Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2024-43282
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 3 months ago
WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.

Affected products

tutor
  • =<2.7.2

Matching in nixpkgs

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack

Package maintainers: 1

CVE-2024-43318
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
WordPress E2Pdf – Export To Pdf Tool for WordPress plugin <= 1.25.05 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05.

Affected products

e2pdf
  • =<1.25.05

Matching in nixpkgs

pkgs.haskellPackages.line2pdf

Simple command-line utility to convert text into PDF

CVE-2024-43321
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
WordPress Team Showcase plugin <= 1.22.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23.

Affected products

team
  • =<1.22.23

Matching in nixpkgs

pkgs.steam

Digital distribution platform

pkgs.git-team

Command line interface for managing and enhancing git commit messages with co-authors

pkgs.steamcmd

Steam command-line tools

pkgs.teamocil

Simple tool used to automatically create windows and panes in tmux with YAML files

pkgs.steam-acf

Tool to convert Steam .acf files to JSON

pkgs.steam-run

Run commands in the same FHS environment that is used for Steam

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.steam-tui

Rust TUI client for steamcmd

pkgs.steamback

Decky plugin to add versioned save-game snapshots to Steam-cloud enabled games

pkgs.steampipe

Dynamically query your cloud, code, logs & more with SQL

pkgs.steamworks

Configuration information distributed over LDAP in near realtime

pkgs.teamspeak3

TeamSpeak voice communication tool

pkgs.teamviewer

Desktop sharing application, providing remote support and online meetings

pkgs.adwsteamgtk

Simple Gtk wrapper for Adwaita-for-Steam

pkgs.steam-small

Digital distribution platform

pkgs.bitlbee-steam

Steam protocol plugin for BitlBee

pkgs.ArchiSteamFarm

Application with primary purpose of idling Steam cards from multiple accounts simultaneously

pkgs.steam-run-free

Run commands in the same FHS environment that is used for Steam

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.steamguard-cli

Linux utility for generating 2FA codes for Steam and managing Steam trade confirmations

pkgs.steam-play-none

Steam Play Compatibility Tool to run games as-is (This is intended for use in the `programs.steam.extraCompatPackages` option only.)

pkgs.steam-unwrapped

Digital distribution platform

pkgs.steamcontroller

Standalone Steam controller driver

pkgs.teams-for-linux

Unofficial Microsoft Teams client for Linux

pkgs.steam-run-native

Run commands in the same FHS environment that is used for Steam

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.teamspeak_client

TeamSpeak voice communication tool

pkgs.teamspeak_server

TeamSpeak voice communication server

pkgs.steam-rom-manager

App for managing ROMs in Steam

pkgs.steamtinkerlaunch

Linux wrapper tool for use with the Steam client for custom launch options and 3rd party programs

pkgs.teamspeak6-client

TeamSpeak voice communication tool (beta version)

pkgs.python312Packages.steam

Python package for interacting with Steam

pkgs.python313Packages.steam

Python package for interacting with Steam

pkgs.kodiPackages.steam-library

View your entire Steam library right from Kodi

pkgs.python312Packages.steamodd

High level Steam API implementation with low level reusable core

pkgs.python313Packages.steamodd

High level Steam API implementation with low level reusable core

pkgs.kodiPackages.steam-launcher

Launch Steam in Big Picture Mode from Kodi

pkgs.python312Packages.pymsteams

Python module to interact with Microsoft Teams

pkgs.python313Packages.pymsteams

Python module to interact with Microsoft Teams

pkgs.kodiPackages.steam-controller

Binary addon for steam controller

pkgs.python312Packages.aiosteamist

Module to control Steamist steam systems

pkgs.python313Packages.aiosteamist

Module to control Steamist steam systems

pkgs.haskellPackages.webex-teams-api

A Haskell bindings for Webex Teams API

pkgs.python312Packages.webexteamssdk

Python module for Webex Teams APIs

pkgs.postgresqlPackages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.haskellPackages.webex-teams-pipes

Pipes wrapper of Webex Teams List API

pkgs.postgresql13Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql14Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql15Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql16Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql18Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.haskellPackages.webex-teams-conduit

