Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2023-38472
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Reachable assertion in avahi_rdata_parse

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.

avahi

pkgs.avahi

mDNS/DNS-SD implementation

pkgs.guile-avahi

Bindings to Avahi for GNU Guile

pkgs.avahi-compat

mDNS/DNS-SD implementation

pkgs.haskellPackages.avahi

Minimal DBus bindings for Avahi daemon (http://avahi.org)

pkgs.python312Packages.avahi

mDNS/DNS-SD implementation

pkgs.python313Packages.avahi

mDNS/DNS-SD implementation
Package maintainers: 3
CVE-2023-23871
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <= 1.1.23 versions.

button
=<1.1.23

pkgs.sensible-side-buttons

Utilize mouse side navigation buttons

pkgs.gnomeExtensions.fullscreen-button

A button in the status bar to expand current window to fullscreen. Useful for tablets.

pkgs.gnomeExtensions.proton-vpn-button

Proton VPN button in top panel.

pkgs.kdePackages.applet-window-buttons6

Plasma 6 applet in order to show window buttons in your panels

pkgs.gnomeExtensions.show-desktop-button

Minimize/unminimize all open windows with a single click.

pkgs.python312Packages.sphinx-copybutton

Small sphinx extension to add a "copy" button to code blocks

pkgs.python313Packages.sphinx-copybutton

Small sphinx extension to add a "copy" button to code blocks

pkgs.gnomeExtensions.looking-glass-button

Toggle the Looking Glass visibility by clicking on a panel icon.

pkgs.gnomeExtensions.proton-bridge-button

Proton Bridge button in top panel.

pkgs.home-assistant-component-tests.button

Open source home automation that puts local control and privacy first

pkgs.python312Packages.sphinx-togglebutton

Toggle page content and collapse admonitions in Sphinx

pkgs.python313Packages.sphinx-togglebutton

Toggle page content and collapse admonitions in Sphinx

pkgs.gnomeExtensions.hide-activities-button

Hides the Activities button from the status bar (the hot corner and keyboard shortcut keeps working). To disable top left hot corner use 'No Topleft Hot Corner' extension — https://extensions.gnome.org/extension/118/no-topleft-hot-corner/ .

pkgs.gnomeExtensions.language-switch-button

Switch input language with a single click!

pkgs.haskellPackages.gtk-toggle-button-list

A simple custom form widget for gtk which allows single LOC creation/updating of toggle button lists

pkgs.gnomeExtensions.hibernate-status-button

Adds a Hibernate button in Status menu. Using Alt modifier, you can also select Hybrid Sleep instead.

pkgs.home-assistant-component-tests.input_button

Open source home automation that puts local control and privacy first

pkgs.gnomeExtensions.workspace-buttons-with-app-icons

Replaces the original workspaces (activities) indicator with buttons. Each button contains the icons of the windows opened in that workspace.

pkgs.home-assistant-custom-lovelace-modules.button-card

Lovelace button-card for home assistant

pkgs.gnomeExtensions.bring-out-submenu-of-power-offlogout-button

Bring Out Submenu Of Power Off Button
Package maintainers: 8
CVE-2023-45632
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <= 1.5.22 versions.

player
=<1.5.22

pkgs.splayer

Simple Netease Cloud Music player

pkgs.smplayer

Complete front-end for MPlayer

pkgs.hqplayerd

High-end upsampling multichannel software embedded HD-audio player

pkgs.playerctl

Command-line utility and library for controlling media players that implement MPRIS

pkgs.miniplayer

Curses-based MPD client with basic functionality that can also display an album art

pkgs.bink-player

Play videos in the Bink format

pkgs.get_iplayer

Downloads TV and radio programmes from BBC iPlayer and BBC Sounds

pkgs.cosmic-player

Media player for the COSMIC Desktop Environment

pkgs.easyrpg-player

RPG Maker 2000/2003 and EasyRPG games interpreter

pkgs.spotify-player

Terminal spotify player that has feature parity with the official client

pkgs.hqplayer-desktop

High-end upsampling multichannel software HD-audio player

pkgs.media-player-info

Repository of data files describing media player capabilities

pkgs.glide-media-player

Linux/macOS media player based on GStreamer and GTK

pkgs.jellyfin-media-player

Jellyfin Desktop Client based on Plex Media Player

pkgs.penguin-subtitle-player

Open-source, cross-platform and standalone subtitle player

pkgs.gtklock-playerctl-module

Gtklock module adding media player controls to the lockscreen

pkgs.budgie-media-player-applet

Media Control Applet for the Budgie Panel

pkgs.gnomeExtensions.quran-player

Listen to Quran recitations directly from your GNOME Shell. Features multiple reciters with audio from QuranCentral.com and Archive.org servers.

