Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2024-49394 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 4 days ago @LeSuisse removed 11 packages pkgs.mutter 47.1 pkgs.mutt-ics 0.9.2 pkgs.mutter43 43.8 pkgs.mutt-wizard 3.3.1 pkgs.gnome.mutter 47.1 pkgs.notmuch-mutt 0.38.3 pkgs.gnome.mutter43 43.8 pkgs.pantheon.mutter 43.8 pkgs.xorg.fontmuttmisc 1.0.4 pkgs.emacsPackages.mutt-mode 20191102.2330 pkgs.vimPlugins.nvim-treesitter-parsers.muttrc 2 weeks, 1 day ago Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. mutt pkgs.mutt Small but very powerful text-based mail client nixos-24.11 2.2.13 pkgs.neomutt Small but very powerful text-based mail client nixos-24.11 20241002 Notify package maintainers: 3 @rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org> @RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz> @erikryb Erik Rybakken <erik.rybakken@math.ntnu.no> CVE-2024-49393 7.4 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 4 days ago @LeSuisse removed 11 packages pkgs.mutter 47.1 pkgs.mutt-ics 0.9.2 pkgs.mutter43 43.8 pkgs.mutt-wizard 3.3.1 pkgs.gnome.mutter 47.1 pkgs.notmuch-mutt 0.38.3 pkgs.gnome.mutter43 43.8 pkgs.pantheon.mutter 43.8 pkgs.xorg.fontmuttmisc 1.0.4 pkgs.emacsPackages.mutt-mode 20191102.2330 pkgs.vimPlugins.nvim-treesitter-parsers.muttrc 2 weeks, 1 day ago Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality. mutt pkgs.mutt Small but very powerful text-based mail client nixos-24.11 2.2.13 pkgs.neomutt Small but very powerful text-based mail client nixos-24.11 20241002 Notify package maintainers: 3 @rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org> @RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz> @erikryb Erik Rybakken <erik.rybakken@math.ntnu.no> CVE-2024-11079 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 2 weeks, 4 days ago Ansible-core: unsafe tagging bypass via hostvars object in ansible-core A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. ansible-core =<2.18.0 rhelai1/bootc-nvidia-rhel9 rhelai1/bootc-azure-nvidia-rhel9 ansible-automation-platform/ee-29-rhel8 * ansible-automation-platform/ee-minimal-rhel8 * ansible-automation-platform/ee-minimal-rhel9 * ansible-automation-platform/ansible-builder-rhel8 * ansible-automation-platform/ansible-builder-rhel9 * pkgs.ansible Radically simple IT automation nixos-24.11 2.17.6 pkgs.ansible_2_16 Radically simple IT automation nixos-24.11 2.16.8 pkgs.ansible_2_17 Radically simple IT automation nixos-24.11 2.17.6 pkgs.python311Packages.ansible-core Radically simple IT automation nixos-24.11 2.17.6 pkgs.python312Packages.ansible-core Radically simple IT automation nixos-24.11 2.17.6 CVE-2024-10963 7.4 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 4 days ago @LeSuisse removed 22 packages pkgs.rspamd 3.10.2 pkgs.pamix 1.6 pkgs.dspam 3.10.2 pkgs.ipam 0.3.0-1 pkgs.opam 2.3.0 pkgs.paml 4.10.7 pkgs.matrix-synapse-plugins.matrix-synapse-mjolnir-antispam 1.8.3 pkgs.vscode-extensions.fabiospampinato.vscode-open-in-github 2.3.0 pkgs.matrix-synapse-plugins.matrix-synapse-pam 0.1.3 pkgs.emacsPackages.opam-switch-mode 20230802.917 pkgs.python312Packages.python-pam 2.0.2 pkgs.python311Packages.python-pam 2.0.2 pkgs.python312Packages.pypamtest 1.1.5 pkgs.python311Packages.pypamtest 1.1.5 pkgs.plasma5Packages.kwallet-pam 5.27.11 pkgs.python312Packages.pamela 1.2.0 pkgs.python311Packages.pamela 1.2.0 pkgs.sbclPackages.cl-xmlspam 20101006-http pkgs.python312Packages.pamqp 3.3.0 pkgs.python311Packages.pamqp 3.3.0 pkgs.opensmtpd-filter-rspamd 0.1.8 pkgs.kdePackages.kwallet-pam 6.2.4 2 weeks, 1 day ago Pam: improper hostname interpretation in pam_access leads to access control bypass A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals. pam rhcos pkgs.pam Pluggable Authentication Modules, a flexible mechanism for authenticating user nixos-24.11 1.6.1 pkgs.openpam Open source PAM library that focuses on simplicity, correctness, and cleanliness nixos-24.11 20230627 pkgs.pam_p11 Authentication with PKCS#11 modules nixos-24.11 0.3.1 pkgs.pam_u2f PAM module for allowing authentication with a U2F device nixos-24.11 1.3.0 pkgs.pamixer Pulseaudio command line mixer nixos-24.11 1.6 pkgs.dopamine Audio player that keeps it simple nixos-24.11 3.0.0-preview.35 pkgs.pam_krb5 PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC nixos-24.11 krb5-4.11 pkgs.pam_ldap LDAP backend for PAM nixos-24.11 186 pkgs.pam_rssh PAM module for authenticating via ssh-agent, written in Rust nixos-24.11 1.2.0-rc2 pkgs.pam_ussh PAM module to authenticate using SSH certificates nixos-24.11 20210615 pkgs.linux-pam Pluggable Authentication Modules, a flexible mechanism for authenticating user nixos-24.11 1.6.1 pkgs.ncpamixer Terminal mixer for PulseAudio inspired by pavucontrol nixos-24.11 1.3.7 pkgs.opam2json convert opam file