⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-8676
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 months, 3 weeks ago
Cri-o: checkpoint restore can be triggered from different namespaces

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn't have access to host mounts. The user needs access to the kubelet or cri-o socket to call the restore endpoint and trigger the restore.

cri-o
rhcos
conmon
container-tools:rhel8/conmon
container-tools:rhel8/podman

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.conmon

OCI container runtime monitor

pkgs.conmon-rs

OCI container runtime monitor written in Rust

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
Notify package maintainers: 2
CVE-2024-52615
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 3 months, 3 weeks ago
  • @LeSuisse removed
    5 packages
    • pkgs.python312Packages.avahi 0.8
    • pkgs.python311Packages.avahi 0.8
    • pkgs.haskellPackages.avahi 0.2.0
    • pkgs.avahi-compat 0.8
    • pkgs.guile-avahi 0.4.1
    3 months, 2 weeks ago
Avahi: avahi wide-area dns uses constant source port

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

avahi
<0.9
rhcos

pkgs.avahi

mDNS/DNS-SD implementation
Notify package maintainers: 2
CVE-2024-49395
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 3 months, 3 weeks ago
  • @LeSuisse removed
    4 packages
    • pkgs.pantheon.mutter 43.8
    • pkgs.xorg.fontmuttmisc 1.0.4
    • pkgs.gnome.mutter43 43.8
    • pkgs.mutter43 43.8
    3 months, 2 weeks ago
Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

mutt

pkgs.mutt

Small but very powerful text-based mail client

pkgs.mutter

Window manager for GNOME

pkgs.neomutt

Small but very powerful text-based mail client

pkgs.mutt-ics

Tool to show calendar event details in Mutt

pkgs.mutt-wizard

System for automatically configuring mutt and isync

pkgs.gnome.mutter

Window manager for GNOME

pkgs.notmuch-mutt

Mutt support for notmuch

pkgs.vimPlugins.nvim-treesitter-parsers.muttrc

Notify package maintainers: 10
CVE-2024-49394
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 3 months, 3 weeks ago
  • @LeSuisse removed
    11 packages
    • pkgs.mutter 47.1
    • pkgs.mutt-ics 0.9.2
    • pkgs.mutter43 43.8
    • pkgs.mutt-wizard 3.3.1
    • pkgs.gnome.mutter 47.1
    • pkgs.notmuch-mutt 0.38.3
    • pkgs.gnome.mutter43 43.8
    • pkgs.pantheon.mutter 43.8
    • pkgs.xorg.fontmuttmisc 1.0.4
    • pkgs.emacsPackages.mutt-mode 20191102.2330
    • pkgs.vimPlugins.nvim-treesitter-parsers.muttrc
    3 months, 2 weeks ago
Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

mutt

pkgs.mutt

Small but very powerful text-based mail client

pkgs.neomutt

Small but very powerful text-based mail client
Notify package maintainers: 3
CVE-2024-49393
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 3 months, 3 weeks ago
  • @LeSuisse removed
    11 packages
    • pkgs.mutter 47.1
    • pkgs.mutt-ics 0.9.2
    • pkgs.mutter43 43.8
    • pkgs.mutt-wizard 3.3.1
    • pkgs.gnome.mutter 47.1
    • pkgs.notmuch-mutt 0.38.3
    • pkgs.gnome.mutter43 43.8
    • pkgs.pantheon.mutter 43.8
    • pkgs.xorg.fontmuttmisc 1.0.4
    • pkgs.emacsPackages.mutt-mode 20191102.2330
    • pkgs.vimPlugins.nvim-treesitter-parsers.muttrc
    3 months, 2 weeks ago
Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

mutt

pkgs.mutt

Small but very powerful text-based mail client

pkgs.neomutt

Small but very powerful text-based mail client
Notify package maintainers: 3
CVE-2024-11079
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 3 weeks ago
Ansible-core: unsafe tagging bypass via hostvars object in ansible-core

