Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-5290
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
An issue was discovered in Ubuntu wpa_supplicant that resulted in …

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

wpa
<2:2.9-1ubuntu4.4
<2.4-0ubuntu6.8+esm1
<2:2.10-21ubuntu0.1
<2:2.10-6ubuntu2.1
<2.1-0ubuntu1.7+esm5
<2:2.6-15ubuntu2.8+esm1

pkgs.wpaperd

Minimal wallpaper daemon for Wayland

pkgs.cowpatty

Offline dictionary attack against WPA/WPA2 networks

pkgs.vowpal-wabbit

Machine learning system focused on online reinforcement learning

pkgs.wpa_supplicant_gui

Qt-based GUI for wpa_supplicant

pkgs.wpa_supplicant_ro_ssids

Tool for connecting to WPA and WPA2-protected wireless networks

pkgs.python312Packages.vowpalwabbit

Vowpal Wabbit is a fast machine learning library for online learning, and this is the python wrapper for the project

pkgs.python313Packages.vowpalwabbit

Vowpal Wabbit is a fast machine learning library for online learning, and this is the python wrapper for the project

pkgs.python312Packages.mwparserfromhell

MWParserFromHell is a parser for MediaWiki wikicode

pkgs.python313Packages.mwparserfromhell

MWParserFromHell is a parser for MediaWiki wikicode

pkgs.vscode-extensions.twpayne.vscode-testscript

Syntax highlighting support for testscript
Package maintainers: 9
CVE-2024-7383
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 1 week ago
Libnbd: nbd server improper certificate validation

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

libnbd
<1.18.5
<1.20.2
*
virt:rhel
*
virt:av/libnbd
virt-devel:rhel
*
virt:rhel/libnbd

pkgs.libnbd

Network Block Device client library in userspace

pkgs.python312Packages.libnbd

Network Block Device client library in userspace

pkgs.python313Packages.libnbd

Network Block Device client library in userspace
Package maintainers: 1
CVE-2021-46758 created 1 month, 1 week ago
Insufficient validation of SPI flash addresses in the ASP (AMD …

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

PI
==various

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perlPackages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perlPackages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PDFAPI2

Create, modify, and examine PDF files

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perlPackages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.ProcPIDFile

Manage process id files

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perlPackages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perlPackages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perlPackages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl538Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perlPackages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious
Package maintainers: 6
CVE-2022-47161
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago
WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.

health-check
=<1.5.1

pkgs.health-check

Process monitoring tool

pkgs.grpc-health-check

Minimal, high performance, memory-friendly, safe implementation of the gRPC health checking protocol

pkgs.python312Packages.django-health-check

Pluggable app that runs a full check on the deployment

pkgs.python313Packages.django-health-check

Pluggable app that runs a full check on the deployment

pkgs.rubyPackages.github-pages-health-check

pkgs.python312Packages.grpcio-health-checking

Standard Health Checking Service for gRPC

pkgs.python313Packages.grpcio-health-checking

Standard Health Checking Service for gRPC

pkgs.rubyPackages_3_1.github-pages-health-check

pkgs.rubyPackages_3_2.github-pages-health-check

pkgs.rubyPackages_3_3.github-pages-health-check

pkgs.rubyPackages_3_4.github-pages-health-check

Package maintainers: 4
CVE-2021-3429
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 1 week ago
sensitive data exposure in cloud-init logs

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.

cloud-init
<21.2

pkgs.cloud-init

Provides configuration and customization of cloud instance
Package maintainers: 2
CVE-2022-34148
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago
WordPress Backup Guard Plugin <= 1.6.9.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin <= 1.6.9.0 versions.

backup
=<1.6.9.0

pkgs.ghbackup

Backup your GitHub repositories with a simple command-line application written in Go

