Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2020-27352
9.3 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
When generating the systemd service units for the docker snap …

When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.

Affected products

snapd
  • <2.48.3

Matching in nixpkgs

pkgs.snapdragon-profiler

Profiler for Android devices running Snapdragon chips

CVE-2024-35767
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4.

Affected products

squeeze
  • =<1.4

Matching in nixpkgs

pkgs.squeezelite

Lightweight headless squeezebox client emulator

pkgs.squeezelite-pulse

Lightweight headless squeezebox client emulator

pkgs.postgresqlPackages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.python312Packages.pysqueezebox

Asynchronous library to control Logitech Media Server

pkgs.python313Packages.pysqueezebox

Asynchronous library to control Logitech Media Server

pkgs.postgresql13Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql14Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql15Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql16Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql18Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.home-assistant-component-tests.squeezebox

Open source home automation that puts local control and privacy first

Package maintainers: 5

CVE-2022-28657
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
Apport does not disable python crash handler before entering chroot

Apport does not disable python crash handler before entering chroot

Affected products

apport
  • <2.21.0

Matching in nixpkgs

pkgs.haskellPackages.apportionment

Round a set of numbers while maintaining its sum

Package maintainers: 1

CVE-2023-47788
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 3 months ago
WordPress Jetpack plugin < 12.7 - Contributor+ Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.

Affected products

jetpack
  • <12.7

Matching in nixpkgs

pkgs.wordpressPackages.plugins.jetpack

pkgs.wordpressPackages.plugins.jetpack-lite

CVE-2023-20566
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 months ago
Improper address validation in ASP with SNP enabled may potentially …

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perlPackages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perlPackages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PDFAPI2

Create, modify, and examine PDF files

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perlPackages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2

Create, modify, and examine PDF files

pkgs.perlPackages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.ProcPIDFile

Manage process id files

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perlPackages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perlPackages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perlPackages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perlPackages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl538Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities

Extensions to PPI|PPI

pkgs.perlPackages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

CVE-2024-5953
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
389-ds-base: malformed userpassword hash may cause denial of service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.

Affected products

389-ds:1.4
  • *
389-ds-base
  • *
redhat-ds:11
  • *
redhat-ds:12
  • *
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base

Matching in nixpkgs

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

Package maintainers: 1

CVE-2024-25142
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months ago
Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue.

Affected products

apache-airflow
  • <2.9.2

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

Package maintainers: 3

CVE-2024-2698
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 3 months ago
Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.

Affected products

ipa
  • *
freeipa
  • <4.12.1
  • <4.11.2
idm:DL1
  • *
idm:client/ipa

Matching in nixpkgs

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.tipa

Phonetic font for TeX

pkgs.nipap

Neat IP Address Planner

pkgs.freeipa

Identity, Policy and Audit system

pkgs.ipafont

Japanese font package with Mincho and Gothic fonts

pkgs.ipatool

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

pkgs.codipack

Fast gradient evaluation in C++ based on Expression Templates

pkgs.snipaste

Screenshot tools

pkgs.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.iniparser

Free standalone ini file parsing library

pkgs.ipaexfont

Japanese font package with Mincho and Gothic fonts

pkgs.multipass

Ubuntu VMs on demand for any workstation

pkgs.nipap-cli

Neat IP Address Planner CLI

pkgs.nipap-www

Neat IP Address Planner CLI, web UI

pkgs.uriparser

Strictly RFC 3986 compliant URI parsing library

pkgs.frangipanni

Convert lines of text into a tree structure

pkgs.ipad_charge

Apple device USB charging utility for Linux

pkgs.nucleiparser

Nuclei output parser for CLI

pkgs.multipath-tools

Tools for the Linux multipathing storage driver

pkgs.ripasso-cursive

Simple password manager written in Rust

pkgs.multipart-parser-c

Http multipart parser implemented in C

pkgs.haskellPackages.ipa

Internal Phonetic Alphabet (IPA)

