Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2023-1192
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
Use-after-free in smb2_is_status_io_timeout()

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.

Affected products

kernel
kernel-rt

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

pkgs.coq-kernel

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

pkgs.linuxPackages.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.kernel-hardening-checker

Tool for checking the security hardening options of the Linux kernel

pkgs.linuxPackages.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxPackages_lqx.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.kernels

Load compute kernels from the Huggingface Hub

pkgs.python313Packages.kernels

Load compute kernels from the Huggingface Hub

pkgs.linuxPackages.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages-libre.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages-libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.ipykernel

IPython Kernel for Jupyter

pkgs.python313Packages.ipykernel

IPython Kernel for Jupyter

pkgs.linuxPackages_latest.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_lqx.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxPackages_xanmod.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.python312Packages.metakernel

Jupyter/IPython Kernel Tools

pkgs.python312Packages.nix-kernel

Simple jupyter kernel for nix-repl

pkgs.python313Packages.metakernel

Jupyter/IPython Kernel Tools

pkgs.python313Packages.nix-kernel

Simple jupyter kernel for nix-repl

pkgs.python312Packages.bash-kernel

Bash Kernel for Jupyter

pkgs.python313Packages.bash-kernel

Bash Kernel for Jupyter

pkgs.haskellPackages.ipython-kernel

A library for creating kernels for IPython frontends

pkgs.linuxPackages-libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxPackages_lqx.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.rocmPackages.composable_kernel

Performance portable programming model for machine learning tensor operators

pkgs.linuxPackages_latest.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxPackages_xanmod.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.gnomeExtensions.kernel-indicator

Display the kernel version in the top bar

pkgs.linuxPackages-libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.ansible-kernel

Ansible kernel for Jupyter

pkgs.python312Packages.spyder-kernels

Jupyter kernels for Spyder's console

pkgs.python313Packages.ansible-kernel

Ansible kernel for Jupyter

pkgs.python313Packages.spyder-kernels

Jupyter kernels for Spyder's console

pkgs.rocmPackages_6.composable_kernel

Performance portable programming model for machine learning tensor operators

pkgs.linuxPackages_latest.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.jupyter-c-kernel

Minimalistic C kernel for Jupyter

pkgs.python313Packages.jupyter-c-kernel

Minimalistic C kernel for Jupyter

pkgs.linuxPackages_xanmod_stable.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_5_4.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_4.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_lqx.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod_stable.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_5_10.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_10.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_16.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod_stable.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.home-assistant-component-tests.hardkernel

Open source home automation that puts local control and privacy first

pkgs.linuxKernel.packages.linux_5_4.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_6_1.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_6_6.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_lqx.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_xanmod.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_5_10.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_5_15.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_6_12.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_6_16.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_5_4.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_lqx.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_10.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_16.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_xanmod.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_latest_libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_latest_libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_6_12_hardened.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_xanmod_stable.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_latest_libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_unstable

ZFS Filesystem Linux Kernel Module

Package maintainers: 19

CVE-2024-2236
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months ago
Libgcrypt: timing based side-channel in rsa implementation

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

Affected products

libgcrypt
  • <9.4.0
  • *
mingw-libgcrypt

Matching in nixpkgs

pkgs.libgcrypt

General-purpose cryptographic library

CVE-2024-26280
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
Apache Airflow: Overly broad default permissions for Viewer/Ops (audit logs)

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Affected products

apache-airflow
  • <2.8.2

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

Package maintainers: 3

CVE-2023-4886
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
Foreman: world readable file containing secrets

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

Affected products

foreman
  • *
foreman-installer
  • *

Matching in nixpkgs

pkgs.foreman

Process manager for applications with multiple components

Package maintainers: 1

CVE-2024-27906
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
Apache Airflow: Dag Code and Import Error Permissions Ignored

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Affected products

apache-airflow
  • <2.8.2

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

Package maintainers: 3

CVE-2023-51681
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.5.7.

Affected products

duplicator
  • =<1.5.7

Matching in nixpkgs

Package maintainers: 1

CVE-2024-21885
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

Affected products

tigervnc
  • *
xwayland
  • *
  • <23.2.4
xorg-server
  • <21.1.11
  • ==1.21.1.7
  • *
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

CVE-2023-6917
6.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 months ago
Pcp: unsafe use of directories allows pcp to root privilege escalation

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.

Affected products

pcp
  • *

Matching in nixpkgs

pkgs.pcp

Command line peer-to-peer data transfer tool based on libp2p

pkgs.ncmpcpp

Featureful ncurses based MPD client inspired by ncmpc

pkgs.libamqpcpp

Library for communicating with a RabbitMQ server

pkgs.python312Packages.pcpp

C99 preprocessor written in pure Python

pkgs.python313Packages.pcpp

C99 preprocessor written in pure Python

Package maintainers: 5

CVE-2024-21886
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
Xorg-x11-server: heap buffer overflow in disabledevice

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

Affected products

tigervnc
  • *
xorg-server
  • ==1.21.1.7
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

CVE-2024-24705
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
WordPress Accessibility Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6.

Affected products

accessibility
  • =<1.0.6

Matching in nixpkgs

pkgs.libsForQt5.libqaccessibilityclient

Accessibilty tools helper library, used e.g. by screen readers

pkgs.kdePackages.accessibility-inspector

Inspect your application accessibility tree

pkgs.kdePackages.libqaccessibilityclient

Accessibilty tools helper library, used e.g. by screen readers

pkgs.qt6Packages.libqaccessibilityclient

Accessibilty tools helper library, used e.g. by screen readers

pkgs.gnomeExtensions.hide-accessibility-menu

Hide the accessibility menu icon on panel when running an accessibility option.

pkgs.plasma5Packages.libqaccessibilityclient

Accessibilty tools helper library, used e.g. by screen readers