Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2023-4320
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): HIGH
  • Availability impact (A): LOW
created 4 months ago
Satellite: arithmetic overflow in satellite

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.

Affected products

foreman
  • *
Security

Matching in nixpkgs

pkgs.perlPackages.GDSecurityImage

Security image (captcha) generator

  • nixos-unstable -

pkgs.perl538Packages.GDSecurityImage

Security image (captcha) generator

  • nixos-unstable -

pkgs.perl540Packages.GDSecurityImage

Security image (captcha) generator

  • nixos-unstable -

pkgs.perlPackages.VMEC2SecurityCredentialCache

Cache credentials respecting expiration time for IAM roles

pkgs.perl538Packages.VMEC2SecurityCredentialCache

Cache credentials respecting expiration time for IAM roles

pkgs.perl540Packages.VMEC2SecurityCredentialCache

Cache credentials respecting expiration time for IAM roles

CVE-2023-3812
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 months ago
Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Affected products

kernel
  • *
kernel-rt
  • *
kpatch-patch

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

pkgs.linuxPackages.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.kernel-hardening-checker

Tool for checking the security hardening options of the Linux kernel

pkgs.linuxPackages.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxPackages_lqx.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.kernels

Load compute kernels from the Huggingface Hub

  • nixos-unstable -

pkgs.python313Packages.kernels

Load compute kernels from the Huggingface Hub

  • nixos-unstable -

pkgs.linuxPackages.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages-libre.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages-libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.ipykernel

IPython Kernel for Jupyter

  • nixos-unstable -

pkgs.python313Packages.ipykernel

IPython Kernel for Jupyter

  • nixos-unstable -

pkgs.linuxPackages_latest.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_lqx.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxPackages_xanmod.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.python312Packages.metakernel

Jupyter/IPython Kernel Tools

  • nixos-unstable -

pkgs.python312Packages.nix-kernel

Simple jupyter kernel for nix-repl

pkgs.python313Packages.metakernel

Jupyter/IPython Kernel Tools

  • nixos-unstable -

pkgs.python313Packages.nix-kernel

Simple jupyter kernel for nix-repl

pkgs.python312Packages.bash-kernel

Bash Kernel for Jupyter

  • nixos-unstable -

pkgs.python313Packages.bash-kernel

Bash Kernel for Jupyter

  • nixos-unstable -

pkgs.haskellPackages.ipython-kernel

A library for creating kernels for IPython frontends

pkgs.linuxPackages-libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxPackages_lqx.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.rocmPackages.composable_kernel

Performance portable programming model for machine learning tensor operators

pkgs.linuxPackages_latest.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxPackages_xanmod.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.gnomeExtensions.kernel-indicator

Display the kernel version in the top bar

  • nixos-unstable -
    • nixpkgs-unstable 4

pkgs.linuxPackages-libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.ansible-kernel

Ansible kernel for Jupyter

  • nixos-unstable -

pkgs.python312Packages.spyder-kernels

Jupyter kernels for Spyder's console

pkgs.python313Packages.ansible-kernel

Ansible kernel for Jupyter

  • nixos-unstable -

pkgs.python313Packages.spyder-kernels

Jupyter kernels for Spyder's console

pkgs.rocmPackages_6.composable_kernel

Performance portable programming model for machine learning tensor operators

pkgs.linuxPackages_latest.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.jupyter-c-kernel

Minimalistic C kernel for Jupyter

  • nixos-unstable -

pkgs.python313Packages.jupyter-c-kernel

Minimalistic C kernel for Jupyter

  • nixos-unstable -

pkgs.linuxPackages_xanmod_stable.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_5_4.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_4.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_lqx.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod_stable.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_5_10.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_10.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_16.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod_stable.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.home-assistant-component-tests.hardkernel