pkgs.haskellPackages.mplayer-spot

Save your spot when watching movies with @mplayer@

pkgs.lomiri.lomiri-mediaplayer-app

Media Player application for Ubuntu Touch devices

pkgs.python312Packages.xstatic-asciinema-player

Asciinema-player packaged for python

pkgs.python313Packages.xstatic-asciinema-player

Asciinema-player packaged for python

pkgs.home-assistant-component-tests.media_player

Open source home automation that puts local control and privacy first

pkgs.home-assistant-custom-lovelace-modules.mini-media-player

Minimalistic media card for Home Assistant Lovelace UI
Package maintainers: 39
CVE-2023-26303
3.3 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 1 week ago
markdown-it-py crash on null assertions

Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.

markdown-it-py
<v2.2.0

pkgs.python312Packages.markdown-it-py

Markdown parser in Python

pkgs.python313Packages.markdown-it-py

Markdown parser in Python
Package maintainers: 1
CVE-2023-25585
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Field `file_table` of `struct module *module` is uninitialized

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

rizin
insight
radare2
binutils
mingw-binutils
gcc-toolset-11-binutils
gcc-toolset-12-binutils

pkgs.rizin

UNIX-like reverse engineering framework and command-line toolset

pkgs.radare2

UNIX-like reverse engineering framework and command-line toolset

pkgs.bintools

Tools for manipulating binaries (linker, assembler, etc.) (wrapper script)

pkgs.binutils

Tools for manipulating binaries (linker, assembler, etc.) (wrapper script)

pkgs.redisinsight

Developer GUI for Redis

pkgs.bintoolsDualAs

System binary utilities (wrapper script)

pkgs.bintoolsNoLibc

System binary utilities (wrapper script)

pkgs.binutilsNoLibc

Tools for manipulating binaries (linker, assembler, etc.) (wrapper script)

pkgs.cargo-binutils

Cargo subcommands to invoke the LLVM tools shipped with the Rust toolchain

pkgs.binutils_nogold

Tools for manipulating binaries (linker, assembler, etc.) (wrapper script)

pkgs.darwin.binutils

System binary utilities (wrapper script)

pkgs.bintools-unwrapped

pkgs.binutils-unwrapped

Tools for manipulating binaries (linker, assembler, etc.)

pkgs.rizinPlugins.sigdb

Rizin FLIRT Signature Database

pkgs.cutterPlugins.sigdb

Rizin FLIRT Signature Database

pkgs.darwin.binutilsDualAs

System binary utilities (wrapper script)

pkgs.darwin.binutilsNoLibc

System binary utilities (wrapper script)

pkgs.binutils-unwrapped_2_38

Tools for manipulating binaries (linker, assembler, etc.)

pkgs.llvmPackages_18.bintools

System binary utilities (wrapper script)

pkgs.llvmPackages_19.bintools

System binary utilities (wrapper script)

pkgs.llvmPackages_20.bintools

System binary utilities (wrapper script)

pkgs.llvmPackages_21.bintools

System binary utilities (wrapper script)

pkgs.darwin.binutils-unwrapped

pkgs.php82Packages.phpinsights

Instant PHP quality checks from your console

pkgs.php83Packages.phpinsights

Instant PHP quality checks from your console

pkgs.php84Packages.phpinsights

Instant PHP quality checks from your console

pkgs.python312Packages.insightface

State-of-the-art 2D and 3D Face Analysis Project

pkgs.python313Packages.insightface

State-of-the-art 2D and 3D Face Analysis Project

pkgs.binutils-unwrapped-all-targets

Tools for manipulating binaries (linker, assembler, etc.)

pkgs.llvmPackages_18.bintoolsNoLibc

System binary utilities (wrapper script)

pkgs.llvmPackages_19.bintoolsNoLibc

System binary utilities (wrapper script)

pkgs.llvmPackages_20.bintoolsNoLibc

System binary utilities (wrapper script)

pkgs.llvmPackages_21.bintoolsNoLibc

System binary utilities (wrapper script)

pkgs.darwin.binutilsDualAs-unwrapped

pkgs.llvmPackages_18.bintools-unwrapped

pkgs.llvmPackages_19.bintools-unwrapped

pkgs.llvmPackages_20.bintools-unwrapped

pkgs.llvmPackages_21.bintools-unwrapped

pkgs.python312Packages.applicationinsights

This project extends the Application Insights API surface to support Python

pkgs.python313Packages.applicationinsights

This project extends the Application Insights API surface to support Python

pkgs.python312Packages.azure-mgmt-hdinsight

Microsoft Azure HDInsight Management Client Library for Python

pkgs.python313Packages.azure-mgmt-hdinsight

Microsoft Azure HDInsight Management Client Library for Python

pkgs.azure-cli-extensions.timeseriesinsights

Microsoft Azure Command-Line Tools TimeSeriesInsightsClient Extension

pkgs.azure-cli-extensions.application-insights

Support for managing Application Insights components and querying metrics, events, and logs from such components

