Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-11614 created 1 month, 2 weeks ago
Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

dpdk
<21.11-4
*
openvswitch
openvswitch3.0
openvswitch3.1
*
openvswitch3.2
openvswitch3.3
*
openvswitch3.4
*
openvswitch2.10
openvswitch2.11
openvswitch2.12
openvswitch2.13
openvswitch2.15
openvswitch2.16
openvswitch2.17

pkgs.dpdk

Set of libraries and drivers for fast packet processing

pkgs.openvswitch

Multilayer virtual switch

pkgs.openvswitch-dpdk

Multilayer virtual switch

pkgs.linuxPackages.dpdk

Set of libraries and drivers for fast packet processing

pkgs.linuxPackages_zen.dpdk

Set of libraries and drivers for fast packet processing

pkgs.linuxPackages-libre.dpdk

Set of libraries and drivers for fast packet processing

pkgs.linuxPackages.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxPackages_latest.dpdk

Set of libraries and drivers for fast packet processing

pkgs.linuxPackages_xanmod.dpdk

Set of libraries and drivers for fast packet processing

pkgs.linuxPackages_lqx.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxPackages_zen.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxPackages-libre.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxPackages_latest.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxPackages_xanmod.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_6_6.dpdk

Set of libraries and drivers for fast packet processing

pkgs.linuxKernel.packages.linux_lqx.dpdk

Set of libraries and drivers for fast packet processing

pkgs.linuxKernel.packages.linux_5_10.dpdk

Set of libraries and drivers for fast packet processing

pkgs.linuxKernel.packages.linux_6_16.dpdk

Set of libraries and drivers for fast packet processing

pkgs.linuxPackages_latest-libre.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_xanmod.dpdk

Set of libraries and drivers for fast packet processing

pkgs.linuxPackages_xanmod_stable.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_lqx.odp-dpdk

Open Data Plane optimized for DPDK

pkgs.linuxKernel.packages.linux_zen.odp-dpdk

Open Data Plane optimized for DPDK

pkgs.linuxKernel.packages.linux_5_10.odp-dpdk

Open Data Plane optimized for DPDK

pkgs.linuxKernel.packages.linux_6_12.odp-dpdk

Open Data Plane optimized for DPDK

pkgs.linuxKernel.packages.linux_6_16.odp-dpdk

Open Data Plane optimized for DPDK

pkgs.linuxKernel.packages.linux_5_4.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_6_1.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_6_6.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_libre.odp-dpdk

Open Data Plane optimized for DPDK

pkgs.linuxKernel.packages.linux_lqx.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_zen.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_5_10.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_5_15.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_6_12.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_6_16.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_xanmod.odp-dpdk

Open Data Plane optimized for DPDK

pkgs.linuxKernel.packages.linux_libre.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_xanmod.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_6_12_hardened.dpdk

Set of libraries and drivers for fast packet processing

pkgs.linuxKernel.packages.linux_hardened.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_6_12_hardened.odp-dpdk

Open Data Plane optimized for DPDK

pkgs.linuxKernel.packages.linux_latest_libre.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_6_12_hardened.dpdk-kmods

Kernel modules for DPDK

pkgs.linuxKernel.packages.linux_xanmod_stable.dpdk-kmods

Kernel modules for DPDK
Package maintainers: 9
CVE-2024-56059
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
WordPress Partners plugin <= 0.2.0 - PHP Object Injection vulnerability

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0.

partners
=<0.2.0

pkgs.haskellPackages.gogol-partners

Google Partners SDK
CVE-2024-10973
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Keycloak: cli option for encrypted jgroups ignored

A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.

keycloak
<23.0
*
<25.0
org.keycloak/keycloak-quarkus-server

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API
Package maintainers: 4
CVE-2024-55986
8.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Service plugin <= 1.0.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in serviceonline Service allows Blind SQL Injection.This issue affects Service: from n/a through 1.0.4.