Open source home automation that puts local control and privacy first

pkgs.linuxKernel.packages.linux_5_4.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_6_1.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_6_6.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_lqx.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_xanmod.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_5_10.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_5_15.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_6_12.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_6_16.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_5_4.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_lqx.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_10.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_16.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_xanmod.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_latest_libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_latest_libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_6_12_hardened.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_xanmod_stable.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_latest_libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_unstable

ZFS Filesystem Linux Kernel Module

Package maintainers: 19

CVE-2023-1183
5.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 4 months ago
Arbitrary file write

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

Affected products

libreoffice

Matching in nixpkgs

pkgs.libreoffice

Comprehensive, professional-quality productivity suite, a variant of openoffice.org

pkgs.libreoffice-bin

Comprehensive, professional-quality productivity suite, a variant of openoffice.org

  • nixos-unstable -

pkgs.hyphenDicts.de_AT

Hyphen dictionary for German (Austria) from LibreOffice

  • nixos-unstable -

pkgs.hyphenDicts.de_CH

Hyphen dictionary for German (Switzerland) from LibreOffice

  • nixos-unstable -

pkgs.hyphenDicts.de_DE

Hyphen dictionary for German (Germany) from LibreOffice

  • nixos-unstable -

pkgs.hyphenDicts.ru_RU

Hyphen dictionary for Russian (Russia) from LibreOffice

  • nixos-unstable -

pkgs.libreoffice-fresh

Comprehensive, professional-quality productivity suite, a variant of openoffice.org

pkgs.libreoffice-still

Comprehensive, professional-quality productivity suite, a variant of openoffice.org

pkgs.hunspellDicts.cs_CZ

Hunspell dictionary for Czech (Czechia) from LibreOffice

pkgs.hunspellDicts.el_GR

Hunspell dictionary for Greek (Greece) from LibreOffice

pkgs.hunspellDicts.he_IL

Hunspell dictionary for Hebrew (Israel) from LibreOffice

pkgs.hunspellDicts.hr_HR

Hunspell dictionary for Croatian (Croatia) from LibreOffice

pkgs.hunspellDicts.hu_HU

Hunspell dictionary for Hungarian (Hungary) from LibreOffice

pkgs.hunspellDicts.id_id

Hunspell dictionary for Bahasa Indonesia (Indonesia) from LibreOffice

pkgs.hunspellDicts.nb_NO

Hunspell dictionary for Norwegian Bokmål (Norway) from LibreOffice

pkgs.hunspellDicts.nn_NO

Hunspell dictionary for Norwegian Nynorsk (Norway) from LibreOffice

pkgs.hunspellDicts.pl_PL

Hunspell dictionary for Polish (Poland) from LibreOffice

pkgs.hunspellDicts.pt_BR

Hunspell dictionary for Portuguese (Brazil) from LibreOffice

pkgs.hunspellDicts.pt_PT

Hunspell dictionary for Portuguese (Portugal) from LibreOffice

pkgs.hunspellDicts.ru_RU

Hunspell dictionary for Russian (Russian) from LibreOffice

pkgs.hunspellDicts.sk_SK

Hunspell dictionary for Slovak (Slovakia) from LibreOffice

pkgs.libreoffice-collabora

Comprehensive, professional-quality productivity suite, a variant of openoffice.org

pkgs.libreoffice-qt6-fresh

Comprehensive, professional-quality productivity suite, a variant of openoffice.org

pkgs.libreoffice-qt6-still

Comprehensive, professional-quality productivity suite, a variant of openoffice.org

pkgs.libreoffice-unwrapped

Comprehensive, professional-quality productivity suite, a variant of openoffice.org

pkgs.libreoffice-qt6-unwrapped

Comprehensive, professional-quality productivity suite, a variant of openoffice.org

pkgs.libreoffice-fresh-unwrapped

Comprehensive, professional-quality productivity suite, a variant of openoffice.org

pkgs.libreoffice-qt6-fresh-unwrapped

Comprehensive, professional-quality productivity suite, a variant of openoffice.org