syntax to JSON nixos-24.11 0.4 pkgs.pam_dp9ik dp9ik pam module nixos-24.11 1.6.5 pkgs.pam_gnupg Unlock GnuPG keys on login nixos-24.11 0.4 pkgs.pam_mount PAM module to mount volumes for a user session nixos-24.11 2.20 pkgs.pam_mysql PAM authentication module against a MySQL database nixos-24.11 1.0.0-beta2 pkgs.pam_pgsql Support to authenticate against PostgreSQL for PAM-enabled appliations nixos-24.11 2020-05-05 pkgs.pamtester Utility program to test the PAM facility nixos-24.11 0.1.2 pkgs.pam_ccreds PAM module to locally authenticate using an enterprise identity when the network is unavailable nixos-24.11 10 pkgs.pam_mktemp PAM for login service to provide per-user private directories nixos-24.11 1.1.1 pkgs.pam_tmpdir PAM module for creating safe per-user temporary directories nixos-24.11 0.09 pkgs.yubico-pam Yubico PAM module nixos-24.11 2.27 pkgs.xtrlock-pam PAM based X11 screen locker nixos-24.11 3.4-post-20150909 pkgs.apparmor-pam Mandatory access control system - PAM service nixos-24.11 4.0.3 pkgs.opam-publish Tool to ease contributions to opam repositories nixos-24.11 2.4.0 pkgs.pam-reattach Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux) nixos-24.11 1.3 pkgs.spamassassin Open-Source Spam Filter nixos-24.11 4.0.1 pkgs.nss_pam_ldapd LDAP identity and authentication for NSS/PAM nixos-24.11 0.9.12 pkgs.libpam-wrapper Wrapper for testing PAM modules nixos-24.11 1.1.5 pkgs.opam-installer Handle (un)installation from opam install files nixos-24.11 2.3.0 pkgs.pam-honeycreds PAM module that sends warnings when fake passwords are used nixos-24.11 1.9 pkgs.rspamd-trainer Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training nixos-24.11 2023-11-27 pkgs.emacsPackages.opam nixos-24.11 20150719.1220 pkgs.pam_ssh_agent_auth PAM module for authentication through the SSH agent nixos-24.11 0.10.4 pkgs.decode-spam-headers Script that helps you understand why your E-Mail ended up in Spam nixos-24.11 2022-09-22-unreleased pkgs.haskellPackages.pam Haskell binding for C PAM API nixos-24.11 0.2.0.0 pkgs.luaPackages.lua-pam Lua module for PAM authentication nixos-24.11 2015-07-03 pkgs.google-authenticator Two-step verification, with pam module nixos-24.11 1.10 pkgs.emacsPackages.no-spam nixos-24.11 20190724.1854 pkgs.lua51Packages.lua-pam Lua module for PAM authentication nixos-24.11 2015-07-03 pkgs.lua52Packages.lua-pam Lua module for PAM authentication nixos-24.11 2015-07-03 pkgs.lua53Packages.lua-pam Lua module for PAM authentication nixos-24.11 2015-07-03 pkgs.emacsPackages.pamparam nixos-24.11 20210105.1513 pkgs.libsForQt5.kwallet-pam nixos-24.11 5.27.11 pkgs.rubyPackages_3_1.rpam2 nixos-24.11 rpam2-4.0.2 pkgs.rubyPackages_3_2.rpam2 nixos-24.11 rpam2-4.0.2 pkgs.rubyPackages_3_3.rpam2 nixos-24.11 rpam2-4.0.2 pkgs.rubyPackages_3_4.rpam2 nixos-24.11 rpam2-4.0.2 Notify package maintainers: 31 @matthewbauer Matthew Bauer <mjbauer95@gmail.com> @sbourdeauducq Sébastien Bourdeauducq <sb@m-labs.hk> @philandstuff Philip Potter <philip.g.potter@gmail.com> @thiagokokada Thiago K. Okada <thiagokokada@gmail.com> @Guanran928 Guanran928 <guanran928@outlook.com> @Kranzes Ilan Joselevich <personal@ilanjoselevich.com> @lukegb Luke Granger-Brown <nix@lukegb.com> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> @tanneberger Tassilo Tanneberger <revol-xut@protonmail.com> @oxapentane Grigory Shipunov <blame@oxapentane.com> @astro Astro <astro@spaceboyz.net> @balsoft Alexander Bantyev <balsoft75@gmail.com> @majiru Jacob Moody <moody@posixcafe.org> @mtreca Maxime Tréca <maxime.treca@gmail.com> @NetaliDev Jennifer Graul <me@netali.de> @abbradar Nikolay Amiantov <ab@fmap.me> @wladmis Wladmis <dev@wladmis.org> @peterhoeg Peter Hoeg <peter@hoeg.com> @ondt Ondrej Telka <nix@ondt.dev> @ju1m Julien Moutinho <julm+nixpkgs@sourcephile.fr> @thoughtpolice Austin Seipp <aseipp@pobox.com> @niols Nicolas Jeannerod <niols@niols.fr> @lockejan Jan Schmitt <git@smittie.de> @qknight Joachim Schiele <js@lastlog.de> @alyssais Alyssa Ross <hi@alyssa.is> @h7x4 h7x4 <h7x4@nani.wtf> @onny Jonas Heinrich <onny@project-insanity.org> @traxys Quentin Boyer <quentin+dev@familleboyer.net> @aneeshusa Aneesh Agrawal <aneeshusa@gmail.com> @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @nyanloutre Paul Trehiou <paul@nyanlout.re> CVE-2024-10295 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 4 days ago Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream. gateway =<2.14.2 3scale-amp-apicast-gateway-container pkgs.grpc-gateway A gRPC to JSON proxy generator plugin for Google Protocol Buffers nixos-24.11 2.22.0 pkgs.janus-gateway General purpose WebRTC server nixos-24.11 1.3.0 pkgs.ingress2gateway Convert Ingress resources to Gateway API resources nixos-24.11 0.3.0 pkgs.jetbrains.gateway Remote development for JetBrains products nixos-24.11 2024.3 