⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-0838 created 6 months, 1 week ago
Heap Buffer overflow in Abseil

There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1

abseil-cpp
<5a0e2cb5e3958dd90bb8569a2766622cb74d90c1

pkgs.abseil-cpp_202103

Open-source collection of C++ code designed to augment the C++ standard library

pkgs.abseil-cpp_202301

Open-source collection of C++ code designed to augment the C++ standard library

pkgs.abseil-cpp_202401

Open-source collection of C++ code designed to augment the C++ standard library

pkgs.abseil-cpp_202407

Open-source collection of C++ code designed to augment the C++ standard library
Package maintainers: 2
CVE-2022-46848
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months, 2 weeks ago
WordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions.

visualizer
=<3.9.1

pkgs.cli-visualizer

CLI based audio visualizer

pkgs.midivisualizer

Small MIDI visualizer tool, using OpenGL

pkgs.massif-visualizer

Tool that visualizes massif data generated by valgrind

pkgs.precice-config-visualizer

Small python tool for visualizing the preCICE xml configuration

pkgs.kdePackages.massif-visualizer

Visualizer for Valgrind Massif data files

pkgs.gnomeExtensions.sound-visualizer

A Real Time Sound Visualizer Based On Gstreamer
  • nixos-unstable 8
    • nixos-unstable-small 8
    • nixpkgs-unstable 8
Package maintainers: 13
CVE-2023-23708
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months, 2 weeks ago
WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions.

visualizer
=<3.9.4

pkgs.cli-visualizer

CLI based audio visualizer

pkgs.midivisualizer

Small MIDI visualizer tool, using OpenGL

pkgs.massif-visualizer

Tool that visualizes massif data generated by valgrind

pkgs.precice-config-visualizer

Small python tool for visualizing the preCICE xml configuration

pkgs.kdePackages.massif-visualizer

Visualizer for Valgrind Massif data files

pkgs.gnomeExtensions.sound-visualizer

A Real Time Sound Visualizer Based On Gstreamer
  • nixos-unstable 8
    • nixos-unstable-small 8
    • nixpkgs-unstable 8
Package maintainers: 13
CVE-2023-47238
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months, 2 weeks ago
WordPress Top 10 Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.

top-10
=<3.3.2

pkgs.budgie-desktop

Feature-rich, modern desktop designed to keep out the way of the user

pkgs.gnomeExtensions.pip-on-top

Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too.
  • nixos-unstable 10
    • nixos-unstable-small 10
    • nixpkgs-unstable 10

pkgs.gnomeExtensions.show-apps-at-top

Put show apps icon at top in Gnome default dash
Package maintainers: 3
CVE-2023-26008
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months, 2 weeks ago
WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions.

top-10
=<3.2.4

pkgs.budgie-desktop

Feature-rich, modern desktop designed to keep out the way of the user

pkgs.gnomeExtensions.pip-on-top

Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too.
  • nixos-unstable 10
    • nixos-unstable-small 10
    • nixpkgs-unstable 10

pkgs.gnomeExtensions.show-apps-at-top

Put show apps icon at top in Gnome default dash
Package maintainers: 3
CVE-2025-26465
6.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 6 months, 2 weeks ago
Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

rhcos
OpenSSH
=<9.9p1
openssh
*
registry.redhat.io/discovery/discovery-server-rhel9
*

pkgs.openssh

Implementation of the SSH protocol

pkgs.opensshTest

Implementation of the SSH protocol

pkgs.openssh_hpn

Implementation of the SSH protocol with high performance networking patches

pkgs.openssh_gssapi

Implementation of the SSH protocol with GSSAPI support

pkgs.opensshWithKerberos

Implementation of the SSH protocol

pkgs.openssh_hpnWithKerberos

Implementation of the SSH protocol with high performance networking patches

pkgs.lxqt.lxqt-openssh-askpass

GUI to query passwords on behalf of SSH agents
Package maintainers: 6
CVE-2024-1062
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 2 weeks ago
389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

389-ds:1.4
*
389-ds-base
=<2.2.*
*
<2.2.*
redhat-ds:11
*
redhat-ds:12
*
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux
Package maintainers: 1
CVE-2024-3657
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 2 weeks ago
389-ds-base: potential denial of service via specially crafted kerberos as-req request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

389-ds:1.4
*
389-ds-base
*
redhat-ds:11
*
redhat-ds:12
*
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux
Package maintainers: 1
CVE-2024-5953
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 2 weeks ago
389-ds-base: malformed userpassword hash may cause denial of service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.

389-ds:1.4
*
389-ds-base
*
redhat-ds:11
*
redhat-ds:12
*
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux
Package maintainers: 1
CVE-2025-26778
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months, 2 weeks ago
WordPress Gallery Custom Links Plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Gallery allows Stored XSS. This issue affects Gallery: from n/a through 2.2.1.

gallery
=<2.2.1

pkgs.fgallery

Static photo gallery generator

pkgs.gallery-dl

Command-line program to download image-galleries and -collections from several image hosting sites

pkgs.lomiri.lomiri-gallery-app

Photo gallery application for Ubuntu Touch devices

pkgs.libsForQt5.kirigami-gallery

View examples of Kirigami components

pkgs.kdePackages.kirigami-gallery

Kirigami component gallery application

pkgs.plasma5Packages.kirigami-gallery

View examples of Kirigami components

pkgs.azure-cli-extensions.image-gallery

Support for Azure Image Gallery

pkgs.lomiri.lomiri-gallery-app.x86_64-linux

Photo gallery application for Ubuntu Touch devices

pkgs.lomiri.lomiri-gallery-app.aarch64-linux

Photo gallery application for Ubuntu Touch devices

pkgs.libsForQt5.kirigami-gallery.x86_64-linux

View examples of Kirigami components

pkgs.libsForQt5.kirigami-gallery.aarch64-linux

View examples of Kirigami components

pkgs.azure-cli-extensions.gallery-service-artifact

Microsoft Azure Command-Line Tools GalleryServiceArtifact Extension

pkgs.plasma5Packages.kirigami-gallery.x86_64-linux

View examples of Kirigami components

pkgs.plasma5Packages.kirigami-gallery.aarch64-linux

View examples of Kirigami components
Package maintainers: 13