⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-21886
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 21 hours ago
Xorg-x11-server: heap buffer overflow in disabledevice

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

tigervnc
*
xorg-server
==1.21.1.7
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2023-6478
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 21 hours ago
Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2023-5367
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 21 hours ago
Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2023-6377
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 21 hours ago
Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2024-0229
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 21 hours ago
Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

tigervnc
*
xorg-server
<21.1.11
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2023-5574
7.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 21 hours ago
Xorg-x11-server: use-after-free bug in damagedestroy

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

tigervnc
*
xorg-x11-server
xorg-x11-server-Xwayland
Package maintainers: 1
CVE-2025-53512
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 day, 21 hours ago
Sensitive log retrieval in Juju

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

juju
<2.9.52
<3.6.8

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

pkgs.juju.x86_64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.x86_64-darwin

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-darwin

Open source modelling tool for operating software in the cloud

pkgs.jujutsu.x86_64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.x86_64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujuutils.x86_64-linux

Utilities around FireWire devices connected to a Linux computer

pkgs.jujuutils.aarch64-linux

Utilities around FireWire devices connected to a Linux computer
Package maintainers: 5
CVE-2025-0928
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 day, 21 hours ago
Arbitrary executable upload via authenticated endpoint

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.

juju
<2.9.52
<3.6.8

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

pkgs.juju.x86_64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.x86_64-darwin

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-darwin

Open source modelling tool for operating software in the cloud

pkgs.jujutsu.x86_64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.x86_64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujuutils.x86_64-linux

Utilities around FireWire devices connected to a Linux computer

pkgs.jujuutils.aarch64-linux

Utilities around FireWire devices connected to a Linux computer
Package maintainers: 5
CVE-2025-53513
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 day, 21 hours ago
Zip slip vulnerability in Juju

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.

juju
<2.9.52
<3.6.8

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

pkgs.juju.x86_64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.x86_64-darwin

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-darwin

Open source modelling tool for operating software in the cloud

pkgs.jujutsu.x86_64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.x86_64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujuutils.x86_64-linux

Utilities around FireWire devices connected to a Linux computer

pkgs.jujuutils.aarch64-linux

Utilities around FireWire devices connected to a Linux computer
Package maintainers: 5
CVE-2024-5148
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 4 days, 21 hours ago
Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition.

gnome-remote-desktop
<46.2

pkgs.gnome-remote-desktop

GNOME Remote Desktop server

pkgs.gnome.gnome-remote-desktop

GNOME Remote Desktop server

pkgs.gnome-remote-desktop.x86_64-linux

GNOME Remote Desktop server

pkgs.gnome-remote-desktop.aarch64-linux

GNOME Remote Desktop server

pkgs.gnome.gnome-remote-desktop.x86_64-linux

GNOME Remote Desktop server

pkgs.gnome.gnome-remote-desktop.aarch64-linux

GNOME Remote Desktop server
Package maintainers: 4