pkgs.prometheus-pushgateway Allows ephemeral and batch jobs to expose metrics to Prometheus nixos-24.11 1.10.0 pkgs.python311Packages.dask-gateway Client library for interacting with a dask-gateway server nixos-24.11 2023.1.1 pkgs.python312Packages.dask-gateway Client library for interacting with a dask-gateway server nixos-24.11 2023.1.1 pkgs.azure-cli-extensions.arcgateway Microsoft Azure Command-Line Tools Arcgateway Extension nixos-24.11 1.0.0b1 pkgs.python311Packages.aioruuvigateway Asyncio-native library for requesting data from a Ruuvi Gateway nixos-24.11 0.1.0 pkgs.python311Packages.pyxiaomigateway Python library to communicate with the Xiaomi Gateway nixos-24.11 0.14.3 pkgs.python311Packages.quantum-gateway Python library for interacting with Verizon Fios Quantum gateway devices nixos-24.11 0.0.8 pkgs.python312Packages.aioruuvigateway Asyncio-native library for requesting data from a Ruuvi Gateway nixos-24.11 0.1.0 pkgs.python312Packages.pyxiaomigateway Python library to communicate with the Xiaomi Gateway nixos-24.11 0.14.3 pkgs.python312Packages.quantum-gateway Python library for interacting with Verizon Fios Quantum gateway devices nixos-24.11 0.0.8 pkgs.haskellPackages.amazonka-apigateway Amazon API Gateway SDK nixos-24.11 2.0 pkgs.haskellPackages.amazonka-apigatewayv2 Amazon ApiGatewayV2 SDK nixos-24.11 apigatewayv2-2.0 pkgs.python311Packages.dask-gateway-server Multi-tenant server for securely deploying and managing multiple Dask clusters nixos-24.11 2023.9.0 pkgs.python312Packages.dask-gateway-server Multi-tenant server for securely deploying and managing multiple Dask clusters nixos-24.11 2023.9.0 pkgs.haskellPackages.amazonka-backup-gateway Amazon Backup Gateway SDK nixos-24.11 2.0 pkgs.haskellPackages.amazonka-storagegateway Amazon Storage Gateway SDK nixos-24.11 2.0 pkgs.python311Packages.mypy-boto3-apigateway Type annotations for boto3 apigateway nixos-24.11 boto3-apigateway-1.35.25 pkgs.python312Packages.mypy-boto3-apigateway Type annotations for boto3 apigateway nixos-24.11 boto3-apigateway-1.35.25 pkgs.python311Packages.mypy-boto3-apigatewayv2 Type annotations for boto3 apigatewayv2 nixos-24.11 boto3-apigatewayv2-1.35.0 pkgs.python312Packages.mypy-boto3-apigatewayv2 Type annotations for boto3 apigatewayv2 nixos-24.11 boto3-apigatewayv2-1.35.0 pkgs.python311Packages.mypy-boto3-backup-gateway Type annotations for boto3 backup-gateway nixos-24.11 boto3-backup-gateway-1.35.0 pkgs.python311Packages.mypy-boto3-storagegateway Type annotations for boto3 storagegateway nixos-24.11 boto3-storagegateway-1.35.50 pkgs.python312Packages.mypy-boto3-backup-gateway Type annotations for boto3 backup-gateway nixos-24.11 boto3-backup-gateway-1.35.0 pkgs.python312Packages.mypy-boto3-storagegateway Type annotations for boto3 storagegateway nixos-24.11 boto3-storagegateway-1.35.50 pkgs.home-assistant-component-tests.ruuvi_gateway Open source home automation that puts local control and privacy first nixos-24.11 2024.11.1 pkgs.python311Packages.types-aiobotocore-apigateway Type annotations for aiobotocore apigateway nixos-24.11 2.15.2 pkgs.python312Packages.types-aiobotocore-apigateway Type annotations for aiobotocore apigateway nixos-24.11 2.15.2 pkgs.haskellPackages.amazonka-apigatewaymanagementapi Amazon ApiGatewayManagementApi SDK nixos-24.11 2.0 pkgs.home-assistant-custom-components.xiaomi_gateway3 Home Assistant custom component for control Xiaomi Multimode Gateway (aka Gateway 3), Xiaomi Multimode Gateway 2, Aqara Hub E1 on default firmwares over LAN nixos-24.11 xiaomi_gateway3-4.0.6 pkgs.python311Packages.types-aiobotocore-apigatewayv2 Type annotations for aiobotocore apigatewayv2 nixos-24.11 apigatewayv2-2.15.2 pkgs.python312Packages.types-aiobotocore-apigatewayv2 Type annotations for aiobotocore apigatewayv2 nixos-24.11 apigatewayv2-2.15.2 pkgs.python311Packages.types-aiobotocore-backup-gateway Type annotations for aiobotocore backup-gateway nixos-24.11 2.15.2 pkgs.python311Packages.types-aiobotocore-storagegateway Type annotations for aiobotocore storagegateway nixos-24.11 2.15.2 pkgs.python312Packages.types-aiobotocore-backup-gateway Type annotations for aiobotocore backup-gateway nixos-24.11 2.15.2 pkgs.python312Packages.types-aiobotocore-storagegateway Type annotations for aiobotocore storagegateway nixos-24.11 2.15.2 pkgs.python311Packages.mypy-boto3-apigatewaymanagementapi Type annotations for boto3 apigatewaymanagementapi nixos-24.11 boto3-apigatewaymanagementapi-1.35.0 pkgs.python312Packages.mypy-boto3-apigatewaymanagementapi Type annotations for boto3 apigatewaymanagementapi nixos-24.11 boto3-apigatewaymanagementapi-1.35.0 pkgs.python311Packages.types-aiobotocore-apigatewaymanagementapi Type annotations for aiobotocore apigatewaymanagementapi nixos-24.11 2.15.2 