pkgs.python312Packages.azure-applicationinsights

This is the Microsoft Azure Application Insights Client Library

pkgs.python312Packages.azure-mgmt-policyinsights

This is the Microsoft Azure Policy Insights Client Library

pkgs.python313Packages.azure-applicationinsights

This is the Microsoft Azure Application Insights Client Library

pkgs.python313Packages.azure-mgmt-policyinsights

This is the Microsoft Azure Policy Insights Client Library

pkgs.python312Packages.pysigma-backend-insightidr

Library to support the Rapid7 InsightIDR backend for pySigma

pkgs.python313Packages.pysigma-backend-insightidr

Library to support the Rapid7 InsightIDR backend for pySigma

pkgs.haskellPackages.amazonka-application-insights

Amazon CloudWatch Application Insights SDK

pkgs.python312Packages.azure-mgmt-applicationinsights

This is the Microsoft Azure Application Insights Management Client Library

pkgs.python313Packages.azure-mgmt-applicationinsights

This is the Microsoft Azure Application Insights Management Client Library

pkgs.home-assistant-component-tests.analytics_insights

Open source home automation that puts local control and privacy first

pkgs.python312Packages.types-aiobotocore-application-insights

Type annotations for aiobotocore application-insights

pkgs.python313Packages.types-aiobotocore-application-insights

Type annotations for aiobotocore application-insights
Package maintainers: 26
CVE-2023-3164
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Heap-buffer-overflow in extractimagesection()

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

libtiff
mingw-libtiff
compat-libtiff3

pkgs.libtiff

Library and utilities for working with the TIFF image file format
Package maintainers: 7
CVE-2023-3153
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 1 week ago
Service monitor mac flow is not rate limited

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

ovn
ovn2.11
ovn2.12
ovn2.13
ovn-2021
ovn21.09
ovn21.12
ovn22.03
ovn22.06
ovn22.09
ovn22.12
ovn23.03

pkgs.ovn

Open Virtual Network

pkgs.novnc

VNC client web application

pkgs.turbovnc

High-speed version of VNC derived from TightVNC

pkgs.nanovna-qt

PC GUI software for NanoVNA V2 series

pkgs.nanovna-saver

Tool for reading, displaying and saving data from the NanoVNA
Package maintainers: 7
CVE-2023-23830
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.

wp-user-avatar
=<4.5.4

pkgs.wordpressPackages.plugins.wp-user-avatars

CVE-2023-20596 created 1 month, 1 week ago
Improper input validation in the SMM Supervisor may allow an …

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.

PI
==various

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perlPackages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perlPackages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PDFAPI2

Create, modify, and examine PDF files

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perlPackages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.ProcPIDFile

Manage process id files

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perlPackages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perlPackages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perlPackages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl538Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perlPackages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious
Package maintainers: 6
CVE-2023-3485
3.0 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
Insecure Default Authorization in Temporal Server

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace.

temporal
<1.20

pkgs.temporal

Microservice orchestration platform which enables developers to build scalable applications without sacrificing productivity or reliability

pkgs.temporal-cli

Command-line interface for running Temporal Server and interacting with Workflows, Activities, Namespaces, and other parts of Temporal

pkgs.python312Packages.temporalio

Temporal Python SDK

pkgs.python313Packages.temporalio

Temporal Python SDK

pkgs.haskellPackages.temporal-media

data types for temporal media

pkgs.terraform-providers.temporalcloud

pkgs.postgresqlPackages.temporal_tables

Temporal Tables PostgreSQL Extension

pkgs.postgresql13Packages.temporal_tables

Temporal Tables PostgreSQL Extension

pkgs.postgresql14Packages.temporal_tables

Temporal Tables PostgreSQL Extension

pkgs.postgresql15Packages.temporal_tables

Temporal Tables PostgreSQL Extension

pkgs.postgresql16Packages.temporal_tables

Temporal Tables PostgreSQL Extension

pkgs.postgresql18Packages.temporal_tables

Temporal Tables PostgreSQL Extension

pkgs.haskellPackages.temporal-music-notation

music notation

pkgs.haskellPackages.temporal-music-notation-demo

generates midi from score notation

pkgs.haskellPackages.temporal-music-notation-western

western music notation
Package maintainers: 4