Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-8287
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not …

Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.

anbox
<1.23.1

pkgs.fanbox-dl

Pixiv FANBOX Downloader
Package maintainers: 1
CVE-2024-2419
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
Keycloak: path traversal in the redirect validation

A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.

keycloak
<22.0.10
<24.0.3
rhbk/keycloak-rhel9
*
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API
Package maintainers: 4
CVE-2024-44002
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Team Showcase plugin <= 1.22.25 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflected XSS.This issue affects Team Showcase: from n/a through 1.22.25.

team
=<1.22.25

pkgs.steam

Digital distribution platform

pkgs.git-team

Command line interface for managing and enhancing git commit messages with co-authors

pkgs.steamcmd

Steam command-line tools

pkgs.teamocil

Simple tool used to automatically create windows and panes in tmux with YAML files

pkgs.steam-acf

Tool to convert Steam .acf files to JSON

pkgs.steam-run

Run commands in the same FHS environment that is used for Steam
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.steam-tui

Rust TUI client for steamcmd

pkgs.steamback

Decky plugin to add versioned save-game snapshots to Steam-cloud enabled games

pkgs.steampipe

Dynamically query your cloud, code, logs & more with SQL

pkgs.steamworks

Configuration information distributed over LDAP in near realtime

pkgs.teamspeak3

TeamSpeak voice communication tool

pkgs.teamviewer

Desktop sharing application, providing remote support and online meetings

pkgs.adwsteamgtk

Simple Gtk wrapper for Adwaita-for-Steam

pkgs.steam-small

Digital distribution platform

pkgs.bitlbee-steam

Steam protocol plugin for BitlBee

pkgs.ArchiSteamFarm

Application with primary purpose of idling Steam cards from multiple accounts simultaneously

pkgs.steam-run-free

Run commands in the same FHS environment that is used for Steam
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.steamguard-cli

Linux utility for generating 2FA codes for Steam and managing Steam trade confirmations

pkgs.steam-play-none

Steam Play Compatibility Tool to run games as-is (This is intended for use in the `programs.steam.extraCompatPackages` option only.)

pkgs.steam-unwrapped

Digital distribution platform

pkgs.steamcontroller

Standalone Steam controller driver

pkgs.teams-for-linux

Unofficial Microsoft Teams client for Linux

pkgs.steam-run-native

Run commands in the same FHS environment that is used for Steam
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.teamspeak_client

TeamSpeak voice communication tool

pkgs.teamspeak_server

TeamSpeak voice communication server

pkgs.steam-rom-manager

App for managing ROMs in Steam

pkgs.steamtinkerlaunch

Linux wrapper tool for use with the Steam client for custom launch options and 3rd party programs

pkgs.teamspeak6-client

TeamSpeak voice communication tool (beta version)

pkgs.python312Packages.steam

Python package for interacting with Steam

pkgs.python313Packages.steam

Python package for interacting with Steam

pkgs.kodiPackages.steam-library

View your entire Steam library right from Kodi

pkgs.python312Packages.steamodd

High level Steam API implementation with low level reusable core

pkgs.python313Packages.steamodd

High level Steam API implementation with low level reusable core

pkgs.kodiPackages.steam-launcher

Launch Steam in Big Picture Mode from Kodi

pkgs.python312Packages.pymsteams

Python module to interact with Microsoft Teams

pkgs.python313Packages.pymsteams

Python module to interact with Microsoft Teams

pkgs.kodiPackages.steam-controller

Binary addon for steam controller

pkgs.python312Packages.aiosteamist

Module to control Steamist steam systems

pkgs.python313Packages.aiosteamist

Module to control Steamist steam systems

pkgs.haskellPackages.webex-teams-api

A Haskell bindings for Webex Teams API

pkgs.python312Packages.webexteamssdk

Python module for Webex Teams APIs

pkgs.postgresqlPackages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.haskellPackages.webex-teams-pipes

