⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-7424
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 days, 17 hours ago
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

rhcos
libxslt

pkgs.libxslt.x86_64-linux

C library and tools to do XSL transformations

pkgs.libxslt.aarch64-linux

C library and tools to do XSL transformations

pkgs.libxslt.x86_64-darwin

C library and tools to do XSL transformations

pkgs.libxslt.aarch64-darwin

C library and tools to do XSL transformations

pkgs.python313Packages.libxslt

C library and tools to do XSL transformations
Package maintainers: 2
CVE-2025-7370
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 days, 17 hours ago
Libsoup: libsoup null pointer dereference

A flaw was found in libsoup. A NULL pointer dereference vulnerability occurs in libsoup's cookie parsing functionality. When processing a cookie without a domain parameter, the soup_cookie_jar_add_cookie() function will crash, resulting in a denial of service.

libsoup
libsoup3

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers: 6
CVE-2025-7425
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 days, 17 hours ago
Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

rhcos
libxslt

pkgs.libxslt.x86_64-linux

C library and tools to do XSL transformations

pkgs.libxslt.aarch64-linux

C library and tools to do XSL transformations

pkgs.libxslt.x86_64-darwin

C library and tools to do XSL transformations

pkgs.libxslt.aarch64-darwin

C library and tools to do XSL transformations

pkgs.python313Packages.libxslt

C library and tools to do XSL transformations
Package maintainers: 2
CVE-2024-21886
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 5 days, 17 hours ago
Xorg-x11-server: heap buffer overflow in disabledevice

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

tigervnc
*
xorg-server
==1.21.1.7
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2023-6478
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 5 days, 17 hours ago
Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2023-5367
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 5 days, 17 hours ago
Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2023-6377
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 5 days, 17 hours ago
Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2024-0229
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 5 days, 17 hours ago
Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

tigervnc
*
xorg-server
<21.1.11
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2023-5574
7.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 5 days, 17 hours ago
Xorg-x11-server: use-after-free bug in damagedestroy

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

tigervnc
*
xorg-x11-server
xorg-x11-server-Xwayland
Package maintainers: 1
CVE-2025-53512
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 days, 17 hours ago
Sensitive log retrieval in Juju

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

juju
<2.9.52
<3.6.8

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

pkgs.juju.x86_64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.x86_64-darwin

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-darwin

Open source modelling tool for operating software in the cloud

pkgs.jujutsu.x86_64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.x86_64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujuutils.x86_64-linux

Utilities around FireWire devices connected to a Linux computer

pkgs.jujuutils.aarch64-linux

Utilities around FireWire devices connected to a Linux computer
Package maintainers: 5