⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-0229
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

tigervnc
*
xorg-server
<21.1.11
xorg-x11-server
*
xorg-x11-server-Xwayland
*
CVE-2023-5574
7.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Xorg-x11-server: use-after-free bug in damagedestroy

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

tigervnc
*
xorg-x11-server
xorg-x11-server-Xwayland
CVE-2025-53512
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Sensitive log retrieval in Juju

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

juju
<2.9.52
<3.6.8

pkgs.juju

Open source modelling tool for operating software in the cloud

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

pkgs.juju.x86_64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.x86_64-darwin

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-darwin

Open source modelling tool for operating software in the cloud

pkgs.jujutsu.x86_64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.x86_64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujuutils.x86_64-linux

Utilities around FireWire devices connected to a Linux computer

pkgs.jujuutils.aarch64-linux

Utilities around FireWire devices connected to a Linux computer
Package maintainers: 5
CVE-2025-0928
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Arbitrary executable upload via authenticated endpoint

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.

juju
<2.9.52
<3.6.8

pkgs.juju

Open source modelling tool for operating software in the cloud

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

pkgs.juju.x86_64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.x86_64-darwin

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-darwin

Open source modelling tool for operating software in the cloud

pkgs.jujutsu.x86_64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.x86_64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujuutils.x86_64-linux

Utilities around FireWire devices connected to a Linux computer

pkgs.jujuutils.aarch64-linux

Utilities around FireWire devices connected to a Linux computer
Package maintainers: 5
CVE-2025-53513
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Zip slip vulnerability in Juju

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.

juju
<2.9.52
<3.6.8

pkgs.juju

Open source modelling tool for operating software in the cloud

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

pkgs.juju.x86_64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-linux

Open source modelling tool for operating software in the cloud

pkgs.juju.x86_64-darwin

Open source modelling tool for operating software in the cloud

pkgs.juju.aarch64-darwin

Open source modelling tool for operating software in the cloud

pkgs.jujutsu.x86_64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-linux

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.x86_64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujutsu.aarch64-darwin

Git-compatible DVCS that is both simple and powerful

pkgs.jujuutils.x86_64-linux

Utilities around FireWire devices connected to a Linux computer

pkgs.jujuutils.aarch64-linux

Utilities around FireWire devices connected to a Linux computer
Package maintainers: 5
CVE-2025-5987
5.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 3 weeks ago
Libssh: invalid return code for chacha20 poly1305 with openssl backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

rhcos
libssh
libssh2

pkgs.libssh.x86_64-linux

SSH client library

pkgs.libssh.aarch64-linux

SSH client library

pkgs.libssh.x86_64-darwin

SSH client library

pkgs.libssh2.x86_64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh.aarch64-darwin

SSH client library

pkgs.libssh2.aarch64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.x86_64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.aarch64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.haskellPackages.libssh2

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.python311Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.haskellPackages.libssh.x86_64-linux

libssh bindings

pkgs.haskellPackages.libssh.aarch64-linux

libssh bindings

pkgs.haskellPackages.libssh.x86_64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.x86_64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh.aarch64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.aarch64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.x86_64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.aarch64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit.x86_64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.x86_64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2

Test whether libssh2-1.11.1 exposes pkg-config modules libssh2
Package maintainers: 3
CVE-2024-3019
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 3 weeks ago
Pcp: exposure of the redis server backend allows remote command execution via pmproxy

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.

pcp
*
*

pkgs.pcp

Command line peer-to-peer data transfer tool based on libp2p

pkgs.python311Packages.pcpp

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp

C99 preprocessor written in pure Python

pkgs.python313Packages.pcpp

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.x86_64-linux

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.aarch64-linux

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.x86_64-darwin

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.aarch64-darwin

C99 preprocessor written in pure Python
Package maintainers: 5
CVE-2024-5148
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 3 weeks ago
Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition.

gnome-remote-desktop
<46.2

pkgs.gnome-remote-desktop

GNOME Remote Desktop server
Package maintainers: 4
CVE-2024-31080
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 1 month, 3 weeks ago
Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

tigervnc
*
xorg-server
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
CVE-2024-31083
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 3 weeks ago
Xorg-x11-server: use-after-free in procrenderaddglyphs

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.

tigervnc
*
xorg-x11-server
==21.1.12
*
xorg-x11-server-Xwayland
*