Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2023-25800
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
WordPress Tutor LMS Plugin <= 2.2.0 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.

tutor
=<2.2.0

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack
Package maintainers: 1
CVE-2023-0462
8.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Arbitrary code execution through yaml global parameters

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

foreman

pkgs.foreman

Process manager for applications with multiple components
Package maintainers: 1
CVE-2023-38473
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Reachable assertion in avahi_alternative_host_name

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.

avahi

pkgs.avahi

mDNS/DNS-SD implementation

pkgs.guile-avahi

Bindings to Avahi for GNU Guile

pkgs.avahi-compat

mDNS/DNS-SD implementation

pkgs.haskellPackages.avahi

Minimal DBus bindings for Avahi daemon (http://avahi.org)

pkgs.python312Packages.avahi

mDNS/DNS-SD implementation

pkgs.python313Packages.avahi

mDNS/DNS-SD implementation
Package maintainers: 3
CVE-2023-32513
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
WordPress GiveWP Plugin <= 2.25.3 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3.

give
=<2.25.3

pkgs.filegive

Easy p2p file sending program
CVE-2023-30797
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 1 week ago
Insecure Random Generation in Netflix Lemur

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.

lemur
<<1.3.2

pkgs.lemurs

Customizable TUI display/login manager written in Rust
Package maintainers: 2
CVE-2023-0341
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Stack Buffer Overflow in editorconfig-core-c

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.

editorconfig-core-c
<v0.12.6

pkgs.editorconfig-core-c

EditorConfig core library written in C
Package maintainers: 1
CVE-2023-29403
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Unsafe behavior in setuid/setgid binaries in runtime

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

runtime
<1.19.10
<1.20.5

pkgs.onnxruntime

Cross-platform, high performance scoring engine for ML models

pkgs.kata-runtime

Lightweight Virtual Machines like containers that provide the workload isolation and security of VMs

pkgs.aws-lambda-rie

Locally test Lambda functions packaged as container images

pkgs.nodepy-runtime

Runtime for Python inspired by Node.JS

pkgs.rocmPackages.hsakmt

Platform runtime for ROCm

pkgs.intel-compute-runtime

Intel Graphics Compute Runtime oneAPI Level Zero and OpenCL, supporting 12th Gen and newer

pkgs.rocmPackages_6.hsakmt

Platform runtime for ROCm

pkgs.kdePackages.kdepim-runtime

Akonadi agents and resources

pkgs.rocmPackages_6.rocm-runtime

Platform runtime for ROCm

pkgs.intel-compute-runtime-legacy1

Intel Graphics Compute Runtime oneAPI Level Zero and OpenCL with support for Gen8, Gen9 and Gen11 GPUs

pkgs.python312Packages.onnxruntime

Cross-platform, high performance scoring engine for ML models

pkgs.python313Packages.onnxruntime

Cross-platform, high performance scoring engine for ML models

pkgs.dotnetCorePackages.runtime_8_0

Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)

pkgs.dotnetCorePackages.runtime_9_0

Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)

pkgs.haskellPackages.fficxx-runtime

Runtime for fficxx-generated library

pkgs.linuxPackages.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.dotnetCorePackages.runtime_10_0

Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)

pkgs.azure-cli-extensions.k8s-runtime

Microsoft Azure Command-Line Tools K8sRuntime Extension

pkgs.python312Packages.fluent-runtime

Localization library for expressive translations

pkgs.python312Packages.nodepy-runtime

Runtime for Python inspired by Node.JS

pkgs.python313Packages.fluent-runtime

Localization library for expressive translations

pkgs.python313Packages.nodepy-runtime

Runtime for Python inspired by Node.JS

pkgs.dotnetCorePackages.runtime_6_0-bin

.NET Runtime 6.0.36 (wrapper)

pkgs.dotnetCorePackages.runtime_7_0-bin

.NET Runtime 7.0.20 (wrapper)

pkgs.dotnetCorePackages.runtime_8_0-bin

.NET Runtime 8.0.20 (wrapper)

pkgs.dotnetCorePackages.runtime_9_0-bin

.NET Runtime 9.0.9 (wrapper)

pkgs.haskellPackages.proto-lens-runtime

pkgs.linuxPackages_lqx.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxPackages_zen.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.dotnetCorePackages.runtime_10_0-bin

.NET Runtime 10.0.0-rc.1.25451.107 (wrapper)

pkgs.haskellPackages.gogol-runtimeconfig

Google Cloud Runtime Configuration SDK

pkgs.python312Packages.onnxruntime-tools

Transformers Model Optimization Tool of ONNXRuntime

pkgs.python313Packages.onnxruntime-tools

Transformers Model Optimization Tool of ONNXRuntime

pkgs.haskellPackages.amazonka-lex-runtime

Amazon Lex Runtime Service SDK

pkgs.linuxPackages-libre.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.dotnetCorePackages.aspnetcore_6_0-bin

ASP.NET Core Runtime 6.0.36 (wrapper)

pkgs.dotnetCorePackages.aspnetcore_7_0-bin

ASP.NET Core Runtime 7.0.20 (wrapper)

pkgs.dotnetCorePackages.aspnetcore_8_0-bin

ASP.NET Core Runtime 8.0.20 (wrapper)

pkgs.dotnetCorePackages.aspnetcore_9_0-bin

ASP.NET Core Runtime 9.0.9 (wrapper)

pkgs.linuxPackages_latest.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxPackages_xanmod.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.dotnetCorePackages.aspnetcore_10_0-bin