pkgs.python312Packages.types-aiobotocore-apigatewaymanagementapi Type annotations for aiobotocore apigatewaymanagementapi nixos-24.11 2.15.2 Notify package maintainers: 11 @happyalu Alok Parlikar <alok@parlikar.com> @fpletz Franz Pletz <fpletz@fnordicwalking.de> @arikgrahl Arik Grahl <mail@arik-grahl.de> @benley Benjamin Staffin <benley@gmail.com> @ulrikstrid Ulrik Strid <ulrik.strid@outlook.com> @katexochen Paul Meyer @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mbalatsko Maksym Balatsko <mbalatsko@gmail.com> @Mic92 Jörg Thalheim <joerg@thalheim.io> @azuwis Zhong Jianxin <azuwis@gmail.com> CVE-2010-3872 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 2 weeks, 5 days ago Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash. mod_fcgid CVE-2024-9979 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 3 weeks, 1 day ago Pyo3: risk of use-after-free in `borrowed` reads from python weak references A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references. pyo3 <0.22.4 python3.11-nh3 python3.11-rpds-py python3.11-cryptography python3.12-cryptography CVE-2024-9979 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 3 weeks, 1 day ago Pyo3: risk of use-after-free in `borrowed` reads from python weak references A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references. pyo3 <0.22.4 python3.11-nh3 python3.11-rpds-py python3.11-cryptography python3.12-cryptography CVE-2024-9902 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): LOW created 3 weeks, 1 day ago Ansible-core: ansible-core user may read/write unauthorized content A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. core ansible-core * ee-29-container * ee-minimal-container * openstack-ansible-core ansible-builder-container * ansible-automation-platform/ee-29-rhel8 * ansible-automation-platform/ee-minimal-rhel8 * ansible-automation-platform/ee-minimal-rhel9 * ansible-automation-platform/ansible-builder-rhel8 * ansible-automation-platform/ansible-builder-rhel9 *
CVE-2024-49394 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 4 days ago @LeSuisse removed 11 packages pkgs.mutter 47.1 pkgs.mutt-ics 0.9.2 pkgs.mutter43 43.8 pkgs.mutt-wizard 3.3.1 pkgs.gnome.mutter 47.1 pkgs.notmuch-mutt 0.38.3 pkgs.gnome.mutter43 43.8 pkgs.pantheon.mutter 43.8 pkgs.xorg.fontmuttmisc 1.0.4 pkgs.emacsPackages.mutt-mode 20191102.2330 pkgs.vimPlugins.nvim-treesitter-parsers.muttrc 2 weeks, 1 day ago Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. mutt pkgs.mutt Small but very powerful text-based mail client nixos-24.11 2.2.13 pkgs.neomutt Small but very powerful text-based mail client nixos-24.11 20241002 Notify package maintainers: 3 @rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org> @RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz> @erikryb Erik Rybakken <erik.rybakken@math.ntnu.no>
CVE-2024-49393 7.4 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 4 days ago @LeSuisse removed 11 packages pkgs.mutter 47.1 pkgs.mutt-ics 0.9.2 pkgs.mutter43 43.8 pkgs.mutt-wizard 3.3.1 pkgs.gnome.mutter 47.1 pkgs.notmuch-mutt 0.38.3 pkgs.gnome.mutter43 43.8 pkgs.pantheon.mutter 43.8 pkgs.xorg.fontmuttmisc 1.0.4 pkgs.emacsPackages.mutt-mode 20191102.2330 pkgs.vimPlugins.nvim-treesitter-parsers.muttrc 2 weeks, 1 day ago Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality. mutt pkgs.mutt Small but very powerful text-based mail client nixos-24.11 2.2.13 pkgs.neomutt Small but very powerful text-based mail client nixos-24.11 20241002 Notify package maintainers: 3 @rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org> @RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz> @erikryb Erik Rybakken <erik.rybakken@math.ntnu.no>
CVE-2024-11079 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 2 weeks, 4 days ago Ansible-core: unsafe tagging bypass via hostvars object in ansible-core A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. ansible-core =<2.18.0 rhelai1/bootc-nvidia-rhel9 rhelai1/bootc-azure-nvidia-rhel9 ansible-automation-platform/ee-29-rhel8 * ansible-automation-platform/ee-minimal-rhel8 * ansible-automation-platform/ee-minimal-rhel9 * ansible-automation-platform/ansible-builder-rhel8 * ansible-automation-platform/ansible-builder-rhel9 * pkgs.ansible Radically simple IT automation nixos-24.11 2.17.6 pkgs.ansible_2_16 Radically simple IT automation nixos-24.11 2.16.8 pkgs.ansible_2_17 Radically simple IT automation nixos-24.11 2.17.6 pkgs.python311Packages.ansible-core Radically simple IT automation nixos-24.11 2.17.6 pkgs.python312Packages.ansible-core Radically simple IT automation nixos-24.11 2.17.6
