Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-37064
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Deseriliazation of untrusted data can occur in versions 3.7.0 or …

Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded.

ydata-profiling
=<*

pkgs.python312Packages.ydata-profiling

Create HTML profiling reports from Pandas DataFrames

pkgs.python313Packages.ydata-profiling

Create HTML profiling reports from Pandas DataFrames
Package maintainers: 1
CVE-2024-6716
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 1 week ago
Libtiff: out-of-memory issue in tiffreadencodedstrip() may lead to denial of service

A flaw was found in libtiff. This flaw allows an attacker to create a crafted tiff file, forcing libtiff to allocate memory indefinitely. This issue can result in a denial of service of the system consuming libtiff due to memory starvation.

libtiff
mingw-libtiff
compat-libtiff3

pkgs.libtiff

Library and utilities for working with the TIFF image file format
Package maintainers: 7
CVE-2023-39327
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 1 week ago
Openjpeg: malicious files can cause the program to enter a large loop

A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

openjpeg
==2.5.0
openjpeg2
gimp:flatpak/openjpeg2
inkscape:flatpak/openjpeg2
libreoffice:flatpak/openjpeg2

pkgs.openjpeg

Open-source JPEG 2000 codec written in C language

pkgs.python312Packages.pylibjpeg-openjpeg

J2K and JP2 plugin for pylibjpeg

pkgs.python313Packages.pylibjpeg-openjpeg

J2K and JP2 plugin for pylibjpeg
Package maintainers: 2
CVE-2023-39329
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Openjpeg: resource exhaustion will occur in the opj_t1_decode_cblks function in the tcd.c

A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.

openjpeg
==2.5.0
openjpeg2
gimp:flatpak/openjpeg2
inkscape:flatpak/openjpeg2
libreoffice:flatpak/openjpeg2

pkgs.openjpeg

Open-source JPEG 2000 codec written in C language

pkgs.python312Packages.pylibjpeg-openjpeg

J2K and JP2 plugin for pylibjpeg

pkgs.python313Packages.pylibjpeg-openjpeg

J2K and JP2 plugin for pylibjpeg
Package maintainers: 2
CVE-2024-6237
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 1 week ago
389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

389-ds-base
*
<2.4.5
redhat-ds:12
*
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux
Package maintainers: 1
CVE-2024-37266
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 1 week ago
WordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.

tutor
=<2.7.1

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack
Package maintainers: 1
CVE-2024-37256
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.

tutor
=<2.7.1

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack
Package maintainers: 1
CVE-2023-39328
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Openjpeg: denail of service via crafted image file

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.

openjpeg
==2.5.0
openjpeg2
gimp:flatpak/openjpeg2
inkscape:flatpak/openjpeg2
libreoffice:flatpak/openjpeg2

pkgs.openjpeg

Open-source JPEG 2000 codec written in C language

pkgs.python312Packages.pylibjpeg-openjpeg

J2K and JP2 plugin for pylibjpeg

pkgs.python313Packages.pylibjpeg-openjpeg

J2K and JP2 plugin for pylibjpeg
Package maintainers: 2
CVE-2024-6501
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 1 week ago
Networkmanager: denial of service

A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.

NetworkManager
*
<1.48.10-2

pkgs.networkmanager-sstp

NetworkManager's sstp plugin

pkgs.networkmanager-vpnc

NetworkManager's VPNC plugin

pkgs.networkmanager-openvpn

NetworkManager's OpenVPN plugin

pkgs.networkmanager_strongswan

NetworkManager's strongswan plugin

pkgs.networkmanager-fortisslvpn

NetworkManager’s FortiSSL plugin

pkgs.networkmanager-openconnect

NetworkManager’s OpenConnect plugin
Package maintainers: 2
CVE-2024-6564
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Buffer overflow in Rensas RCAR

Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.

arm-trusted-firmware
=<c9fb3558410032d2660c7f3b7d4b87dec09fe2f2

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

pkgs.armTrustedFirmwareS905

Reference implementation of secure world software for ARMv8-A

pkgs.armTrustedFirmwareTools

Reference implementation of secure world software for ARMv8-A

pkgs.armTrustedFirmwareRK3328

Reference implementation of secure world software for ARMv8-A

pkgs.armTrustedFirmwareRK3399

Reference implementation of secure world software for ARMv8-A

pkgs.armTrustedFirmwareRK3568

Reference implementation of secure world software for ARMv8-A

pkgs.armTrustedFirmwareRK3588

Reference implementation of secure world software for ARMv8-A

pkgs.armTrustedFirmwareAllwinner

Reference implementation of secure world software for ARMv8-A

pkgs.armTrustedFirmwareAllwinnerH6

Reference implementation of secure world software for ARMv8-A

pkgs.armTrustedFirmwareAllwinnerH616

Reference implementation of secure world software for ARMv8-A
Package maintainers: 1