Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-50378
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.10.3 or a later version, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table.

apache-airflow
<2.10.3

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines
Package maintainers: 3
CVE-2024-43428
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: cache poisoning via injection into storage

To address a cache poisoning risk in Moodle, additional validation for local storage was required.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-43436
7.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Moodle: site administration sql injection via xmldb editor

A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-43426
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: arbitrary file read risk through pdftex

A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-43431
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: idor in badges allows deletion of arbitrary badges

A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-43440
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: lfi vulnerability when restoring malformed block backups

A flaw was found in moodle. A local file may include risks when restoring block backups.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-43425
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Moodle: remote code execution via calculated question types

A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-43438
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-43434
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Moodle: csrf risk in feedback non-respondents report

The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.

moodle
<4.1.12
<4.2.9
<4.4.2
<4.3.6

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2024-10963
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Pam: improper hostname interpretation in pam_access leads to access control bypass

A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.

pam
<1.7.0
==1.5.1
==1.3.1
*
rhcos
*
odh-rhel8-operator
odh-dashboard-rhel8
odh-modelmesh-rhel8
odh-operator-bundle
odh-mm-rest-proxy-rhel8
odh-model-registry-rhel8
rhoai/odh-dashboard-rhel8
*
odh-kueue-controller-rhel8
odh-mlmd-grpc-server-rhel8
odh-model-controller-rhel8
odh-trustyai-service-rhel8
odh-training-operator-rhel8
odh-codeflare-operator-rhel8
odh-ml-pipelines-driver-rhel8
odh-notebook-controller-rhel8
odh-ml-pipelines-launcher-rhel8
odh-kf-notebook-controller-rhel8
odh-model-registry-operator-rhel8
odh-modelmesh-runtime-adapter-rhel8
odh-trustyai-service-operator-rhel8
odh-ml-pipelines-api-server-v2-rhel8
odh-kuberay-operator-controller-rhel8
odh-modelmesh-serving-controller-rhel8
odh-ml-pipelines-persistenceagent-v2-rhel8
odh-ml-pipelines-scheduledworkflow-v2-rhel8
registry.redhat.io/rhoai/odh-dashboard-rhel8
*
odh-data-science-pipelines-argo-argoexec-rhel8
odh-data-science-pipelines-operator-controller-rhel8
odh-data-science-pipelines-argo-workflowcontroller-rhel8

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.opam

Package manager for OCaml

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

pkgs.dspam

Community Driven Antispam Filter

pkgs.pamix

Pulseaudio terminal mixer

pkgs.rspamd

Advanced spam filtering system

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

pkgs.pam_p11

Authentication with PKCS#11 modules

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

pkgs.pamixer

Pulseaudio command line mixer

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

pkgs.opam2json

Convert opam file syntax to JSON

pkgs.pam_dp9ik

dp9ik pam module

pkgs.pam_gnupg

Unlock GnuPG keys on login

pkgs.pam_mount

PAM module to mount volumes for a user session

pkgs.pam_mysql

PAM authentication module against a MySQL database

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

pkgs.pamtester

Utility program to test the PAM facility

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

pkgs.pam_rundir

Provide user runtime directory on Linux systems

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

pkgs.yubico-pam

Yubico PAM module

pkgs.pam-watchid

PAM plugin module that allows the Apple Watch to be used for authentication

pkgs.apparmor-pam

Mandatory access control system - PAM service

pkgs.opam-publish

Tool to ease contributions to opam repositories

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

pkgs.spamassassin

Open-Source Spam Filter

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

pkgs.libpam-wrapper

Wrapper for testing PAM modules

pkgs.opam-installer

Handle (un)installation from opam install files

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training

pkgs.pam_ssh_agent_auth

PAM module for authentication through the SSH agent

pkgs.decode-spam-headers

Script that helps you understand why your E-Mail ended up in Spam

pkgs.haskellPackages.pam

Haskell binding for C PAM API

pkgs.luaPackages.lua-pam

Lua module for PAM authentication

pkgs.google-authenticator

Two-step verification, with pam module

pkgs.lua51Packages.lua-pam

Lua module for PAM authentication

pkgs.lua52Packages.lua-pam

Lua module for PAM authentication

pkgs.lua53Packages.lua-pam

Lua module for PAM authentication

pkgs.kdePackages.kwallet-pam

PAM Integration with KWallet - Unlock KWallet when you login

pkgs.opensmtpd-filter-rspamd

OpenSMTPD filter integration for the Rspamd daemon

pkgs.python312Packages.pamqp

RabbitMQ Focused AMQP low-level library

pkgs.python313Packages.pamqp

RabbitMQ Focused AMQP low-level library

pkgs.python312Packages.pamela

PAM interface using ctypes

pkgs.python313Packages.pamela

PAM interface using ctypes

pkgs.stalwart-mail-spam-filter

Secure & modern all-in-one mail server Stalwart (spam-filter module)

pkgs.python312Packages.pypamtest

Wrapper for testing PAM modules

pkgs.python313Packages.pypamtest

Wrapper for testing PAM modules

pkgs.python312Packages.python-pam

Python pam module

pkgs.python313Packages.python-pam

Python pam module

pkgs.wordpressPackages.plugins.antispam-bee

pkgs.matrix-synapse-plugins.matrix-synapse-pam

PAM auth provider for the Synapse Matrix server

pkgs.matrix-synapse-plugins.synapse-http-antispam

Synapse module that forwards spam checking to an HTTP server

pkgs.matrix-synapse-plugins.matrix-synapse-mjolnir-antispam

AntiSpam / Banlist plugin to be used with mjolnir

pkgs.vscode-extensions.fabiospampinato.vscode-open-in-github

VS Code extension to open the current project or file in github.com
Package maintainers: 55