CVE-2024-10963 7.4 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE updated 2 weeks, 1 day ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 4 days ago @LeSuisse removed 22 packages pkgs.rspamd 3.10.2 pkgs.pamix 1.6 pkgs.dspam 3.10.2 pkgs.ipam 0.3.0-1 pkgs.opam 2.3.0 pkgs.paml 4.10.7 pkgs.matrix-synapse-plugins.matrix-synapse-mjolnir-antispam 1.8.3 pkgs.vscode-extensions.fabiospampinato.vscode-open-in-github 2.3.0 pkgs.matrix-synapse-plugins.matrix-synapse-pam 0.1.3 pkgs.emacsPackages.opam-switch-mode 20230802.917 pkgs.python312Packages.python-pam 2.0.2 pkgs.python311Packages.python-pam 2.0.2 pkgs.python312Packages.pypamtest 1.1.5 pkgs.python311Packages.pypamtest 1.1.5 pkgs.plasma5Packages.kwallet-pam 5.27.11 pkgs.python312Packages.pamela 1.2.0 pkgs.python311Packages.pamela 1.2.0 pkgs.sbclPackages.cl-xmlspam 20101006-http pkgs.python312Packages.pamqp 3.3.0 pkgs.python311Packages.pamqp 3.3.0 pkgs.opensmtpd-filter-rspamd 0.1.8 pkgs.kdePackages.kwallet-pam 6.2.4 2 weeks, 1 day ago Pam: improper hostname interpretation in pam_access leads to access control bypass A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals. pam rhcos pkgs.pam Pluggable Authentication Modules, a flexible mechanism for authenticating user nixos-24.11 1.6.1 pkgs.openpam Open source PAM library that focuses on simplicity, correctness, and cleanliness nixos-24.11 20230627 pkgs.pam_p11 Authentication with PKCS#11 modules nixos-24.11 0.3.1 pkgs.pam_u2f PAM module for allowing authentication with a U2F device nixos-24.11 1.3.0 pkgs.pamixer Pulseaudio command line mixer nixos-24.11 1.6 pkgs.dopamine Audio player that keeps it simple nixos-24.11 3.0.0-preview.35 pkgs.pam_krb5 PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC nixos-24.11 krb5-4.11 pkgs.pam_ldap LDAP backend for PAM nixos-24.11 186 pkgs.pam_rssh PAM module for authenticating via ssh-agent, written in Rust nixos-24.11 1.2.0-rc2 pkgs.pam_ussh PAM module to authenticate using SSH certificates nixos-24.11 20210615 pkgs.linux-pam Pluggable Authentication Modules, a flexible mechanism for authenticating user nixos-24.11 1.6.1 pkgs.ncpamixer Terminal mixer for PulseAudio inspired by pavucontrol nixos-24.11 1.3.7 pkgs.opam2json convert opam file syntax to JSON nixos-24.11 0.4 pkgs.pam_dp9ik dp9ik pam module nixos-24.11 1.6.5 pkgs.pam_gnupg Unlock GnuPG keys on login nixos-24.11 0.4 pkgs.pam_mount PAM module to mount volumes for a user session nixos-24.11 2.20 pkgs.pam_mysql PAM authentication module against a MySQL database nixos-24.11 1.0.0-beta2 pkgs.pam_pgsql Support to authenticate against PostgreSQL for PAM-enabled appliations nixos-24.11 2020-05-05 pkgs.pamtester Utility program to test the PAM facility nixos-24.11 0.1.2 pkgs.pam_ccreds PAM module to locally authenticate using an enterprise identity when the network is unavailable nixos-24.11 10 pkgs.pam_mktemp PAM for login service to provide per-user private directories nixos-24.11 1.1.1 pkgs.pam_tmpdir PAM module for creating safe per-user temporary directories nixos-24.11 0.09 pkgs.yubico-pam Yubico PAM module nixos-24.11 2.27 pkgs.xtrlock-pam PAM based X11 screen locker nixos-24.11 3.4-post-20150909 pkgs.apparmor-pam Mandatory access control system - PAM service nixos-24.11 4.0.3 pkgs.opam-publish Tool to ease contributions to opam repositories nixos-24.11 2.4.0 pkgs.pam-reattach Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux) nixos-24.11 1.3 pkgs.spamassassin Open-Source Spam Filter nixos-24.11 4.0.1 pkgs.nss_pam_ldapd LDAP identity and authentication for NSS/PAM nixos-24.11 0.9.12 pkgs.libpam-wrapper Wrapper for testing PAM modules nixos-24.11 1.1.5 pkgs.opam-installer Handle (un)installation from opam install files nixos-24.11 2.3.0 pkgs.pam-honeycreds PAM module that sends warnings when fake passwords are used nixos-24.11 1.9 pkgs.rspamd-trainer Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training nixos-24.11 2023-11-27 pkgs.emacsPackages.opam nixos-24.11 20150719.1220 pkgs.pam_ssh_agent_auth PAM module for authentication through the SSH agent nixos-24.11 0.10.4 pkgs.decode-spam-headers Script that helps you understand why your E-Mail ended up in Spam nixos-24.11 2022-09-22-unreleased pkgs.haskellPackages.pam Haskell binding for C PAM API nixos-24.11 0.2.0.0 pkgs.luaPackages.lua-pam Lua module for PAM authentication nixos-24.11 2015-07-03 pkgs.google-authenticator Two-step verification, with pam module nixos-24.11 1.10 pkgs.emacsPackages.no-spam nixos-24.11 20190724.1854 pkgs.lua51Packages.lua-pam Lua module for PAM authentication nixos-24.11 2015-07-03 pkgs.lua52Packages.lua-pam Lua module for PAM authentication nixos-24.11 2015-07-03 pkgs.lua53Packages.lua-pam Lua module for PAM authentication nixos-24.11 2015-07-03 pkgs.emacsPackages.pamparam nixos-24.11 20210105.1513 pkgs.libsForQt5.kwallet-pam nixos-24.11 5.27.11 pkgs.rubyPackages_3_1.rpam2 nixos-24.11 rpam2-4.0.2 pkgs.rubyPackages_3_2.rpam2 nixos-24.11 rpam2-4.0.2 pkgs.rubyPackages_3_3.rpam2 nixos-24.11 rpam2-4.0.2 pkgs.rubyPackages_3_4.rpam2 nixos-24.11 