Pipes wrapper of Webex Teams List API

pkgs.postgresql13Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql14Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql15Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql16Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql18Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.haskellPackages.webex-teams-conduit

Conduit wrapper of Webex Teams List API

pkgs.python312Packages.teamcity-messages

Python unit test reporting to TeamCity

pkgs.python313Packages.teamcity-messages

Python unit test reporting to TeamCity

pkgs.pidginPackages.pidgin-opensteamworks

Plugin for Pidgin 2.x which implements Steam Friends/Steam IM compatibility

pkgs.python312Packages.bundlewrap-teamvault

Pull secrets from TeamVault into your BundleWrap repo

pkgs.python313Packages.bundlewrap-teamvault

Pull secrets from TeamVault into your BundleWrap repo

pkgs.steampipePackages.steampipe-plugin-aws

AWS Plugin for Steampipe

pkgs.home-assistant-component-tests.steamist

Open source home automation that puts local control and privacy first

pkgs.vscode-extensions.marp-team.marp-vscode

pkgs.steampipePackages.steampipe-plugin-azure

Azure Plugin for Steampipe

pkgs.steampipePackages.steampipe-plugin-github

GitHub Plugin for Steampipe

pkgs.home-assistant-component-tests.steam_online

Open source home automation that puts local control and privacy first

pkgs.vscode-extensions.vscode-icons-team.vscode-icons

Bring real icons to your Visual Studio Code
Package maintainers: 59
CVE-2024-1657
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 1 week ago
Ansible automation platform: insecure websocket used when interacting with eda server

A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.

ansible
<2.4
ansible-rulebook
*
automation-eda-controller
*
ansible-automation-platform-installer
*

pkgs.ansible-cmdb

Generate host overview from ansible fact gathering output

pkgs.ansible-lint

Best practices checker for Ansible

pkgs.ansible_2_16

Radically simple IT automation

pkgs.ansible_2_17

Radically simple IT automation

pkgs.ansible_2_18

Radically simple IT automation

pkgs.ansible_2_19

Radically simple IT automation

pkgs.ansible-doctor

Annotation based documentation for your Ansible roles

pkgs.ansible-builder

Ansible execution environment builder

pkgs.ansible-navigator

Text-based user interface (TUI) for Ansible

pkgs.ansible-language-server

Ansible Language Server

pkgs.python312Packages.ansible

Radically simple IT automation

pkgs.python313Packages.ansible

Radically simple IT automation

pkgs.terraform-providers.ansible

pkgs.python312Packages.ansible-core

Radically simple IT automation

pkgs.python313Packages.ansible-core

Radically simple IT automation

pkgs.python312Packages.ansible-compat

Function collection that help interacting with various versions of Ansible

pkgs.python312Packages.ansible-kernel

Ansible kernel for Jupyter

pkgs.python312Packages.ansible-runner

Helps when interfacing with Ansible

pkgs.python312Packages.pytest-ansible

Plugin for pytest to simplify calling ansible modules from tests or fixtures

pkgs.python313Packages.ansible-compat

Function collection that help interacting with various versions of Ansible

pkgs.python313Packages.ansible-kernel

Ansible kernel for Jupyter

pkgs.python313Packages.ansible-runner

Helps when interfacing with Ansible

pkgs.python313Packages.pytest-ansible

Plugin for pytest to simplify calling ansible modules from tests or fixtures

pkgs.vscode-extensions.redhat.ansible

Ansible language support

pkgs.python312Packages.ansible-builder

Ansible execution environment builder

pkgs.python313Packages.ansible-builder

Ansible execution environment builder

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python312Packages.ansible-vault-rw

This project aim to R/W an ansible-vault yaml file

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python313Packages.ansible-vault-rw

This project aim to R/W an ansible-vault yaml file
Package maintainers: 13
CVE-2024-44056
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Mantra theme <= 3.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2.

mantra
=<3.3.2

pkgs.mantra

Tool used to hunt down API key leaks in JS files and pages
Package maintainers: 1
CVE-2024-8775
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 1 week ago
Ansible: exposure of sensitive information in ansible vault files due to improper logging

