Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-49241
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Tito plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tady Walsh Tito allows DOM-Based XSS.This issue affects Tito: from n/a through 2.3.

tito
=<2.3

pkgs.flatito

Grep for keys in YAML and JSON files

pkgs.adif-multitool

Command-line program for working with ham logfiles

pkgs.vimPlugins.nvim-treesitter-parsers.chatito

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.python312Packages.sphinx-multitoc-numbering

Supporting continuous HTML section numbering

pkgs.python313Packages.sphinx-multitoc-numbering

Supporting continuous HTML section numbering
Package maintainers: 2
CVE-2024-22034
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 1 week ago
Crafted projects can overwrite special files in the .osc config directory

Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim

osc
<1.9.0-1.1
<0.183.0-15.18.1
<1.9.0-150400.10.6.1

pkgs.osc

Command line tool to access the system clipboard from anywhere using the ANSI OSC52 sequence

pkgs.OSCAR

Software for reviewing and exploring data produced by CPAP and related machines used in the treatment of sleep apnea

pkgs.oscar

Software for reviewing and exploring data produced by CPAP and related machines used in the treatment of sleep apnea

pkgs.c-blosc

Blocking, shuffling and loss-less compression library

pkgs.ergoscf

Quantum chemistry program for large-scale self-consistent field calculations

pkgs.osc-cli

Official Outscale CLI providing connectors to Outscale API

pkgs.oscclip

Program that allows to copy/paste from a terminal using osc-52 control sequences

pkgs.xoscope

Oscilloscope through the sound card

pkgs.badtouch

Scriptable network authentication cracker

pkgs.c-blosc2

Fast, compressed, persistent binary data store library for C

pkgs.octoscan

Static vulnerability scanner for GitHub action workflows

pkgs.oscavmgr

Face tracking & utilities for Resonite and VRChat

pkgs.talosctl

CLI for out-of-band management of Kubernetes nodes created by Talos

pkgs.touchosc

Next generation modular control surface

pkgs.cytoscape

General platform for complex network analysis and visualization

pkgs.picoscope

Oscilloscope application that works with all PicoScope models

pkgs.pyroscope

Continuous profiling platform; debug performance issues down to a single line of code

pkgs.xmloscopy

XML debugger

pkgs.authoscope

Scriptable network authentication cracker

pkgs.diffoscope

Perform in-depth comparison of files, archives, and directories

pkgs.hdf5-blosc

Filter for HDF5 that uses the Blosc compressor

pkgs.nethoscope

Listen to your network traffic

pkgs.protoscope

Simple, human-editable language for representing and emitting the Protobuf wire format