rpam2-4.0.2 Notify package maintainers: 31 @matthewbauer Matthew Bauer <mjbauer95@gmail.com> @sbourdeauducq Sébastien Bourdeauducq <sb@m-labs.hk> @philandstuff Philip Potter <philip.g.potter@gmail.com> @thiagokokada Thiago K. Okada <thiagokokada@gmail.com> @Guanran928 Guanran928 <guanran928@outlook.com> @Kranzes Ilan Joselevich <personal@ilanjoselevich.com> @lukegb Luke Granger-Brown <nix@lukegb.com> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> @tanneberger Tassilo Tanneberger <revol-xut@protonmail.com> @oxapentane Grigory Shipunov <blame@oxapentane.com> @astro Astro <astro@spaceboyz.net> @balsoft Alexander Bantyev <balsoft75@gmail.com> @majiru Jacob Moody <moody@posixcafe.org> @mtreca Maxime Tréca <maxime.treca@gmail.com> @NetaliDev Jennifer Graul <me@netali.de> @abbradar Nikolay Amiantov <ab@fmap.me> @wladmis Wladmis <dev@wladmis.org> @peterhoeg Peter Hoeg <peter@hoeg.com> @ondt Ondrej Telka <nix@ondt.dev> @ju1m Julien Moutinho <julm+nixpkgs@sourcephile.fr> @thoughtpolice Austin Seipp <aseipp@pobox.com> @niols Nicolas Jeannerod <niols@niols.fr> @lockejan Jan Schmitt <git@smittie.de> @qknight Joachim Schiele <js@lastlog.de> @alyssais Alyssa Ross <hi@alyssa.is> @h7x4 h7x4 <h7x4@nani.wtf> @onny Jonas Heinrich <onny@project-insanity.org> @traxys Quentin Boyer <quentin+dev@familleboyer.net> @aneeshusa Aneesh Agrawal <aneeshusa@gmail.com> @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @nyanloutre Paul Trehiou <paul@nyanlout.re>
pkgs.pam Pluggable Authentication Modules, a flexible mechanism for authenticating user nixos-24.11 1.6.1
pkgs.openpam Open source PAM library that focuses on simplicity, correctness, and cleanliness nixos-24.11 20230627
pkgs.pam_krb5 PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC nixos-24.11 krb5-4.11
pkgs.linux-pam Pluggable Authentication Modules, a flexible mechanism for authenticating user nixos-24.11 1.6.1
pkgs.pam_pgsql Support to authenticate against PostgreSQL for PAM-enabled appliations nixos-24.11 2020-05-05
pkgs.pam_ccreds PAM module to locally authenticate using an enterprise identity when the network is unavailable nixos-24.11 10
pkgs.pam-reattach Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux) nixos-24.11 1.3
pkgs.rspamd-trainer Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training nixos-24.11 2023-11-27
pkgs.decode-spam-headers Script that helps you understand why your E-Mail ended up in Spam nixos-24.11 2022-09-22-unreleased
CVE-2024-10295 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 4 days ago Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream. gateway =<2.14.2 3scale-amp-apicast-gateway-container pkgs.grpc-gateway A gRPC to JSON proxy generator plugin for Google Protocol Buffers nixos-24.11 2.22.0 pkgs.janus-gateway General purpose WebRTC server nixos-24.11 1.3.0 pkgs.ingress2gateway Convert Ingress resources to Gateway API resources nixos-24.11 0.3.0 pkgs.jetbrains.gateway Remote development for JetBrains products nixos-24.11 2024.3 pkgs.prometheus-pushgateway Allows ephemeral and batch jobs to expose metrics to Prometheus nixos-24.11 1.10.0 pkgs.python311Packages.dask-gateway Client library for interacting with a dask-gateway server nixos-24.11 2023.1.1 pkgs.python312Packages.dask-gateway Client library for interacting with a dask-gateway server nixos-24.11 2023.1.1 pkgs.azure-cli-extensions.arcgateway Microsoft Azure Command-Line Tools Arcgateway Extension nixos-24.11 1.0.0b1 pkgs.python311Packages.aioruuvigateway Asyncio-native library for requesting data from a Ruuvi Gateway nixos-24.11 0.1.0 pkgs.python311Packages.pyxiaomigateway Python library to communicate with the Xiaomi Gateway nixos-24.11 0.14.3 pkgs.python311Packages.quantum-gateway Python library for interacting with Verizon Fios Quantum gateway devices nixos-24.11 0.0.8 pkgs.python312Packages.aioruuvigateway Asyncio-native library for requesting data from a Ruuvi Gateway nixos-24.11 0.1.0 pkgs.python312Packages.pyxiaomigateway Python library to communicate with the Xiaomi Gateway nixos-24.11 0.14.3 pkgs.python312Packages.quantum-gateway Python library for interacting with Verizon Fios Quantum gateway devices nixos-24.11 0.0.8 pkgs.haskellPackages.amazonka-apigateway Amazon API Gateway SDK nixos-24.11 2.0 pkgs.haskellPackages.amazonka-apigatewayv2 Amazon ApiGatewayV2 SDK nixos-24.11 apigatewayv2-2.0 pkgs.python311Packages.dask-gateway-server Multi-tenant server for securely deploying and managing multiple Dask clusters nixos-24.11 2023.9.0 pkgs.python312Packages.dask-gateway-server Multi-tenant server for securely deploying and managing multiple Dask clusters nixos-24.11 2023.9.0 pkgs.haskellPackages.amazonka-backup-gateway Amazon Backup Gateway SDK nixos-24.11 2.0 pkgs.haskellPackages.amazonka-storagegateway Amazon Storage Gateway SDK nixos-24.11 2.0 