Package maintainers: 4

CVE-2023-4911
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 months ago
Glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Affected products

glibc
  • *
  • <2.39
compat-glibc
redhat-virtualization-host
  • *
redhat-release-virtualization-host
  • *

Matching in nixpkgs

pkgs.libc

GNU C Library

pkgs.glibc

GNU C Library

pkgs.iconv

GNU C Library

pkgs.getent

pkgs.locale

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.getconf

pkgs.libiconv

  • nixos-unstable -

pkgs.glibcInfo

GNU Info manual of the GNU C Library

pkgs.glibc_multi

pkgs.glibcLocales

Locale information for the GNU C Library

pkgs.glibc_memusage

GNU C Library

pkgs.glibcLocalesUtf8

Locale information for the GNU C Library

pkgs.unixtools.getent

pkgs.unixtools.locale

pkgs.unixtools.getconf

pkgs.tests.hardeningFlags.glibcxxassertionsStdenvUnsupp

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitEnabled

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitDisabled

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled

  • nixos-unstable -
    • nixpkgs-unstable

Package maintainers: 2

CVE-2023-6004
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 4 months ago
Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

Affected products

libssh
  • *

Matching in nixpkgs

pkgs.libssh

SSH client library

  • nixos-unstable -

pkgs.libssh2

Client-side C library implementing the SSH2 protocol

  • nixos-unstable -

pkgs.haskellPackages.libssh

libssh bindings

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

  • nixos-unstable -

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

  • nixos-unstable -

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2

Test whether libssh2-1.11.1 exposes pkg-config modules libssh2

Package maintainers: 3

CVE-2024-21907
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 months ago
Improper Handling of Exceptional Conditions in Newtonsoft.Json

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

Affected products

Newtonsoft.Json
  • <13.0.1

Matching in nixpkgs

pkgs.dotnetPackages.NewtonsoftJson

  • nixos-unstable -
CVE-2023-46847
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 4 months ago
Squid: denial of service in http digest authentication

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Affected products

squid
  • *
  • <6.4
squid34
  • *
squid:4
  • *

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable -

pkgs.prometheus-squid-exporter

Squid Prometheus exporter

  • nixos-unstable -

pkgs.python312Packages.flyingsquid

More interactive weak supervision with FlyingSquid

pkgs.python313Packages.flyingsquid

More interactive weak supervision with FlyingSquid

Package maintainers: 3

CVE-2023-4692
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 months ago
Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

Affected products

grub
  • *
grub2
  • *

Matching in nixpkgs

pkgs.grub2_pvgrub_image

PvGrub2 image for booting PV Xen guests

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.grub2_pvhgrub_image

PvGrub2 image for booting PVH Xen guests

  • nixos-unstable -
    • nixpkgs-unstable

Package maintainers: 4

CVE-2023-5215
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 months ago
Libnbd: nbs server does not return expeted block size

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.

Affected products

libnbd
  • *
virt:av/libnbd
virt:rhel/libnbd
virt-devel:av/libnbd

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

  • nixos-unstable -

pkgs.python312Packages.libnbd

Network Block Device client library in userspace

  • nixos-unstable -

pkgs.python313Packages.libnbd

Network Block Device client library in userspace

  • nixos-unstable -

Package maintainers: 1

CVE-2024-0193
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 months ago
Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user to escalate their privileges on the system.