pkgs.vokoscreen

Simple GUI screencast recorder, using ffmpeg

pkgs.microscheme

Scheme subset for Atmel microcontrollers

pkgs.exoscale-cli

Command-line tool for everything at Exoscale: compute, storage, dns

pkgs.vokoscreen-ng

User friendly Open Source screencaster for Linux and Windows

pkgs.mpvScripts.uosc

Feature-rich minimalist proximity-based UI for MPV player

pkgs.iio-oscilloscope

GTK+ based oscilloscope application for interfacing with various IIO devices

pkgs.nomad-autoscaler

Autoscaling daemon for Nomad

pkgs.diffoscopeMinimal

Perform in-depth comparison of files, archives, and directories

pkgs.jack_oscrolloscope

Simple waveform viewer for JACK

pkgs.haskellPackages.hosc

Haskell Open Sound Control

pkgs.python312Packages.osc

Opensuse-commander with svn like handling

pkgs.python313Packages.osc

Opensuse-commander with svn like handling

pkgs.python312Packages.oscpy

Modern implementation of OSC for python2/3

pkgs.python313Packages.oscpy

Modern implementation of OSC for python2/3

pkgs.python312Packages.blosc2

Python wrapper for the extremely fast Blosc2 compression library

pkgs.python313Packages.blosc2

Python wrapper for the extremely fast Blosc2 compression library

pkgs.haskellPackages.vivid-osc

Open Sound Control encode/decode

pkgs.mpvScripts.mpv-osc-modern

Another MPV OSC Script

pkgs.mpvScripts.mpv-osc-tethys

OSC UI replacement for MPV with icons from the bomi video player

pkgs.python312Packages.osc-lib

OpenStackClient Library

pkgs.python312Packages.oschmod

Change file permissions on Windows, macOS, and Linux

pkgs.python313Packages.osc-lib

OpenStackClient Library

pkgs.python313Packages.oschmod

Change file permissions on Windows, macOS, and Linux

pkgs.python312Packages.oscrypto

Encryption library for Python

pkgs.python313Packages.oscrypto

Encryption library for Python

pkgs.python312Packages.oscscreen

Framework for developing console applications using Python and curses

pkgs.python313Packages.oscscreen

Framework for developing console applications using Python and curses

pkgs.python312Packages.boschshcpy

Python module to work with the Bosch Smart Home Controller API

pkgs.python312Packages.ionoscloud

Python API client for ionoscloud

pkgs.python312Packages.python-osc

Open Sound Control server and client in pure python

pkgs.python313Packages.boschshcpy

Python module to work with the Bosch Smart Home Controller API

pkgs.python313Packages.ionoscloud

Python API client for ionoscloud

pkgs.python313Packages.python-osc

Open Sound Control server and client in pure python

pkgs.terraform-providers.exoscale

pkgs.python312Packages.osc-diagram

Build Outscale cloud diagrams

pkgs.python313Packages.osc-diagram

Build Outscale cloud diagrams

pkgs.python312Packages.collidoscope

Python library to detect glyph collisions in fonts

pkgs.python313Packages.collidoscope

Python library to detect glyph collisions in fonts

pkgs.python312Packages.osc-placement

OpenStackClient plugin for the Placement service

pkgs.python313Packages.osc-placement

OpenStackClient plugin for the Placement service

pkgs.python312Packages.libpyfoscamcgi

Python Library for Foscam IP Cameras

pkgs.python312Packages.osc-sdk-python

SDK to perform actions on Outscale API

pkgs.python313Packages.libpyfoscamcgi

Python Library for Foscam IP Cameras

pkgs.python313Packages.osc-sdk-python

SDK to perform actions on Outscale API

pkgs.chickenPackages_5.chickenEggs.blosc

Bindings to the Blosc multi-threaded meta-compressor library

pkgs.python312Packages.bosch-alarm-mode2

Async Python library for interacting with Bosch Alarm Panels supporting the 'Mode 2' API

pkgs.python313Packages.bosch-alarm-mode2

Async Python library for interacting with Bosch Alarm Panels supporting the 'Mode 2' API

pkgs.grafanaPlugins.grafana-pyroscope-app

Integrate seamlessly with Pyroscope, the open-source continuous profiling platform, providing a smooth, query-less experience for browsing and analyzing profiling data

pkgs.haskellPackages.amazonka-autoscaling

Amazon Auto Scaling SDK

pkgs.home-assistant-component-tests.foscam

Open source home automation that puts local control and privacy first

pkgs.home-assistant-component-tests.bosch_shc

Open source home automation that puts local control and privacy first

pkgs.haskellPackages.amazonka-autoscaling-plans

Amazon Auto Scaling Plans SDK

pkgs.home-assistant-component-tests.bosch_alarm

Open source home automation that puts local control and privacy first

pkgs.vimPlugins.nvim-treesitter-parsers.typoscript

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.typstPackages.shuosc-shu-bachelor-thesis_0_1_1

上海大学本科生毕业论文 Typst 模板 - 上海大学开源社区版 (SHUOSC

pkgs.typstPackages.shuosc-shu-bachelor-thesis_0_1_2

上海大学本科生毕业论文 Typst 模板 - 上海大学开源社区版 (SHUOSC

pkgs.typstPackages.shuosc-shu-bachelor-thesis_0_1_4

上海大学本科生毕业论文 Typst 模板 - 上海大学开源社区版 (SHUOSC

pkgs.typstPackages.shuosc-shu-bachelor-thesis_0_1_5

上海大学本科生毕业论文 Typst 模板 - 上海大学开源社区版 (SHUOSC

pkgs.typstPackages.shuosc-shu-bachelor-thesis_0_2_0

上海大学本科生毕业论文 Typst 模板 - 上海大学开源社区版 (SHUOSC

pkgs.typstPackages.shuosc-shu-bachelor-thesis_0_2_1

上海大学本科生毕业论文 Typst 模板 - 上海大学开源社区版 (SHUOSC

pkgs.typstPackages.shuosc-shu-bachelor-thesis_0_2_2

上海大学本科生毕业论文 Typst 模板 - 上海大学开源社区版 (SHUOSC

pkgs.typstPackages.shuosc-shu-bachelor-thesis_0_3_1

上海大学本科生毕业论文 Typst 模板 - 上海大学开源社区版 (SHUOSC

pkgs.python312Packages.types-aiobotocore-autoscaling

Type annotations for aiobotocore autoscaling

pkgs.python313Packages.types-aiobotocore-autoscaling

Type annotations for aiobotocore autoscaling

pkgs.haskellPackages.amazonka-application-autoscaling

Amazon Application Auto Scaling SDK

pkgs.python312Packages.types-aiobotocore-autoscaling-plans

Type annotations for aiobotocore autoscaling-plans

pkgs.python313Packages.types-aiobotocore-autoscaling-plans

Type annotations for aiobotocore autoscaling-plans

pkgs.python312Packages.types-aiobotocore-application-autoscaling

Type annotations for aiobotocore application-autoscaling

pkgs.python313Packages.types-aiobotocore-application-autoscaling

Type annotations for aiobotocore application-autoscaling
Package maintainers: 51
@lf- Jade Lovelace
CVE-2023-32190
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable

mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.

mlocate
<0.26-37.1

pkgs.mlocate

Merging locate is an utility to index and quickly search for files
CVE-2024-22029
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
tomcat packaging allows for escalation to root from tomcat user