pkgs.python311Packages.mypy-boto3-apigateway Type annotations for boto3 apigateway nixos-24.11 boto3-apigateway-1.35.25 pkgs.python312Packages.mypy-boto3-apigateway Type annotations for boto3 apigateway nixos-24.11 boto3-apigateway-1.35.25 pkgs.python311Packages.mypy-boto3-apigatewayv2 Type annotations for boto3 apigatewayv2 nixos-24.11 boto3-apigatewayv2-1.35.0 pkgs.python312Packages.mypy-boto3-apigatewayv2 Type annotations for boto3 apigatewayv2 nixos-24.11 boto3-apigatewayv2-1.35.0 pkgs.python311Packages.mypy-boto3-backup-gateway Type annotations for boto3 backup-gateway nixos-24.11 boto3-backup-gateway-1.35.0 pkgs.python311Packages.mypy-boto3-storagegateway Type annotations for boto3 storagegateway nixos-24.11 boto3-storagegateway-1.35.50 pkgs.python312Packages.mypy-boto3-backup-gateway Type annotations for boto3 backup-gateway nixos-24.11 boto3-backup-gateway-1.35.0 pkgs.python312Packages.mypy-boto3-storagegateway Type annotations for boto3 storagegateway nixos-24.11 boto3-storagegateway-1.35.50 pkgs.home-assistant-component-tests.ruuvi_gateway Open source home automation that puts local control and privacy first nixos-24.11 2024.11.1 pkgs.python311Packages.types-aiobotocore-apigateway Type annotations for aiobotocore apigateway nixos-24.11 2.15.2 pkgs.python312Packages.types-aiobotocore-apigateway Type annotations for aiobotocore apigateway nixos-24.11 2.15.2 pkgs.haskellPackages.amazonka-apigatewaymanagementapi Amazon ApiGatewayManagementApi SDK nixos-24.11 2.0 pkgs.home-assistant-custom-components.xiaomi_gateway3 Home Assistant custom component for control Xiaomi Multimode Gateway (aka Gateway 3), Xiaomi Multimode Gateway 2, Aqara Hub E1 on default firmwares over LAN nixos-24.11 xiaomi_gateway3-4.0.6 pkgs.python311Packages.types-aiobotocore-apigatewayv2 Type annotations for aiobotocore apigatewayv2 nixos-24.11 apigatewayv2-2.15.2 pkgs.python312Packages.types-aiobotocore-apigatewayv2 Type annotations for aiobotocore apigatewayv2 nixos-24.11 apigatewayv2-2.15.2 pkgs.python311Packages.types-aiobotocore-backup-gateway Type annotations for aiobotocore backup-gateway nixos-24.11 2.15.2 pkgs.python311Packages.types-aiobotocore-storagegateway Type annotations for aiobotocore storagegateway nixos-24.11 2.15.2 pkgs.python312Packages.types-aiobotocore-backup-gateway Type annotations for aiobotocore backup-gateway nixos-24.11 2.15.2 pkgs.python312Packages.types-aiobotocore-storagegateway Type annotations for aiobotocore storagegateway nixos-24.11 2.15.2 pkgs.python311Packages.mypy-boto3-apigatewaymanagementapi Type annotations for boto3 apigatewaymanagementapi nixos-24.11 boto3-apigatewaymanagementapi-1.35.0 pkgs.python312Packages.mypy-boto3-apigatewaymanagementapi Type annotations for boto3 apigatewaymanagementapi nixos-24.11 boto3-apigatewaymanagementapi-1.35.0 pkgs.python311Packages.types-aiobotocore-apigatewaymanagementapi Type annotations for aiobotocore apigatewaymanagementapi nixos-24.11 2.15.2 pkgs.python312Packages.types-aiobotocore-apigatewaymanagementapi Type annotations for aiobotocore apigatewaymanagementapi nixos-24.11 2.15.2 Notify package maintainers: 11 @happyalu Alok Parlikar <alok@parlikar.com> @fpletz Franz Pletz <fpletz@fnordicwalking.de> @arikgrahl Arik Grahl <mail@arik-grahl.de> @benley Benjamin Staffin <benley@gmail.com> @ulrikstrid Ulrik Strid <ulrik.strid@outlook.com> @katexochen Paul Meyer @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mbalatsko Maksym Balatsko <mbalatsko@gmail.com> @Mic92 Jörg Thalheim <joerg@thalheim.io> @azuwis Zhong Jianxin <azuwis@gmail.com>
pkgs.grpc-gateway A gRPC to JSON proxy generator plugin for Google Protocol Buffers nixos-24.11 2.22.0
pkgs.prometheus-pushgateway Allows ephemeral and batch jobs to expose metrics to Prometheus nixos-24.11 1.10.0
pkgs.python311Packages.dask-gateway Client library for interacting with a dask-gateway server nixos-24.11 2023.1.1
pkgs.python312Packages.dask-gateway Client library for interacting with a dask-gateway server nixos-24.11 2023.1.1
pkgs.azure-cli-extensions.arcgateway Microsoft Azure Command-Line Tools Arcgateway Extension nixos-24.11 1.0.0b1
pkgs.python311Packages.aioruuvigateway Asyncio-native library for requesting data from a Ruuvi Gateway nixos-24.11 0.1.0
pkgs.python311Packages.pyxiaomigateway Python library to communicate with the Xiaomi Gateway nixos-24.11 0.14.3
pkgs.python311Packages.quantum-gateway Python library for interacting with Verizon Fios Quantum gateway devices nixos-24.11 0.0.8
pkgs.python312Packages.aioruuvigateway Asyncio-native library for requesting data from a Ruuvi Gateway nixos-24.11 0.1.0
pkgs.python312Packages.pyxiaomigateway Python library to communicate with the Xiaomi Gateway nixos-24.11 0.14.3
pkgs.python312Packages.quantum-gateway Python library for interacting with Verizon Fios Quantum gateway devices nixos-24.11 0.0.8