Affected products

kernel
  • *
kernel-rt
  • *
openshift-logging/vector-rhel9
  • *
openshift-logging/fluentd-rhel9
  • *
openshift-logging/eventrouter-rhel9
  • *
openshift-logging/logging-loki-rhel9
  • *
openshift-logging/loki-rhel9-operator
  • *
openshift-logging/opa-openshift-rhel9
  • *
openshift-logging/elasticsearch6-rhel9
  • *
openshift-logging/loki-operator-bundle
  • *
openshift-logging/logging-curator5-rhel9
  • *
openshift-logging/lokistack-gateway-rhel9
  • *
openshift-logging/elasticsearch-proxy-rhel9
  • *
openshift-logging/logging-view-plugin-rhel9
  • *
openshift-logging/elasticsearch-rhel9-operator
  • *
openshift-logging/elasticsearch-operator-bundle
  • *
openshift-logging/cluster-logging-rhel9-operator
  • *
openshift-logging/log-file-metric-exporter-rhel9
  • *
openshift-logging/cluster-logging-operator-bundle
  • *

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

pkgs.linuxPackages.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.kernel-hardening-checker

Tool for checking the security hardening options of the Linux kernel

pkgs.linuxPackages.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxPackages_lqx.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.kernels

Load compute kernels from the Huggingface Hub

  • nixos-unstable -

pkgs.python313Packages.kernels

Load compute kernels from the Huggingface Hub

  • nixos-unstable -

pkgs.linuxPackages.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages-libre.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages-libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.ipykernel

IPython Kernel for Jupyter

  • nixos-unstable -

pkgs.python313Packages.ipykernel

IPython Kernel for Jupyter

  • nixos-unstable -

pkgs.linuxPackages_latest.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_lqx.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxPackages_xanmod.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.python312Packages.metakernel

Jupyter/IPython Kernel Tools

  • nixos-unstable -

pkgs.python312Packages.nix-kernel

Simple jupyter kernel for nix-repl

pkgs.python313Packages.metakernel

Jupyter/IPython Kernel Tools

  • nixos-unstable -

pkgs.python313Packages.nix-kernel

Simple jupyter kernel for nix-repl

pkgs.python312Packages.bash-kernel

Bash Kernel for Jupyter

  • nixos-unstable -

pkgs.python313Packages.bash-kernel

Bash Kernel for Jupyter

  • nixos-unstable -

pkgs.haskellPackages.ipython-kernel

A library for creating kernels for IPython frontends

pkgs.linuxPackages-libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxPackages_lqx.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.rocmPackages.composable_kernel

Performance portable programming model for machine learning tensor operators

pkgs.linuxPackages_latest.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxPackages_xanmod.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.gnomeExtensions.kernel-indicator

Display the kernel version in the top bar

  • nixos-unstable -
    • nixpkgs-unstable 4

pkgs.linuxPackages-libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.ansible-kernel

Ansible kernel for Jupyter

  • nixos-unstable -

pkgs.python312Packages.spyder-kernels

Jupyter kernels for Spyder's console

pkgs.python313Packages.ansible-kernel

Ansible kernel for Jupyter

  • nixos-unstable -

pkgs.python313Packages.spyder-kernels

Jupyter kernels for Spyder's console

pkgs.rocmPackages_6.composable_kernel

Performance portable programming model for machine learning tensor operators

pkgs.linuxPackages_latest.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.jupyter-c-kernel

Minimalistic C kernel for Jupyter

  • nixos-unstable -

pkgs.python313Packages.jupyter-c-kernel

Minimalistic C kernel for Jupyter

  • nixos-unstable -

pkgs.linuxPackages_xanmod_stable.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_5_4.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_4.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_lqx.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod_stable.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_5_10.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_10.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_16.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod_stable.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.home-assistant-component-tests.hardkernel

Open source home automation that puts local control and privacy first

pkgs.linuxKernel.packages.linux_5_4.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_6_1.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_6_6.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_lqx.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_xanmod.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_5_10.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_5_15.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_6_12.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_6_16.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_5_4.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_lqx.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_10.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_16.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_xanmod.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_latest_libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_latest_libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_6_12_hardened.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_xanmod_stable.linux-gpib

Support package for GPIB (IEEE 488) hardware

  • nixos-unstable -

pkgs.linuxKernel.packages.linux_latest_libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_unstable

ZFS Filesystem Linux Kernel Module

Package maintainers: 19