Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2022-47599
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
WordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7.

Affected products

file-manager
  • =<5.2.7

Matching in nixpkgs

pkgs.python312Packages.show-in-file-manager

Open the system file manager and select files in it

pkgs.python313Packages.show-in-file-manager

Open the system file manager and select files in it

CVE-2022-28652
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

Affected products

apport
  • <2.21.0

Matching in nixpkgs

pkgs.haskellPackages.apportionment

Round a set of numbers while maintaining its sum

Package maintainers: 1

CVE-2022-47444
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
WordPress ProfilePress Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin <= 4.5.3 versions.

Affected products

wp-user-avatar
  • =<4.5.3

Matching in nixpkgs

pkgs.wordpressPackages.plugins.wp-user-avatars

CVE-2021-33634
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
Malicious image running containers may cause DoS attacks

iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.

Affected products

lcr
  • =<2.0.9-6,2.1.2-3

Matching in nixpkgs

pkgs.lcrq

Librecast RaptorQ library

pkgs.fulcrum

Fast & nimble SPV server for Bitcoin Cash & Bitcoin BTC

pkgs.python312Packages.mlcroissant

High-level format for machine learning datasets that brings together four rich layers

pkgs.python313Packages.mlcroissant

High-level format for machine learning datasets that brings together four rich layers

Package maintainers: 7

CVE-2022-3874
8.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
Os command injection via ct_command and fcct_command

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.

Affected products

foreman

Matching in nixpkgs

pkgs.foreman

Process manager for applications with multiple components

Package maintainers: 1

CVE-2022-42896
8.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 months ago
Info Leak in l2cap_core in the Linux Kernel

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url

Affected products

kernel
  • =<711f8c3fb3db61897080468586b970c87c61d9e4

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

pkgs.coq-kernel

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

pkgs.linuxPackages.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.kernel-hardening-checker

Tool for checking the security hardening options of the Linux kernel

pkgs.linuxPackages.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxPackages_lqx.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.kernels

Load compute kernels from the Huggingface Hub

pkgs.python313Packages.kernels

Load compute kernels from the Huggingface Hub

pkgs.linuxPackages.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages-libre.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages-libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.ipykernel

IPython Kernel for Jupyter

pkgs.python313Packages.ipykernel

IPython Kernel for Jupyter

pkgs.linuxPackages_latest.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_lqx.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxPackages_xanmod.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.python312Packages.metakernel

Jupyter/IPython Kernel Tools

pkgs.python312Packages.nix-kernel

Simple jupyter kernel for nix-repl

pkgs.python313Packages.metakernel

Jupyter/IPython Kernel Tools

pkgs.python313Packages.nix-kernel

Simple jupyter kernel for nix-repl

pkgs.python312Packages.bash-kernel

Bash Kernel for Jupyter

pkgs.python313Packages.bash-kernel

Bash Kernel for Jupyter

pkgs.haskellPackages.ipython-kernel

A library for creating kernels for IPython frontends

pkgs.linuxPackages-libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxPackages_lqx.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_zen.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.rocmPackages.composable_kernel

Performance portable programming model for machine learning tensor operators

pkgs.linuxPackages_latest.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxPackages_xanmod.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.gnomeExtensions.kernel-indicator

Display the kernel version in the top bar

pkgs.linuxPackages-libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.ansible-kernel

Ansible kernel for Jupyter

pkgs.python312Packages.spyder-kernels

Jupyter kernels for Spyder's console

pkgs.python313Packages.ansible-kernel

Ansible kernel for Jupyter

pkgs.python313Packages.spyder-kernels

Jupyter kernels for Spyder's console

pkgs.rocmPackages_6.composable_kernel

Performance portable programming model for machine learning tensor operators

pkgs.linuxPackages_latest.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.python312Packages.jupyter-c-kernel

Minimalistic C kernel for Jupyter

pkgs.python313Packages.jupyter-c-kernel

Minimalistic C kernel for Jupyter

pkgs.linuxPackages_xanmod_stable.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_5_4.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_4.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_lqx.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod_stable.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_5_10.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_10.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_16.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_latest-libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxPackages_xanmod_stable.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.home-assistant-component-tests.hardkernel

Open source home automation that puts local control and privacy first

pkgs.linuxKernel.packages.linux_5_4.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_6_1.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_6_6.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_lqx.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_xanmod.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_5_10.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_5_15.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_6_12.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_6_16.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_5_4.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_1.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_6.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_lqx.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_zen.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_10.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_5_15.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_16.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_xanmod.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_latest_libre.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_2

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_hardened.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_2_3

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_latest_libre.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_6_12_hardened.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_xanmod_stable.linux-gpib

Support package for GPIB (IEEE 488) hardware

pkgs.linuxKernel.packages.linux_latest_libre.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_unstable

ZFS Filesystem Linux Kernel Module

pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_unstable

ZFS Filesystem Linux Kernel Module

Package maintainers: 19

CVE-2022-28654
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
is_closing_session() allows users to fill up apport.log

is_closing_session() allows users to fill up apport.log

Affected products

apport
  • <2.21.0

Matching in nixpkgs

pkgs.haskellPackages.apportionment

Round a set of numbers while maintaining its sum

Package maintainers: 1

CVE-2022-3261
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months ago
Plain-text passwords saved in /var/log/messages

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

Affected products

openstack

Matching in nixpkgs

pkgs.openstack-rs

OpenStack CLI and TUI implemented in Rust

pkgs.openstackclient

OpenStack Command-line Client

pkgs.openstackclient-full

OpenStack Command-line Client

pkgs.terraform-providers.openstack

pkgs.python312Packages.openstacksdk

SDK for building applications to work with OpenStack

pkgs.python313Packages.openstacksdk

SDK for building applications to work with OpenStack

pkgs.python312Packages.openstackdocstheme

Sphinx theme for RST-sourced documentation published to docs.openstack.org

pkgs.python313Packages.openstackdocstheme

Sphinx theme for RST-sourced documentation published to docs.openstack.org

pkgs.python312Packages.python-openstackclient

OpenStack Command-line Client

pkgs.python313Packages.python-openstackclient

OpenStack Command-line Client

Package maintainers: 4

CVE-2022-2084
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months ago
sensitive data exposure in cloud-init logs

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.

Affected products

cloud-init
  • <23.0

Matching in nixpkgs

pkgs.cloud-init

Provides configuration and customization of cloud instance

Package maintainers: 2

CVE-2023-3301
5.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
Triggerable assertion due to race condition in hot-unplug

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

Affected products

qemu
qemu-kvm
qemu-kvm-ma
qemu-kvm-rhev
virt:av/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

pkgs.python312Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

pkgs.python313Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

Package maintainers: 11