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

ansible
ansible-core
=<2.17.4
*
ee-29-container
*
ee-minimal-container
*
ansible-builder-container
*
discovery-server-container
rhelai1/bootc-nvidia-rhel9
discovery/discovery-ui-rhel9
*
discovery/discovery-server-rhel9
*
ansible-automation-platform/ee-29-rhel8
*
ansible-automation-platform/ee-minimal-rhel8
*
ansible-automation-platform/ee-minimal-rhel9
*
ansible-automation-platform/ansible-builder-rhel8
*
ansible-automation-platform/ansible-builder-rhel9
*

pkgs.ansible-cmdb

Generate host overview from ansible fact gathering output

pkgs.ansible-lint

Best practices checker for Ansible

pkgs.ansible_2_16

Radically simple IT automation

pkgs.ansible_2_17

Radically simple IT automation

pkgs.ansible_2_18

Radically simple IT automation

pkgs.ansible_2_19

Radically simple IT automation

pkgs.ansible-doctor

Annotation based documentation for your Ansible roles

pkgs.ansible-builder

Ansible execution environment builder

pkgs.ansible-navigator

Text-based user interface (TUI) for Ansible

pkgs.ansible-language-server

Ansible Language Server

pkgs.python312Packages.ansible

Radically simple IT automation

pkgs.python313Packages.ansible

Radically simple IT automation

pkgs.terraform-providers.ansible

pkgs.python312Packages.ansible-core

Radically simple IT automation

pkgs.python313Packages.ansible-core

Radically simple IT automation

pkgs.python312Packages.ansible-compat

Function collection that help interacting with various versions of Ansible

pkgs.python312Packages.ansible-kernel

Ansible kernel for Jupyter

pkgs.python312Packages.ansible-runner

Helps when interfacing with Ansible

pkgs.python312Packages.pytest-ansible

Plugin for pytest to simplify calling ansible modules from tests or fixtures

pkgs.python313Packages.ansible-compat

Function collection that help interacting with various versions of Ansible

pkgs.python313Packages.ansible-kernel

Ansible kernel for Jupyter

pkgs.python313Packages.ansible-runner

Helps when interfacing with Ansible

pkgs.python313Packages.pytest-ansible

Plugin for pytest to simplify calling ansible modules from tests or fixtures

pkgs.vscode-extensions.redhat.ansible

Ansible language support

pkgs.python312Packages.ansible-builder

Ansible execution environment builder

pkgs.python313Packages.ansible-builder

Ansible execution environment builder

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python312Packages.ansible-vault-rw

This project aim to R/W an ansible-vault yaml file

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python313Packages.ansible-vault-rw

This project aim to R/W an ansible-vault yaml file
Package maintainers: 13
CVE-2024-0874
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago
Coredns: cd bit response is cached and served later

A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

coredns
<1.11.2
openshift4/ose-coredns
*
openshift4/ose-coredns-rhel9
*
rhacm2/lighthouse-agent-rhel8
rhacm2/lighthouse-agent-rhel9
openshift-logging/logging-loki-rhel8
openshift-logging/logging-loki-rhel9
rhacm2-tech-preview/lighthouse-agent-rhel8

pkgs.coredns

DNS server that runs middleware
Package maintainers: 4
CVE-2024-8443
3.4 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago
Libopensc: heap buffer overflow in openpgp driver when generating key

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

opensc
<0.26.0

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

pkgs.openscenegraph

3D graphics toolkit

pkgs.openscad-unstable

3D parametric model compiler (unstable)

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode
Package maintainers: 8
CVE-2023-6841
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Keycloak: amount of attributes per object is not limited and it may lead to dos

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.

keycloak
<24.0.0
rh-sso7-keycloak

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API
Package maintainers: 4
CVE-2024-45034
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes

Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.

apache-airflow
<2.10.1

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines
Package maintainers: 3