Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-43439
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: reflected xss via h5p error message

A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-43432
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: authorization headers preserved between "emulated redirects"

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-43435
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: can create global glossary without being admin

A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-52355
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress OSM – OpenStreetMap plugin <= 6.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hyumika OSM – OpenStreetMap allows Stored XSS.This issue affects OSM – OpenStreetMap: from n/a through 6.1.2.

osm
=<6.1.2

pkgs.josm

Extensible editor for OpenStreetMap

pkgs.osmo

Handy personal organizer

pkgs.mosml

Light-weight implementation of Standard ML

pkgs.osmid

Lightweight, portable, easy to use tool to convert MIDI to OSC and OSC to MIDI

pkgs.erosmb

SMB network scanner

pkgs.gosmee

Command line server and client for webhooks deliveries (and https://smee.io)

pkgs.imposm

Imports OpenStreetMap data into PostGIS

pkgs.qosmic

Cosmic recursive flame fractal editor

pkgs.cosmocc

Compilers for Cosmopolitan C/C++ programs

pkgs.readosm

Open source library to extract valid data from within an Open Street Map input file

pkgs.osmo-bsc

GSM Base Station Controller

pkgs.osmo-bts

Osmocom GSM Base Transceiver Station (BTS)

pkgs.osmo-hlr

Osmocom implementation of 3GPP Home Location Registr (HLR)

pkgs.osmo-iuh

Osmocom IuH library

pkgs.osmo-mgw

Osmocom Media Gateway (MGW). speaks RTP and E1 as well as MGCP

pkgs.osmo-msc

Osmocom implementation of 3GPP Mobile Swtiching Centre (MSC)

pkgs.osmo-pcu

Osmocom Packet control Unit (PCU): Network-side GPRS (RLC/MAC); BTS- or BSC-colocated

pkgs.cosmic-bg

Applies Background for the COSMIC Desktop Environment

pkgs.libosmium

Fast and flexible C++ library for working with OpenStreetMap data

pkgs.osm2pgsql

OpenStreetMap data to PostgreSQL converter

pkgs.osmctools

Command line tools for transforming Open Street Map files

pkgs.osmo-ggsn

Osmocom Gateway GPRS Support Node (GGSN), successor of OpenGGSN

pkgs.osmo-sgsn

Osmocom implementation of the 3GPP Serving GPRS Support Node (SGSN)

pkgs.cosmic-osd

OSD for the COSMIC Desktop Environment

pkgs.osmo-hnbgw

Osmocom Home NodeB Gateway, for attaching femtocells to the 3G CN (OsmoMSC, OsmoSGSN)

pkgs.cosmic-comp

Compositor for the COSMIC Desktop Environment

pkgs.cosmic-edit

Text Editor for the COSMIC Desktop Environment

pkgs.cosmic-idle

Idle daemon for the COSMIC Desktop Environment

pkgs.cosmic-term

Terminal for the COSMIC Desktop Environment

pkgs.libosmoabis

Osmocom Abis interface library

pkgs.libosmocore

Set of Osmocom core libraries

pkgs.libosmscout

Simple, high-level interfaces for offline location and POI lokup, rendering and routing functionalities based on OpenStreetMap (OSM) data

pkgs.osm-gps-map

GTK widget for displaying OpenStreetMap tiles

pkgs.osmium-tool

Multipurpose command line tool for working with OpenStreetMap data based on the Osmium library

pkgs.osmo-hnodeb

Upper layers implementation of HomeNodeB for 3G/UMTS

pkgs.cosmic-files

File Manager for the COSMIC Desktop Environment

pkgs.cosmic-icons

System76 Cosmic icon theme for Linux

pkgs.cosmic-panel

Panel for the COSMIC Desktop Environment

pkgs.cosmic-randr

Library and utility for displaying and configuring Wayland outputs

pkgs.cosmic-store

App Store for the COSMIC Desktop Environment

pkgs.cosmopolitan

Your build-once run-anywhere c library

pkgs.osmtogeojson

Converts OSM data to GeoJSON

pkgs.cosmic-player

Media player for the COSMIC Desktop Environment

pkgs.libosmo-netif

Osmocom network / socket interface library

pkgs.cosmic-applets

Applets for the COSMIC Desktop Environment

pkgs.cosmic-ext-ctl

CLI for COSMIC Desktop configuration management

pkgs.cosmic-greeter

Greeter for the COSMIC Desktop Environment

pkgs.cosmic-session

Session manager for the COSMIC desktop environment

pkgs.cosmic-launcher

Launcher for the COSMIC Desktop Environment

pkgs.cosmic-settings

Settings for the COSMIC Desktop Environment

pkgs.libosmo-sigtran

SCCP + SIGTRAN (SUA/M3UA) libraries as well as OsmoSTP

pkgs.osmscout-server

Maps server providing tiles, geocoder, and router

pkgs.rtl-sdr-osmocom

Software to turn the RTL2832U into a SDR receiver

pkgs.cosmic-protocols

Additional wayland-protocols used by the COSMIC desktop environment

pkgs.libcosmicAppHook

Setup hook for configuring and wrapping applications based on libcosmic
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.cosmic-applibrary