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

ansible-core
=<2.18.0
rhelai1/bootc-nvidia-rhel9
rhelai1/bootc-azure-nvidia-rhel9
ansible-automation-platform/ee-29-rhel8
*
ansible-automation-platform/ee-minimal-rhel8
*
ansible-automation-platform/ee-minimal-rhel9
*
ansible-automation-platform/ansible-builder-rhel8
*
ansible-automation-platform/ansible-builder-rhel9
*

pkgs.ansible

Radically simple IT automation

pkgs.ansible_2_16

Radically simple IT automation

pkgs.ansible_2_17

Radically simple IT automation

pkgs.python311Packages.ansible-core

Radically simple IT automation

pkgs.python312Packages.ansible-core

Radically simple IT automation
CVE-2024-10963
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 3 months, 3 weeks ago
  • @LeSuisse removed
    22 packages
    • pkgs.rspamd 3.10.2
    • pkgs.pamix 1.6
    • pkgs.dspam 3.10.2
    • pkgs.ipam 0.3.0-1
    • pkgs.opam 2.3.0
    • pkgs.paml 4.10.7
    • pkgs.matrix-synapse-plugins.matrix-synapse-mjolnir-antispam 1.8.3
    • pkgs.vscode-extensions.fabiospampinato.vscode-open-in-github 2.3.0
    • pkgs.matrix-synapse-plugins.matrix-synapse-pam 0.1.3
    • pkgs.emacsPackages.opam-switch-mode 20230802.917
    • pkgs.python312Packages.python-pam 2.0.2
    • pkgs.python311Packages.python-pam 2.0.2
    • pkgs.python312Packages.pypamtest 1.1.5
    • pkgs.python311Packages.pypamtest 1.1.5
    • pkgs.plasma5Packages.kwallet-pam 5.27.11
    • pkgs.python312Packages.pamela 1.2.0
    • pkgs.python311Packages.pamela 1.2.0
    • pkgs.sbclPackages.cl-xmlspam 20101006-http
    • pkgs.python312Packages.pamqp 3.3.0
    • pkgs.python311Packages.pamqp 3.3.0
    • pkgs.opensmtpd-filter-rspamd 0.1.8
    • pkgs.kdePackages.kwallet-pam 6.2.4
    3 months, 2 weeks ago
Pam: improper hostname interpretation in pam_access leads to access control bypass

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

pam
rhcos

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

pkgs.pam_p11

Authentication with PKCS#11 modules

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

pkgs.pamixer

Pulseaudio command line mixer

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

pkgs.pam_ldap

LDAP backend for PAM

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

pkgs.pam_ussh

PAM module to authenticate using SSH certificates

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

pkgs.opam2json

convert opam file syntax to JSON

pkgs.pam_dp9ik

dp9ik pam module

pkgs.pam_gnupg

Unlock GnuPG keys on login

pkgs.pam_mount

PAM module to mount volumes for a user session

pkgs.pam_mysql

PAM authentication module against a MySQL database

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

pkgs.pamtester

Utility program to test the PAM facility

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

pkgs.yubico-pam

Yubico PAM module

pkgs.apparmor-pam

Mandatory access control system - PAM service

pkgs.opam-publish

Tool to ease contributions to opam repositories

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

pkgs.spamassassin

Open-Source Spam Filter

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

pkgs.libpam-wrapper

Wrapper for testing PAM modules

pkgs.opam-installer

Handle (un)installation from opam install files

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training

pkgs.pam_ssh_agent_auth

PAM module for authentication through the SSH agent

pkgs.decode-spam-headers

Script that helps you understand why your E-Mail ended up in Spam

pkgs.haskellPackages.pam

Haskell binding for C PAM API

pkgs.luaPackages.lua-pam

Lua module for PAM authentication

pkgs.google-authenticator

Two-step verification, with pam module

pkgs.lua51Packages.lua-pam

Lua module for PAM authentication

pkgs.lua52Packages.lua-pam

Lua module for PAM authentication

pkgs.lua53Packages.lua-pam

Lua module for PAM authentication

pkgs.libsForQt5.kwallet-pam

Notify package maintainers: 31
CVE-2024-10295
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months, 3 weeks ago
Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request

A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.