service
=<1.0.4

pkgs.ivpn-service

Official IVPN Desktop app

pkgs.lk-jwt-service

Minimal service to issue LiveKit JWTs for MatrixRTC

pkgs.accountsservice

D-Bus interface for user account query and manipulation

pkgs.service-wrapper

Convenient wrapper for the systemctl commands, borrow from Ubuntu

pkgs.lomiri.hfd-service

DBus-activated service that manages human feedback devices such as LEDs and vibrators on mobile devices

pkgs.libsForQt5.kservice

pkgs.java-service-wrapper

Enables a Java Application to be run as a Windows Service or Unix Daemon

pkgs.kdePackages.kservice

KService

pkgs.matrix-appservice-irc

Node.js IRC bridge for Matrix

pkgs.lomiri.history-service

Service that provides call log and conversation history

pkgs.vdrPlugins.servicedemo

pkgs.lomiri.telephony-service

Backend dispatcher service for various mobile phone related operations

pkgs.plasma5Packages.kservice

pkgs.matrix-appservice-discord

Bridge between Matrix and Discord

pkgs.powershell-editor-services

Common platform for PowerShell development support in any editor or application

pkgs.graphql-language-service-cli

Official, runtime independent Language Service for GraphQL

pkgs.lomiri.lomiri-history-service

Service that provides call log and conversation history

pkgs.matrix-authentication-service

OAuth2.0 + OpenID Provider for Matrix Homeservers

pkgs.python312Packages.mkl-service

Python hooks for Intel(R) Math Kernel Library runtime control settings

pkgs.python312Packages.xyzservices

Source of XYZ tiles providers

pkgs.python313Packages.mkl-service

Python hooks for Intel(R) Math Kernel Library runtime control settings

pkgs.python313Packages.xyzservices

Source of XYZ tiles providers

pkgs.gst_all_1.gst-editing-services

Library for creation of audio/video non-linear editors

pkgs.docker-compose-language-service

Language service for Docker Compose documents

pkgs.python312Packages.mock-services

Mock an entire service API based on requests-mock

pkgs.python313Packages.mock-services

Mock an entire service API based on requests-mock

pkgs.haskellPackages.gogol-serviceuser

Google Service User SDK

pkgs.python312Packages.pytest-services

Services plugin for pytest testing framework

pkgs.python313Packages.pytest-services

Services plugin for pytest testing framework

pkgs.azure-cli-extensions.graphservices

Microsoft Azure Command-Line Tools Graphservices Extension

pkgs.haskellPackages.gogol-serviceusage

Google Service Usage SDK

pkgs.python312Packages.azure-servicebus

Microsoft Azure Service Bus Client Library

pkgs.python312Packages.openrouteservice

Python API to consume openrouteservice(s) painlessly

pkgs.python312Packages.os-service-types

Python library for consuming OpenStack service-types-authority data

pkgs.python312Packages.service-identity

Service identity verification for pyOpenSSL

pkgs.python313Packages.azure-servicebus

Microsoft Azure Service Bus Client Library

pkgs.python313Packages.openrouteservice

Python API to consume openrouteservice(s) painlessly

pkgs.python313Packages.os-service-types

Python library for consuming OpenStack service-types-authority data

pkgs.python313Packages.service-identity

Service identity verification for pyOpenSSL

pkgs.haskellPackages.gogol-servicebroker

Google Service Broker SDK

pkgs.python312Packages.pyfireservicerota

Python 3 API wrapper for FireServiceRota/BrandweerRooster

pkgs.python313Packages.pyfireservicerota

Python 3 API wrapper for FireServiceRota/BrandweerRooster

pkgs.azure-cli-extensions.appservice-kube

Microsoft Azure Command-Line Tools App Service on Kubernetes Extension

pkgs.haskellPackages.gogol-servicecontrol

Google Service Control SDK

pkgs.python312Packages.azure-servicefabric

This project provides a client library in Python that makes it easy to consume Microsoft Azure Storage services

pkgs.python313Packages.azure-servicefabric

This project provides a client library in Python that makes it easy to consume Microsoft Azure Storage services