pkgs.python311Packages.dask-gateway-server Multi-tenant server for securely deploying and managing multiple Dask clusters nixos-24.11 2023.9.0
pkgs.python312Packages.dask-gateway-server Multi-tenant server for securely deploying and managing multiple Dask clusters nixos-24.11 2023.9.0
pkgs.python311Packages.mypy-boto3-apigateway Type annotations for boto3 apigateway nixos-24.11 boto3-apigateway-1.35.25
pkgs.python312Packages.mypy-boto3-apigateway Type annotations for boto3 apigateway nixos-24.11 boto3-apigateway-1.35.25
pkgs.python311Packages.mypy-boto3-apigatewayv2 Type annotations for boto3 apigatewayv2 nixos-24.11 boto3-apigatewayv2-1.35.0
pkgs.python312Packages.mypy-boto3-apigatewayv2 Type annotations for boto3 apigatewayv2 nixos-24.11 boto3-apigatewayv2-1.35.0
pkgs.python311Packages.mypy-boto3-backup-gateway Type annotations for boto3 backup-gateway nixos-24.11 boto3-backup-gateway-1.35.0
pkgs.python311Packages.mypy-boto3-storagegateway Type annotations for boto3 storagegateway nixos-24.11 boto3-storagegateway-1.35.50
pkgs.python312Packages.mypy-boto3-backup-gateway Type annotations for boto3 backup-gateway nixos-24.11 boto3-backup-gateway-1.35.0
pkgs.python312Packages.mypy-boto3-storagegateway Type annotations for boto3 storagegateway nixos-24.11 boto3-storagegateway-1.35.50
pkgs.home-assistant-component-tests.ruuvi_gateway Open source home automation that puts local control and privacy first nixos-24.11 2024.11.1
pkgs.python311Packages.types-aiobotocore-apigateway Type annotations for aiobotocore apigateway nixos-24.11 2.15.2
pkgs.python312Packages.types-aiobotocore-apigateway Type annotations for aiobotocore apigateway nixos-24.11 2.15.2
pkgs.haskellPackages.amazonka-apigatewaymanagementapi Amazon ApiGatewayManagementApi SDK nixos-24.11 2.0
pkgs.home-assistant-custom-components.xiaomi_gateway3 Home Assistant custom component for control Xiaomi Multimode Gateway (aka Gateway 3), Xiaomi Multimode Gateway 2, Aqara Hub E1 on default firmwares over LAN nixos-24.11 xiaomi_gateway3-4.0.6
pkgs.python311Packages.types-aiobotocore-apigatewayv2 Type annotations for aiobotocore apigatewayv2 nixos-24.11 apigatewayv2-2.15.2
pkgs.python312Packages.types-aiobotocore-apigatewayv2 Type annotations for aiobotocore apigatewayv2 nixos-24.11 apigatewayv2-2.15.2
pkgs.python311Packages.types-aiobotocore-backup-gateway Type annotations for aiobotocore backup-gateway nixos-24.11 2.15.2
pkgs.python311Packages.types-aiobotocore-storagegateway Type annotations for aiobotocore storagegateway nixos-24.11 2.15.2
pkgs.python312Packages.types-aiobotocore-backup-gateway Type annotations for aiobotocore backup-gateway nixos-24.11 2.15.2
pkgs.python312Packages.types-aiobotocore-storagegateway Type annotations for aiobotocore storagegateway nixos-24.11 2.15.2
pkgs.python311Packages.mypy-boto3-apigatewaymanagementapi Type annotations for boto3 apigatewaymanagementapi nixos-24.11 boto3-apigatewaymanagementapi-1.35.0
pkgs.python312Packages.mypy-boto3-apigatewaymanagementapi Type annotations for boto3 apigatewaymanagementapi nixos-24.11 boto3-apigatewaymanagementapi-1.35.0
pkgs.python311Packages.types-aiobotocore-apigatewaymanagementapi Type annotations for aiobotocore apigatewaymanagementapi nixos-24.11 2.15.2
pkgs.python312Packages.types-aiobotocore-apigatewaymanagementapi Type annotations for aiobotocore apigatewaymanagementapi nixos-24.11 2.15.2
CVE-2010-3872 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 2 weeks, 5 days ago Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash. mod_fcgid
CVE-2024-9979 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 3 weeks, 1 day ago Pyo3: risk of use-after-free in `borrowed` reads from python weak references A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references. pyo3 <0.22.4 python3.11-nh3 python3.11-rpds-py python3.11-cryptography python3.12-cryptography
CVE-2024-9979 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 3 weeks, 1 day ago Pyo3: risk of use-after-free in `borrowed` reads from python weak references A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references. pyo3 <0.22.4 python3.11-nh3 python3.11-rpds-py python3.11-cryptography python3.12-cryptography
CVE-2024-9902 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): LOW created 3 weeks, 1 day ago Ansible-core: ansible-core user may read/write unauthorized content A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. core ansible-core * ee-29-container * ee-minimal-container * openstack-ansible-core ansible-builder-container * ansible-automation-platform/ee-29-rhel8 * ansible-automation-platform/ee-minimal-rhel8 * ansible-automation-platform/ee-minimal-rhel9 * ansible-automation-platform/ansible-builder-rhel8 * ansible-automation-platform/ansible-builder-rhel9 *