pkgs.dvdbackup

Tool to rip video DVDs from the command line

pkgs.gb-backup

Gamer Backup, a super opinionated cloud backup system

pkgs.qr-backup

Utility to generate paper backup of files using QR codes

pkgs.zfsbackup

Backup ZFS snapshots to cloud storage such as Google, Amazon, Azure, etc

pkgs.borgbackup

Deduplicating archiver with compression and encryption

pkgs.luckybackup

Powerful, fast and reliable backup & sync tool

pkgs.mylvmbackup

Tool for quickly creating full physical backups of a MySQL server's data files

pkgs.pika-backup

Simple backups based on borg

pkgs.storeBackup

Backup suite that stores files on other disks

pkgs.rdiff-backup

Backup system trying to combine best a mirror and an incremental backup system

pkgs.git-backup-go

Backup all your GitHub & GitLab repositories

pkgs.github-backup

Backup a github user or organization

pkgs.virtnbdbackup

Backup utility for Libvirt/qemu/kvm

pkgs.zfs-autobackup

ZFS backup, replicationand snapshot tool

pkgs.automysqlbackup

Script to run daily, weekly and monthly backups for your MySQL database

pkgs.urbackup-client

Easy to setup Open Source client/server backup system

pkgs.one-click-backup

Simple Program to backup folders to an external location by copying them

pkgs.clickhouse-backup

Tool for easy ClickHouse backup and restore using object storage for backup files

pkgs.signalbackup-tools

Tool to work with Signal Backup files

pkgs.kdePackages.kbackup

Backup program with an easy-to-use interface

pkgs.unifi-protect-backup

Python tool to backup unifi event clips in realtime

pkgs.pinboard-notes-backup

Back up the notes you've saved to Pinboard

pkgs.proxmox-backup-client

Command line client for Proxmox Backup Server

pkgs.percona-xtrabackup_8_0

Non-blocking backup tool for MySQL

pkgs.percona-xtrabackup_lts

Non-blocking backup tool for MySQL

pkgs.android-backup-extractor

Utility to extract and repack Android backups created with adb backup

pkgs.python312Packages.iosbackup

Reads and extracts files from password-encrypted iOS backups

pkgs.python313Packages.iosbackup

Reads and extracts files from password-encrypted iOS backups

pkgs.haskellPackages.amazonka-backup

Amazon Backup SDK

pkgs.python312Packages.android-backup

Unpack and repack android backups

pkgs.python313Packages.android-backup

Unpack and repack android backups

pkgs.python312Packages.mypy-boto3-backup

Type annotations for boto3 backup

pkgs.python313Packages.mypy-boto3-backup

Type annotations for boto3 backup

pkgs.haskellPackages.pinboard-notes-backup

Back up the notes you've saved to Pinboard

pkgs.home-assistant-component-tests.backup

Open source home automation that puts local control and privacy first

pkgs.haskellPackages.amazonka-backupstorage

Amazon Backup Storage SDK

pkgs.haskellPackages.amazonka-backup-gateway

Amazon Backup Gateway SDK

pkgs.python312Packages.types-aiobotocore-backup

Type annotations for aiobotocore backup

pkgs.python313Packages.types-aiobotocore-backup

Type annotations for aiobotocore backup

pkgs.python312Packages.types-aiobotocore-backupstorage

Type annotations for aiobotocore backupstorage

pkgs.python313Packages.types-aiobotocore-backupstorage

Type annotations for aiobotocore backupstorage

pkgs.python312Packages.types-aiobotocore-backup-gateway

Type annotations for aiobotocore backup-gateway

pkgs.python313Packages.types-aiobotocore-backup-gateway

Type annotations for aiobotocore backup-gateway

pkgs.python312Packages.azure-mgmt-recoveryservicesbackup

This is the Microsoft Azure Recovery Services Backup Management Client Library

pkgs.python313Packages.azure-mgmt-recoveryservicesbackup

This is the Microsoft Azure Recovery Services Backup Management Client Library
Package maintainers: 44
CVE-2022-4145
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago
Content spoofing

A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.

openshift

pkgs.openshift

Build, deploy, and manage your applications with Docker and Kubernetes

pkgs.python312Packages.openshift

Python client for the OpenShift API

pkgs.python313Packages.openshift

Python client for the OpenShift API

pkgs.python312Packages.azure-mgmt-redhatopenshift

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python313Packages.azure-mgmt-redhatopenshift

Microsoft Azure Red Hat Openshift Management Client Library for Python
Package maintainers: 4
CVE-2022-47183
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Extra Block Design, Style, CSS for ANY Gutenberg Blocks Plugin <= 0.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.

stylist
=<0.2.6

pkgs.haskellPackages.stylist-traits

Traits, datatypes, & parsers for Haskell Stylist
CVE-2022-47613
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress AI ChatBot Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions.

chatbot
=<4.3.0

pkgs.gnomeExtensions.penguin-ai-chatbot

A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality.
Package maintainers: 1
CVE-2022-4510
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Path Traversal in binwalk

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.

binwalk
=<2.3.3

pkgs.binwalk

Firmware Analysis Tool
Package maintainers: 2