity (MI): Low (L)
• Modified Availability (MA): None (N)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Kimai: Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget

• https://github.com/kimai/kimai/security/advisories/GHSA-g82g-m9vx-vhjg x_refsource_CONFIRM

Ignored references (1)

• https://github.com/kimai/kimai/releases/tag/2.53.0 x_refsource_MISC

---

kimai

• ==>= 1.16.3, < 2.53.0

NIXPKGS-2026-1157

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-33145

6.3 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): Low (L)
• Integrity (I): Low (L)
• Availability (A): Low (L)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): Low (L)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): Low (L)
• Modified Availability (MA): Low (L)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse ignored package pulseaudio-module-xrdp 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman

• https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rmvv-7633-fg7h x_refsource_CONFIRM

Ignored references (1)

• https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6 x_refsource_MISC

---

xrdp

• ==< 0.10.6