pkgs.python312Packages.nipap

Neat IP Address Planner

pkgs.python313Packages.nipap

Neat IP Address Planner

pkgs.python312Packages.ipaddr

IP address manipulation library

pkgs.python312Packages.ipadic

Contemporary Written Japanese dictionary

pkgs.python313Packages.ipaddr

IP address manipulation library

pkgs.python313Packages.ipadic

Contemporary Written Japanese dictionary

pkgs.haskellPackages.multipart

Parsers for the HTTP multipart format

pkgs.python312Packages.pynipap

Python client library for Neat IP Address Planner

pkgs.python313Packages.pynipap

Python client library for Neat IP Address Planner

pkgs.python312Packages.iniparse

Accessing and Modifying INI files

pkgs.python313Packages.iniparse

Accessing and Modifying INI files

pkgs.graylogPlugins.ipanonymizer

Graylog-server plugin that replaces the last octet of IP addresses in messages with xxx

pkgs.haskellPackages.unipatterns

Helpers which allow safe partial pattern matching in lambdas

pkgs.python312Packages.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.python312Packages.multipart

Parser for multipart/form-data

pkgs.python313Packages.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.python313Packages.multipart

Parser for multipart/form-data

pkgs.typstPackages.ascii-ipa_1_0_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_1_1_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_1_1_1

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_2_0_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.haskellPackages.multipart-names

Handling of multipart names in various casing styles

pkgs.haskellPackages.servant-multipart

multipart/form-data (e.g file upload) support for servant

pkgs.python312Packages.flask-principal

Identity management for flask

pkgs.python312Packages.types-ipaddress

Typing stubs for ipaddress

pkgs.python313Packages.flask-principal

Identity management for flask

pkgs.python313Packages.types-ipaddress

Typing stubs for ipaddress

pkgs.python312Packages.cached-ipaddress

Cache construction of ipaddress objects

pkgs.python312Packages.python-multipart

Streaming multipart parser for Python

pkgs.python312Packages.python-vipaccess

Free software implementation of Symantec's VIP Access application and protocol

pkgs.python312Packages.sansio-multipart

Parser for multipart/form-data

pkgs.python313Packages.cached-ipaddress

Cache construction of ipaddress objects

pkgs.python313Packages.python-multipart

Streaming multipart parser for Python

pkgs.python313Packages.python-vipaccess

Free software implementation of Symantec's VIP Access application and protocol

pkgs.python313Packages.sansio-multipart

Parser for multipart/form-data

pkgs.haskellPackages.http-client-multipart

Generate multipart uploads for http-client. (deprecated)

pkgs.haskellPackages.servant-multipart-api

multipart/form-data (e.g file upload) support for servant

pkgs.haskellPackages.servant-multipart-client

multipart/form-data (e.g file upload) support for servant

pkgs.python312Packages.nested-multipart-parser

Parser for nested data for 'multipart/form'

pkgs.python313Packages.nested-multipart-parser

Parser for nested data for 'multipart/form'

pkgs.haskellPackages.amazonka-connectparticipant

Amazon Connect Participant Service SDK

pkgs.haskellPackages.autodocodec-servant-multipart

Autodocodec interpreters for Servant Multipart

pkgs.chickenPackages_5.chickenEggs.multipart-form-data

Reads & decodes HTTP multipart/form-data requests.

pkgs.python312Packages.types-aiobotocore-connectparticipant

Type annotations for aiobotocore connectparticipant

pkgs.python313Packages.types-aiobotocore-connectparticipant

Type annotations for aiobotocore connectparticipant

pkgs.python312Packages.microsoft-kiota-serialization-multipart

Multipart serialization implementation for Kiota clients in Python

pkgs.python313Packages.microsoft-kiota-serialization-multipart

Multipart serialization implementation for Kiota clients in Python

Package maintainers: 24

CVE-2024-3183
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 months ago
Freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).