Application Template for the COSMIC Desktop Environment

pkgs.cosmic-ext-tweaks

Tweaking tool for the COSMIC Desktop Environment

pkgs.cosmic-screenshot

Screenshot tool for the COSMIC Desktop Environment

pkgs.cosmic-wallpapers

Wallpapers for the COSMIC Desktop Environment

pkgs.luaPackages.cosmo

Safe templates for Lua

pkgs.osmo-sip-connector

This implements an interface between the MNCC (Mobile Network Call Control) interface of OsmoMSC (and also previously OsmoNITB) and SIP

pkgs.lua51Packages.cosmo

Safe templates for Lua

pkgs.lua52Packages.cosmo

Safe templates for Lua

pkgs.lua53Packages.cosmo

Safe templates for Lua

pkgs.lua54Packages.cosmo

Safe templates for Lua

pkgs.python-cosmopolitan

Actually Portable Python using Cosmopolitan

pkgs.cosmic-notifications

Notifications for the COSMIC Desktop Environment

pkgs.luajitPackages.cosmo

Safe templates for Lua

pkgs.cosmic-ext-calculator

Calculator for the COSMIC Desktop Environment

pkgs.cosmic-settings-daemon

Settings Daemon for the COSMIC Desktop Environment

pkgs.cosmic-workspaces-epoch

Workspaces Epoch for the COSMIC Desktop Environment

pkgs.python312Packages.osmnx

Package to easily download, construct, project, visualize, and analyze complex street networks from OpenStreetMap with NetworkX

pkgs.python313Packages.osmnx

Package to easily download, construct, project, visualize, and analyze complex street networks from OpenStreetMap with NetworkX

pkgs.gnuradioPackages.osmosdr

Gnuradio block for OsmoSDR and rtl-sdr

pkgs.graylogPlugins.twiliosms

Alarm callback plugin for integrating the Twilio SMS API into Graylog

pkgs.python312Packages.aiosmb

Python SMB library

pkgs.python312Packages.osmapi

Python wrapper for the OSM API

pkgs.python313Packages.aiosmb

Python SMB library

pkgs.python313Packages.osmapi

Python wrapper for the OSM API

pkgs.kdePackages.kosmindoormap

OSM multi-floor indoor map renderer

pkgs.xdg-desktop-portal-cosmic

XDG Desktop Portal for the COSMIC Desktop Environment

pkgs.python312Packages.aiosmtpd

Asyncio based SMTP server

pkgs.python312Packages.pyosmium

Python bindings for libosmium

pkgs.python313Packages.aiosmtpd

Asyncio based SMTP server

pkgs.python313Packages.pyosmium

Python bindings for libosmium

pkgs.python312Packages.aiosmtplib

Module which provides a SMTP client

pkgs.python312Packages.py-aosmith

Python client library for A. O. Smith water heaters

pkgs.python313Packages.aiosmtplib

Module which provides a SMTP client

pkgs.python313Packages.py-aosmith

Python client library for A. O. Smith water heaters

pkgs.python312Packages.azure-cosmos

Azure Cosmos DB API

pkgs.python313Packages.azure-cosmos

Azure Cosmos DB API

pkgs.python312Packages.osmpythontools

Library to access OpenStreetMap-related services

pkgs.python313Packages.osmpythontools

Library to access OpenStreetMap-related services

pkgs.azure-cli-extensions.cosmosdb-preview

Microsoft Azure Command-Line Tools Cosmosdb-preview Extension

pkgs.python312Packages.azure-mgmt-cosmosdb

Module to work with the Microsoft Azure Cosmos DB Management

pkgs.python313Packages.azure-mgmt-cosmosdb

Module to work with the Microsoft Azure Cosmos DB Management

pkgs.home-assistant-component-tests.aosmith

Open source home automation that puts local control and privacy first

pkgs.python312Packages.azure-cosmosdb-nspkg

This is the Microsoft Azure CosmosDB namespace package

pkgs.python312Packages.azure-cosmosdb-table

This is the Microsoft Azure Log Analytics Client Library

pkgs.python313Packages.azure-cosmosdb-nspkg

This is the Microsoft Azure CosmosDB namespace package

pkgs.python313Packages.azure-cosmosdb-table

This is the Microsoft Azure Log Analytics Client Library
Package maintainers: 54
CVE-2024-43433
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: matrix user/power level management not always working as expected with suspended users

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-11079
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
Ansible-core: unsafe tagging bypass via hostvars object in ansible-core

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

ansible-core
=<2.18.0
*
rhelai1/bootc-nvidia-rhel9
rhelai1/bootc-azure-nvidia-rhel9
ansible-automation-platform/ee-29-rhel8
*
ansible-automation-platform/ee-minimal-rhel8
*
ansible-automation-platform/ee-minimal-rhel9
*
ansible-automation-platform/ansible-builder-rhel8
*
ansible-automation-platform/ansible-builder-rhel9
*

pkgs.ansible_2_16

Radically simple IT automation

pkgs.ansible_2_17

Radically simple IT automation

pkgs.ansible_2_18

Radically simple IT automation

pkgs.ansible_2_19

Radically simple IT automation

pkgs.python312Packages.ansible-core

Radically simple IT automation

pkgs.python313Packages.ansible-core

Radically simple IT automation
Package maintainers: 2
CVE-2024-43437
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: xss risk when restoring malicious course backup file

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-43430
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: lack of access control when using external methods for quiz overrides

A flaw was found in moodle. External API access to Quiz can override contained insufficient access control.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-43429
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: user information visibility control issues in gradebook reports

A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-51596
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Business plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nilesh Shiragave Business allows Stored XSS.This issue affects Business: from n/a through 1.3.

business
=<1.3

pkgs.haskellPackages.amazonka-alexa-business

Amazon Alexa For Business SDK

pkgs.python312Packages.types-aiobotocore-alexaforbusiness

Type annotations for aiobotocore alexaforbusiness

pkgs.python313Packages.types-aiobotocore-alexaforbusiness

Type annotations for aiobotocore alexaforbusiness
Package maintainers: 1