Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-2881
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): LOW
created 1 month, 1 week ago
Fault Injection of EdDSA signature in WolfCrypt

Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.

wolfssl
=<5.6.6

pkgs.wolfssl

Small, fast, portable implementation of TLS/SSL for embedded devices
Package maintainers: 2
CVE-2024-43356
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago
WordPress oik plugin <= 4.12.0 - Arbitrary File Deletion vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide.This issue affects oik: from n/a through 4.12.0.

oik
=<4.12.0

pkgs.libvoikko

Finnish language processing library
Package maintainers: 1
CVE-2024-39645
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.

tutor
=<2.7.2

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack
Package maintainers: 1
CVE-2024-8113 created 1 month, 1 week ago
Stored XSS in Placeholder Samples in Mail Preview

Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However, combined with a CSP bypass (which is not currently known) the vulnerability could be used to impersonate other organizers or staff users.

pretix
=<2024.7.0

pkgs.pretix

Ticketing software that cares about your event—all the way

pkgs.pretix-banktool

Automatic bank data upload tool for pretix (with FinTS client)
Package maintainers: 1
CVE-2024-41937
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago
Apache Airflow: Stored XSS Vulnerability on provider link

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link. Users should upgrade to 2.10.0 or later, which fixes this vulnerability.

apache-airflow
<2.10.0

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines
Package maintainers: 3
CVE-2024-37099
10.0 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
WordPress GiveWP plugin <= 3.14.1 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.

give
=<3.14.1

pkgs.filegive

Easy p2p file sending program
CVE-2024-43282
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.

tutor
=<2.7.2

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack
Package maintainers: 1
CVE-2024-43318
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress E2Pdf – Export To Pdf Tool for WordPress plugin <= 1.25.05 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05.

e2pdf
=<1.25.05

pkgs.haskellPackages.line2pdf

Simple command-line utility to convert text into PDF
CVE-2024-43321
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Team Showcase plugin <= 1.22.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23.

team
=<1.22.23

pkgs.steam

Digital distribution platform

pkgs.git-team

Command line interface for managing and enhancing git commit messages with co-authors

pkgs.steamcmd

Steam command-line tools

pkgs.teamocil

Simple tool used to automatically create windows and panes in tmux with YAML files

pkgs.steam-acf

Tool to convert Steam .acf files to JSON

pkgs.steam-run

Run commands in the same FHS environment that is used for Steam
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.steam-tui

Rust TUI client for steamcmd

pkgs.steamback

Decky plugin to add versioned save-game snapshots to Steam-cloud enabled games

pkgs.steampipe

Dynamically query your cloud, code, logs & more with SQL

pkgs.steamworks

Configuration information distributed over LDAP in near realtime

pkgs.teamspeak3

TeamSpeak voice communication tool

pkgs.teamviewer

Desktop sharing application, providing remote support and online meetings

pkgs.adwsteamgtk

Simple Gtk wrapper for Adwaita-for-Steam

pkgs.steam-small

Digital distribution platform

pkgs.bitlbee-steam

Steam protocol plugin for BitlBee

pkgs.ArchiSteamFarm

Application with primary purpose of idling Steam cards from multiple accounts simultaneously

pkgs.steam-run-free

Run commands in the same FHS environment that is used for Steam
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.steamguard-cli

Linux utility for generating 2FA codes for Steam and managing Steam trade confirmations

pkgs.steam-play-none

Steam Play Compatibility Tool to run games as-is (This is intended for use in the `programs.steam.extraCompatPackages` option only.)

pkgs.steam-unwrapped

Digital distribution platform

pkgs.steamcontroller

Standalone Steam controller driver

pkgs.teams-for-linux

Unofficial Microsoft Teams client for Linux

pkgs.steam-run-native

Run commands in the same FHS environment that is used for Steam
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.teamspeak_client

TeamSpeak voice communication tool

pkgs.teamspeak_server

TeamSpeak voice communication server

pkgs.steam-rom-manager

App for managing ROMs in Steam

pkgs.steamtinkerlaunch

Linux wrapper tool for use with the Steam client for custom launch options and 3rd party programs

pkgs.teamspeak6-client

TeamSpeak voice communication tool (beta version)

pkgs.python312Packages.steam

Python package for interacting with Steam

pkgs.python313Packages.steam

Python package for interacting with Steam

pkgs.kodiPackages.steam-library

View your entire Steam library right from Kodi

pkgs.python312Packages.steamodd

High level Steam API implementation with low level reusable core

pkgs.python313Packages.steamodd

High level Steam API implementation with low level reusable core

pkgs.kodiPackages.steam-launcher

Launch Steam in Big Picture Mode from Kodi

pkgs.python312Packages.pymsteams

Python module to interact with Microsoft Teams

pkgs.python313Packages.pymsteams

Python module to interact with Microsoft Teams

pkgs.kodiPackages.steam-controller

Binary addon for steam controller

pkgs.python312Packages.aiosteamist

Module to control Steamist steam systems

pkgs.python313Packages.aiosteamist

Module to control Steamist steam systems

pkgs.haskellPackages.webex-teams-api

A Haskell bindings for Webex Teams API

pkgs.python312Packages.webexteamssdk

Python module for Webex Teams APIs

pkgs.postgresqlPackages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.haskellPackages.webex-teams-pipes

Pipes wrapper of Webex Teams List API

pkgs.postgresql13Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql14Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql15Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql16Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.postgresql18Packages.pg_byteamagic

PostgreSQL extension to determinate the filetypes of bytea BLOBs

pkgs.haskellPackages.webex-teams-conduit

Conduit wrapper of Webex Teams List API

pkgs.python312Packages.teamcity-messages

Python unit test reporting to TeamCity

pkgs.python313Packages.teamcity-messages

Python unit test reporting to TeamCity

pkgs.pidginPackages.pidgin-opensteamworks

Plugin for Pidgin 2.x which implements Steam Friends/Steam IM compatibility

pkgs.python312Packages.bundlewrap-teamvault

Pull secrets from TeamVault into your BundleWrap repo

pkgs.python313Packages.bundlewrap-teamvault

Pull secrets from TeamVault into your BundleWrap repo

pkgs.steampipePackages.steampipe-plugin-aws

AWS Plugin for Steampipe

pkgs.home-assistant-component-tests.steamist

Open source home automation that puts local control and privacy first

pkgs.vscode-extensions.marp-team.marp-vscode

pkgs.steampipePackages.steampipe-plugin-azure

Azure Plugin for Steampipe

pkgs.steampipePackages.steampipe-plugin-github

GitHub Plugin for Steampipe

pkgs.home-assistant-component-tests.steam_online

Open source home automation that puts local control and privacy first

pkgs.vscode-extensions.vscode-icons-team.vscode-icons

Bring real icons to your Visual Studio Code
Package maintainers: 59
CVE-2024-21981
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 1 week ago
Improper key usage control in AMD Secure Processor (ASP) may …

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

PI
==various

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perlPackages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perlPackages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PDFAPI2

Create, modify, and examine PDF files

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perlPackages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.ProcPIDFile

Manage process id files

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perlPackages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perlPackages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perlPackages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl538Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perlPackages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious
Package maintainers: 6