gateway
=<2.14.2
3scale-amp-apicast-gateway-container

pkgs.grpc-gateway

A gRPC to JSON proxy generator plugin for Google Protocol Buffers

pkgs.janus-gateway

General purpose WebRTC server

pkgs.ingress2gateway

Convert Ingress resources to Gateway API resources

pkgs.jetbrains.gateway

Remote development for JetBrains products

pkgs.prometheus-pushgateway

Allows ephemeral and batch jobs to expose metrics to Prometheus

pkgs.python311Packages.dask-gateway

Client library for interacting with a dask-gateway server

pkgs.python312Packages.dask-gateway

Client library for interacting with a dask-gateway server

pkgs.azure-cli-extensions.arcgateway

Microsoft Azure Command-Line Tools Arcgateway Extension

pkgs.python311Packages.aioruuvigateway

Asyncio-native library for requesting data from a Ruuvi Gateway

pkgs.python311Packages.pyxiaomigateway

Python library to communicate with the Xiaomi Gateway

pkgs.python311Packages.quantum-gateway

Python library for interacting with Verizon Fios Quantum gateway devices

pkgs.python312Packages.aioruuvigateway

Asyncio-native library for requesting data from a Ruuvi Gateway

pkgs.python312Packages.pyxiaomigateway

Python library to communicate with the Xiaomi Gateway

pkgs.python312Packages.quantum-gateway

Python library for interacting with Verizon Fios Quantum gateway devices

pkgs.haskellPackages.amazonka-apigateway

Amazon API Gateway SDK

pkgs.haskellPackages.amazonka-apigatewayv2

Amazon ApiGatewayV2 SDK

pkgs.python311Packages.dask-gateway-server

Multi-tenant server for securely deploying and managing multiple Dask clusters

pkgs.python312Packages.dask-gateway-server

Multi-tenant server for securely deploying and managing multiple Dask clusters

pkgs.haskellPackages.amazonka-backup-gateway

Amazon Backup Gateway SDK

pkgs.haskellPackages.amazonka-storagegateway

Amazon Storage Gateway SDK

pkgs.home-assistant-component-tests.ruuvi_gateway

Open source home automation that puts local control and privacy first

pkgs.python311Packages.types-aiobotocore-apigateway

Type annotations for aiobotocore apigateway

pkgs.python312Packages.types-aiobotocore-apigateway

Type annotations for aiobotocore apigateway

pkgs.haskellPackages.amazonka-apigatewaymanagementapi

Amazon ApiGatewayManagementApi SDK

pkgs.home-assistant-custom-components.xiaomi_gateway3

Home Assistant custom component for control Xiaomi Multimode Gateway (aka Gateway 3), Xiaomi Multimode Gateway 2, Aqara Hub E1 on default firmwares over LAN

pkgs.python311Packages.types-aiobotocore-apigatewayv2

Type annotations for aiobotocore apigatewayv2

pkgs.python312Packages.types-aiobotocore-apigatewayv2

Type annotations for aiobotocore apigatewayv2

pkgs.python311Packages.types-aiobotocore-backup-gateway

Type annotations for aiobotocore backup-gateway

pkgs.python311Packages.types-aiobotocore-storagegateway

Type annotations for aiobotocore storagegateway

pkgs.python312Packages.types-aiobotocore-backup-gateway

Type annotations for aiobotocore backup-gateway

pkgs.python312Packages.types-aiobotocore-storagegateway

Type annotations for aiobotocore storagegateway

pkgs.python311Packages.types-aiobotocore-apigatewaymanagementapi

Type annotations for aiobotocore apigatewaymanagementapi

pkgs.python312Packages.types-aiobotocore-apigatewaymanagementapi

Type annotations for aiobotocore apigatewaymanagementapi
Notify package maintainers: 11
CVE-2010-3872
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months, 3 weeks ago
Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

mod_fcgid
CVE-2024-9979
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 3 weeks ago
Pyo3: risk of use-after-free in `borrowed` reads from python weak references

A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.

pyo3
<0.22.4
python3.11-nh3
python3.11-rpds-py
python3.11-cryptography
python3.12-cryptography