pkgs.python312Packages.llama-cloud-services

Knowledge Agents and Management in the Cloud

pkgs.python313Packages.llama-cloud-services

Knowledge Agents and Management in the Cloud

pkgs.haskellPackages.amazonka-service-quotas

Amazon Quotas SDK

pkgs.haskellPackages.amazonka-servicecatalog

Amazon Service Catalog SDK

pkgs.haskellPackages.gogol-servicemanagement

Google Service Management SDK

pkgs.haskellPackages.gogol-servicenetworking

Google Service Networking SDK

pkgs.python312Packages.azure-mgmt-botservice

Microsoft Azure API Management Client Library for Python

pkgs.python312Packages.azure-mgmt-servicebus

This is the Microsoft Azure Service Bus Management Client Library

pkgs.python313Packages.azure-mgmt-botservice

Microsoft Azure API Management Client Library for Python

pkgs.python313Packages.azure-mgmt-servicebus

This is the Microsoft Azure Service Bus Management Client Library

pkgs.python312Packages.azure-mgmt-servicefabric

This is the Microsoft Azure Service Fabric Management Client Library

pkgs.python312Packages.azure-mgmt-servicelinker

Microsoft Azure Servicelinker Management Client Library for Python

pkgs.python313Packages.azure-mgmt-servicefabric

This is the Microsoft Azure Service Fabric Management Client Library

pkgs.python313Packages.azure-mgmt-servicelinker

Microsoft Azure Servicelinker Management Client Library for Python

pkgs.azure-cli-extensions.monitor-control-service

Microsoft Azure Command-Line Tools MonitorClient Extension

pkgs.python312Packages.azure-mgmt-managedservices

Microsoft Azure Managed Services Client Library for Python

pkgs.python313Packages.azure-mgmt-managedservices

Microsoft Azure Managed Services Client Library for Python

pkgs.azure-cli-extensions.gallery-service-artifact

Microsoft Azure Command-Line Tools GalleryServiceArtifact Extension

pkgs.python312Packages.azure-mgmt-containerservice

This is the Microsoft Azure Container Service Management Client Library

pkgs.python312Packages.azure-mgmt-recoveryservices

This is the Microsoft Azure Recovery Services Client Library

pkgs.python313Packages.azure-mgmt-containerservice

This is the Microsoft Azure Container Service Management Client Library

pkgs.python313Packages.azure-mgmt-recoveryservices

This is the Microsoft Azure Recovery Services Client Library

pkgs.home-assistant-component-tests.fireservicerota

Open source home automation that puts local control and privacy first

pkgs.python312Packages.azure-mgmt-cognitiveservices

This is the Microsoft Azure Cognitive Services Management Client Library

pkgs.python313Packages.azure-mgmt-cognitiveservices

This is the Microsoft Azure Cognitive Services Management Client Library

pkgs.haskellPackages.gogol-serviceconsumermanagement

Google Service Consumer Management SDK

pkgs.python312Packages.azure-servicemanagement-legacy

This is the Microsoft Azure Service Management Legacy Client Library

pkgs.python313Packages.azure-servicemanagement-legacy

This is the Microsoft Azure Service Management Legacy Client Library

pkgs.python312Packages.types-aiobotocore-service-quotas

Type annotations for aiobotocore service-quotas

pkgs.python312Packages.types-aiobotocore-servicecatalog

Type annotations for aiobotocore servicecatalog

pkgs.python313Packages.types-aiobotocore-service-quotas

Type annotations for aiobotocore service-quotas

pkgs.python313Packages.types-aiobotocore-servicecatalog

Type annotations for aiobotocore servicecatalog

pkgs.haskellPackages.amazonka-servicecatalog-appregistry

Amazon Service Catalog App Registry SDK

pkgs.python312Packages.azure-mgmt-recoveryservicesbackup

This is the Microsoft Azure Recovery Services Backup Management Client Library

pkgs.python313Packages.azure-mgmt-recoveryservicesbackup

This is the Microsoft Azure Recovery Services Backup Management Client Library

pkgs.python312Packages.types-aiobotocore-servicediscovery

Type annotations for aiobotocore servicediscovery

pkgs.python313Packages.types-aiobotocore-servicediscovery

Type annotations for aiobotocore servicediscovery

pkgs.python312Packages.azure-mgmt-iothubprovisioningservices

This is the Microsoft Azure IoTHub Provisioning Services Client Library

pkgs.python313Packages.azure-mgmt-iothubprovisioningservices

This is the Microsoft Azure IoTHub Provisioning Services Client Library

pkgs.python312Packages.azure-mgmt-servicefabricmanagedclusters

This is the Microsoft Azure Service Fabric Cluster Management Client Library

pkgs.python313Packages.azure-mgmt-servicefabricmanagedclusters