ASP.NET Core Runtime 10.0.0-rc.1.25451.107 (wrapper)

pkgs.dotnetCorePackages.dotnet_8.aspnetcore

Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)

pkgs.dotnetCorePackages.dotnet_9.aspnetcore

Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)

pkgs.python312Packages.rapidocr-onnxruntime

Cross platform OCR Library based on OnnxRuntime

pkgs.python313Packages.rapidocr-onnxruntime

Cross platform OCR Library based on OnnxRuntime

pkgs.dotnetCorePackages.dotnet_10.aspnetcore

Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)

pkgs.python312Packages.langgraph-runtime-inmem

Inmem implementation for the LangGraph API server

pkgs.python313Packages.langgraph-runtime-inmem

Inmem implementation for the LangGraph API server

pkgs.haskellPackages.amazonka-sagemaker-runtime

Amazon SageMaker Runtime SDK

pkgs.haskellPackages.aws-lambda-haskell-runtime

Haskell runtime for AWS Lambda

pkgs.linuxPackages_latest-libre.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.haskellPackages.amazonka-personalize-runtime

Amazon Personalize Runtime SDK

pkgs.linuxPackages_xanmod_stable.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.python312Packages.google-cloud-runtimeconfig

Google Cloud RuntimeConfig API client library

pkgs.python312Packages.pythonRuntimeDepsCheckHook

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.python313Packages.google-cloud-runtimeconfig

Google Cloud RuntimeConfig API client library

pkgs.python313Packages.pythonRuntimeDepsCheckHook

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.haskellPackages.amazonka-sagemaker-a2i-runtime

Amazon Augmented AI Runtime SDK

pkgs.haskellPackages.aws-lambda-haskell-runtime-wai

Run wai applications on AWS Lambda

pkgs.linuxKernel.packages.linux_5_4.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxKernel.packages.linux_6_1.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxKernel.packages.linux_6_6.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxKernel.packages.linux_lqx.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxKernel.packages.linux_zen.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.python312Packages.types-aiobotocore-lex-runtime

Type annotations for aiobotocore lex-runtime

pkgs.python313Packages.types-aiobotocore-lex-runtime

Type annotations for aiobotocore lex-runtime

pkgs.linuxKernel.packages.linux_5_10.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxKernel.packages.linux_5_15.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxKernel.packages.linux_6_12.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxKernel.packages.linux_6_16.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxKernel.packages.linux_libre.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.python312Packages.types-aiobotocore-lexv2-runtime

Type annotations for aiobotocore lexv2-runtime

pkgs.python313Packages.types-aiobotocore-lexv2-runtime

Type annotations for aiobotocore lexv2-runtime

pkgs.linuxKernel.packages.linux_xanmod.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxKernel.packages.linux_hardened.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.python312Packages.types-aiobotocore-sagemaker-runtime

Type annotations for aiobotocore sagemaker-runtime

pkgs.python313Packages.types-aiobotocore-sagemaker-runtime

Type annotations for aiobotocore sagemaker-runtime

pkgs.vscode-extensions.ms-dotnettools.vscode-dotnet-runtime

Provides a way for other Visual Studio Code extensions to install local versions of .NET SDK/Runtime

pkgs.haskellPackages.amazonka-sagemaker-featurestore-runtime

Amazon SageMaker Feature Store Runtime SDK

pkgs.python312Packages.types-aiobotocore-personalize-runtime

Type annotations for aiobotocore personalize-runtime

pkgs.python313Packages.types-aiobotocore-personalize-runtime

Type annotations for aiobotocore personalize-runtime

pkgs.linuxKernel.packages.linux_latest_libre.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxKernel.packages.linux_6_12_hardened.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.linuxKernel.packages.linux_xanmod_stable.fwts-efi-runtime

Firmware Test Suite(efi-runtime kernel module)

pkgs.python312Packages.types-aiobotocore-sagemaker-a2i-runtime

Type annotations for aiobotocore sagemaker-a2i-runtime

pkgs.python313Packages.types-aiobotocore-sagemaker-a2i-runtime

Type annotations for aiobotocore sagemaker-a2i-runtime

pkgs.python312Packages.types-aiobotocore-sagemaker-featurestore-runtime

Type annotations for aiobotocore sagemaker-featurestore-runtime

pkgs.python313Packages.types-aiobotocore-sagemaker-featurestore-runtime

Type annotations for aiobotocore sagemaker-featurestore-runtime
Package maintainers: 28
CVE-2023-23820
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.

wp-user-avatar
=<4.5.4

pkgs.wordpressPackages.plugins.wp-user-avatars

CVE-2023-38470
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Reachable assertion in avahi_escape_label

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.

avahi

pkgs.avahi

mDNS/DNS-SD implementation

pkgs.guile-avahi

Bindings to Avahi for GNU Guile

pkgs.avahi-compat

mDNS/DNS-SD implementation

pkgs.haskellPackages.avahi

Minimal DBus bindings for Avahi daemon (http://avahi.org)

pkgs.python312Packages.avahi

mDNS/DNS-SD implementation

pkgs.python313Packages.avahi

mDNS/DNS-SD implementation
Package maintainers: 3
CVE-2023-47265 created 1 month, 1 week ago
Apache Airflow: DAG Params alllow to embed unchecked Javascript

Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users. Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability

apache-airflow
<2.8.0

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines
Package maintainers: 3