Conduit wrapper of Webex Teams List API

pkgs.python312Packages.teamcity-messages

Python unit test reporting to TeamCity

pkgs.python313Packages.teamcity-messages

Python unit test reporting to TeamCity

pkgs.pidginPackages.pidgin-opensteamworks

Plugin for Pidgin 2.x which implements Steam Friends/Steam IM compatibility

pkgs.python312Packages.bundlewrap-teamvault

Pull secrets from TeamVault into your BundleWrap repo

pkgs.python313Packages.bundlewrap-teamvault

Pull secrets from TeamVault into your BundleWrap repo

pkgs.steampipePackages.steampipe-plugin-aws

AWS Plugin for Steampipe

pkgs.home-assistant-component-tests.steamist

Open source home automation that puts local control and privacy first

pkgs.vscode-extensions.marp-team.marp-vscode

pkgs.steampipePackages.steampipe-plugin-azure

Azure Plugin for Steampipe

pkgs.steampipePackages.steampipe-plugin-github

GitHub Plugin for Steampipe

pkgs.home-assistant-component-tests.steam_online

Open source home automation that puts local control and privacy first

pkgs.vscode-extensions.vscode-icons-team.vscode-icons

Bring real icons to your Visual Studio Code

Package maintainers: 59

CVE-2024-21981
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 months ago
Improper key usage control in AMD Secure Processor (ASP) may …

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perlPackages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perlPackages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PDFAPI2

Create, modify, and examine PDF files

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perlPackages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.ProcPIDFile

Manage process id files

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perlPackages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perlPackages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perlPackages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl538Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perlPackages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

CVE-2021-26387
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
Insufficient access controls in ASP kernel may allow a privileged …

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perlPackages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perlPackages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PDFAPI2

Create, modify, and examine PDF files

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perlPackages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.ProcPIDFile

Manage process id files

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perlPackages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perlPackages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perlPackages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl538Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perlPackages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

CVE-2023-20578
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with …

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

Affected products

PI
  • ==NaplesPI 1.0.0.K

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perlPackages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perlPackages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PDFAPI2

Create, modify, and examine PDF files

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perlPackages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.ProcPIDFile

Manage process id files

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perlPackages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perlPackages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perlPackages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl538Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perlPackages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

CVE-2024-43231
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
WordPress Tutor LMS plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3.

Affected products

tutor
  • =<2.7.3

Matching in nixpkgs

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack

Package maintainers: 1

CVE-2024-7700
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
Foreman: command injection in "host init config" template via "install packages" field on foreman

A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script.

Affected products

foreman

Matching in nixpkgs

pkgs.foreman

Process manager for applications with multiple components

Package maintainers: 1

CVE-2023-31315
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
Improper validation in a model specific register (MSR) could allow …

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

Affected products

PI
  • <Milan PI 1.0.0.D

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perlPackages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perlPackages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PDFAPI2

Create, modify, and examine PDF files

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perlPackages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.ProcPIDFile

Manage process id files

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perlPackages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perlPackages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perlPackages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl538Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perlPackages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

CVE-2024-43167
2.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 3 months ago
Unbound: null pointer dereference in unbound

A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

Affected products

rhcos
unbound
openstack-unbound-container
rhosp-rhel9/openstack-unbound
rhosp-rhel8-tech-preview/openstack-unbound

Matching in nixpkgs

pkgs.unbound

Validating, recursive, and caching DNS resolver

pkgs.unbound-full

Validating, recursive, and caching DNS resolver

pkgs.unbound-with-systemd

Validating, recursive, and caching DNS resolver

pkgs.luaPackages.luaunbound

A binding to libunbound

pkgs.lua51Packages.luaunbound

A binding to libunbound

pkgs.lua52Packages.luaunbound

A binding to libunbound

pkgs.lua53Packages.luaunbound

A binding to libunbound

pkgs.lua54Packages.luaunbound

A binding to libunbound

pkgs.luajitPackages.luaunbound

A binding to libunbound

pkgs.prometheus-unbound-exporter

Prometheus exporter for Unbound DNS resolver

pkgs.python312Packages.pyunbound

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.python313Packages.pyunbound

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.haskellPackages.unbound-generics

Support for programming with names and binders using GHC Generics

pkgs.haskellPackages.unbounded-delays

Unbounded thread delays and timeouts

pkgs.haskellPackages.unbound-kind-generics

Support for programming with names and binders using kind-generics

Package maintainers: 3