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

tomcat
<9.0.85-150200.57.1
<9.0.85-3.1

pkgs.tomcat9

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat10

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat11

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat-native

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc

pkgs.tomcat_mysql_jdbc

pkgs.apachetomcatscanner

Tool to scan for Apache Tomcat server vulnerabilities
Package maintainers: 3
CVE-2024-9676
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

cri-o
*
conmon
podman
*
skopeo
buildah
*
containers/storage
<1.55.1
container-tools:rhel8
*
quay/quay-builder-rhel8
ocp-tools-4/jenkins-rhel8
container-tools:rhel8/conmon
container-tools:rhel8/podman
container-tools:rhel8/skopeo
container-tools:rhel8/buildah
openshift4/ose-docker-builder
*
jenkins-agent-base-rhel9-container
openshift4/ose-docker-builder-rhel9
*
ocp-tools-4/jenkins-agent-base-rhel8

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.conmon

OCI container runtime monitor

pkgs.podman

Program for managing pods, containers and container images

pkgs.skopeo

Command line utility for various operations on container images and image repositories

pkgs.buildah

Tool which facilitates building OCI images

pkgs.conmon-rs

OCI container runtime monitor written in Rust

pkgs.podman-tui

Podman Terminal UI

pkgs.podman-bootc

Streamlining podman+bootc interactions

pkgs.podman-compose

Implementation of docker-compose with podman backend

pkgs.podman-desktop

Graphical tool for developing on containers and Kubernetes

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.buildah-unwrapped

Tool which facilitates building OCI images

pkgs.nomad-driver-podman

Podman task driver for Nomad

pkgs.python312Packages.podman

Python bindings for Podman's RESTful API

pkgs.python313Packages.podman

Python bindings for Podman's RESTful API
Package maintainers: 11
CVE-2024-9979
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
Pyo3: risk of use-after-free in `borrowed` reads from python weak references

A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.

pyo3
<0.22.4
python-rpds-py
python3.11-nh3
python3.11-rpds-py
python3.11-cryptography
python3.12-cryptography

pkgs.python312Packages.cryptography

Package which provides cryptographic recipes and primitives
Package maintainers: 1
CVE-2024-8376 created 1 month, 1 week ago
Memory leak

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

mosquitto
==2.0.19
==2.0.18

pkgs.mosquitto

Open source MQTT v3.1/3.1.1/5.0 broker

pkgs.haskellPackages.mosquitto-hs

Mosquitto client library bindings

pkgs.chickenPackages_5.chickenEggs.mosquitto

Bindings to mosquitto MQTT client library
Package maintainers: 2
CVE-2024-9675
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago
Buildah: buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

cri-o
conmon
podman
*
skopeo
buildah
<1.38.0
*
buildah-container
container-tools:rhel8
*
quay/quay-builder-rhel8
ocp-tools-4/jenkins-rhel8
container-tools:rhel8/conmon
container-tools:rhel8/podman
container-tools:rhel8/skopeo
container-tools:rhel8/buildah
openshift4/ose-docker-builder
*
openshift4/ose-docker-builder-rhel9
*
ocp-tools-4/jenkins-agent-base-rhel8
openshift-enterprise-builder-container
*

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.conmon

OCI container runtime monitor

pkgs.podman

Program for managing pods, containers and container images

pkgs.skopeo

Command line utility for various operations on container images and image repositories

pkgs.buildah

Tool which facilitates building OCI images

pkgs.conmon-rs

OCI container runtime monitor written in Rust

pkgs.podman-tui

Podman Terminal UI

pkgs.podman-bootc

Streamlining podman+bootc interactions

pkgs.podman-compose

Implementation of docker-compose with podman backend

pkgs.podman-desktop

Graphical tool for developing on containers and Kubernetes

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.buildah-unwrapped

Tool which facilitates building OCI images

pkgs.nomad-driver-podman

Podman task driver for Nomad

pkgs.python312Packages.podman

Python bindings for Podman's RESTful API

pkgs.python313Packages.podman

Python bindings for Podman's RESTful API
Package maintainers: 11
CVE-2024-47356
5.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Create theme <= 2.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1.

create
=<2.9.1

pkgs.create-dmg

Shell script to build fancy DMGs

pkgs.createrepo_c

C implementation of createrepo

pkgs.create-cycle-app

Create Cycle.js with no build configuration

pkgs.x-create-mouse-void

Creates an undecorated black window and prevents the mouse from entering that window

pkgs.arduino-create-agent

Agent to upload code to any USB connected Arduino board directly from the browser

pkgs.darwin.linux-builder

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.elmPackages.create-elm-app

Create Elm apps with no build configuration

pkgs.darwin.linux-builder-x86_64

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.nodePackages.create-cycle-app

Create Cycle.js with no build configuration

pkgs.haskellPackages.openssl-createkey

Create OpenSSL keypairs

pkgs.nodePackages_latest.create-cycle-app

Create Cycle.js with no build configuration
Package maintainers: 4
CVE-2024-25590
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor

An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service.

pdns-recursor
<5.1.2
<5.0.9
<4.9.9

pkgs.pdns-recursor

Recursive DNS server
Package maintainers: 1