This is the Microsoft Azure Service Fabric Cluster Management Client Library

pkgs.home-assistant-component-tests.nsw_rural_fire_service_feed

Open source home automation that puts local control and privacy first

pkgs.python312Packages.types-aiobotocore-servicecatalog-appregistry

Type annotations for aiobotocore servicecatalog-appregistry

pkgs.python313Packages.types-aiobotocore-servicecatalog-appregistry

Type annotations for aiobotocore servicecatalog-appregistry

pkgs.androidenv.androidPkgs.all.extras.extras-google-google_play_services

Android SDK tools, packaged in Nixpkgs
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.androidenv.androidPkgs.all.extras.extras-google-google_play_services_froyo

Android SDK tools, packaged in Nixpkgs
  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 47
CVE-2024-54348
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Brandy theme <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YayCommerce Brand allows Stored XSS.This issue affects Brand: from n/a through 1.1.6.

brand
=<1.1.6

pkgs.matrix-brandy

Matrix Brandy BASIC VI for Linux, Windows, MacOSX

pkgs.librandombytes

Simple API for applications generating fresh randomness

pkgs.typstPackages.touying-brandred-uobristol_0_1_0

Touying Slide Theme for University of Bristol

pkgs.typstPackages.touying-brandred-uobristol_0_1_1

Touying Slide Theme for University of Bristol

pkgs.typstPackages.touying-brandred-uobristol_0_1_2

Touying Slide Theme for University of Bristol

pkgs.typstPackages.touying-brandred-uobristol_0_1_3

Touying Slide Theme for University of Bristol

pkgs.typstPackages.touying-brandred-uobristol_0_2_0

Touying Slide Theme for University of Bristol
Package maintainers: 5
CVE-2024-54368
9.6 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
WordPress GitSync plugin <= 1.1.0 - CSRF to Remote Code Execution vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0.

git-sync
=<1.1.0
Package maintainers: 1
CVE-2024-54384
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Falcon – WordPress Optimizations & Tweaks plugin <= 2.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in eLightUp Falcon – WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through 2.8.3.

falcon
=<2.8.3

pkgs.python312Packages.falcon

Ultra-reliable, fast ASGI+WSGI framework for building data plane APIs at scale

pkgs.python313Packages.falcon

Ultra-reliable, fast ASGI+WSGI framework for building data plane APIs at scale

pkgs.python312Packages.falconpy

CrowdStrike Falcon SDK for Python

pkgs.python313Packages.falconpy

CrowdStrike Falcon SDK for Python

pkgs.python312Packages.falcon-cors

CORS support for Falcon

pkgs.python313Packages.falcon-cors

CORS support for Falcon
Package maintainers: 3
CVE-2024-11858
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Radare2: command injection via pebble application files in radare2

A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing​

radare2
<5.9.9

pkgs.radare2

UNIX-like reverse engineering framework and command-line toolset
Package maintainers: 5
CVE-2023-27456
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19.

total
=<2.1.19

pkgs.autotalent

Real-time pitch correction LADSPA plugin (no MIDI control)

pkgs.haskellPackages.total

Exhaustive pattern matching using lenses, traversals, and prisms

pkgs.haskellPackages.total-alternative

Alternative interface for total versions of partial function on the Prelude

pkgs.gnomeExtensions.net-totals-simplified

A Net totals extension that only displays totals. Forked from Net Speed extension (netspeedsimplified@prateekmedia.extension) With Loads of Customization, version 43

pkgs.python312Packages.total-connect-client

Interact with Total Connect 2 alarm systems

pkgs.python313Packages.total-connect-client

Interact with Total Connect 2 alarm systems

pkgs.home-assistant-component-tests.totalconnect

Open source home automation that puts local control and privacy first
Package maintainers: 6
CVE-2024-54245
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Clients plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients allows Stored XSS.This issue affects Clients: from n/a through 1.1.4.

clients
=<1.1.4

pkgs.xlsclients

Utility to list client applications running on a X11 display

pkgs.argus-clients

Clients for ARGUS

pkgs.xorg.xlsclients

Utility to list client applications running on a X11 display

pkgs.haskellPackages.clientsession

Securely store session data in a client-side cookie

pkgs.haskellPackages.wai-session-clientsession

Session store based on clientsession
Package maintainers: 1