Affected products

ipa
  • *
freeipa
  • ==4.12.1
idm:DL1
  • *

Matching in nixpkgs

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.tipa

Phonetic font for TeX

pkgs.nipap

Neat IP Address Planner

pkgs.freeipa

Identity, Policy and Audit system

pkgs.ipafont

Japanese font package with Mincho and Gothic fonts

pkgs.ipatool

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

pkgs.codipack

Fast gradient evaluation in C++ based on Expression Templates

pkgs.snipaste

Screenshot tools

pkgs.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.iniparser

Free standalone ini file parsing library

pkgs.ipaexfont

Japanese font package with Mincho and Gothic fonts

pkgs.multipass

Ubuntu VMs on demand for any workstation

pkgs.nipap-cli

Neat IP Address Planner CLI

pkgs.nipap-www

Neat IP Address Planner CLI, web UI

pkgs.uriparser

Strictly RFC 3986 compliant URI parsing library

pkgs.frangipanni

Convert lines of text into a tree structure

pkgs.ipad_charge

Apple device USB charging utility for Linux

pkgs.nucleiparser

Nuclei output parser for CLI

pkgs.multipath-tools

Tools for the Linux multipathing storage driver

pkgs.ripasso-cursive

Simple password manager written in Rust

pkgs.multipart-parser-c

Http multipart parser implemented in C

pkgs.haskellPackages.ipa

Internal Phonetic Alphabet (IPA)

pkgs.python312Packages.nipap

Neat IP Address Planner

pkgs.python313Packages.nipap

Neat IP Address Planner

pkgs.python312Packages.ipaddr

IP address manipulation library

pkgs.python312Packages.ipadic

Contemporary Written Japanese dictionary

pkgs.python313Packages.ipaddr

IP address manipulation library

pkgs.python313Packages.ipadic

Contemporary Written Japanese dictionary

pkgs.haskellPackages.multipart

Parsers for the HTTP multipart format

pkgs.python312Packages.pynipap

Python client library for Neat IP Address Planner

pkgs.python313Packages.pynipap

Python client library for Neat IP Address Planner

pkgs.python312Packages.iniparse

Accessing and Modifying INI files

pkgs.python313Packages.iniparse

Accessing and Modifying INI files

pkgs.graylogPlugins.ipanonymizer

Graylog-server plugin that replaces the last octet of IP addresses in messages with xxx

pkgs.haskellPackages.unipatterns

Helpers which allow safe partial pattern matching in lambdas

pkgs.python312Packages.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.python312Packages.multipart

Parser for multipart/form-data

pkgs.python313Packages.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.python313Packages.multipart

Parser for multipart/form-data

pkgs.typstPackages.ascii-ipa_1_0_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_1_1_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_1_1_1

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_2_0_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.haskellPackages.multipart-names

Handling of multipart names in various casing styles

pkgs.haskellPackages.servant-multipart

multipart/form-data (e.g file upload) support for servant

pkgs.python312Packages.flask-principal

Identity management for flask

pkgs.python312Packages.types-ipaddress

Typing stubs for ipaddress

pkgs.python313Packages.flask-principal

Identity management for flask

pkgs.python313Packages.types-ipaddress

Typing stubs for ipaddress

pkgs.python312Packages.cached-ipaddress

Cache construction of ipaddress objects

pkgs.python312Packages.python-multipart

Streaming multipart parser for Python

pkgs.python312Packages.python-vipaccess

Free software implementation of Symantec's VIP Access application and protocol

pkgs.python312Packages.sansio-multipart

Parser for multipart/form-data

pkgs.python313Packages.cached-ipaddress

Cache construction of ipaddress objects

pkgs.python313Packages.python-multipart

Streaming multipart parser for Python

pkgs.python313Packages.python-vipaccess

Free software implementation of Symantec's VIP Access application and protocol

pkgs.python313Packages.sansio-multipart

Parser for multipart/form-data

pkgs.haskellPackages.http-client-multipart

Generate multipart uploads for http-client. (deprecated)

pkgs.haskellPackages.servant-multipart-api

multipart/form-data (e.g file upload) support for servant

pkgs.haskellPackages.servant-multipart-client

multipart/form-data (e.g file upload) support for servant

pkgs.python312Packages.nested-multipart-parser

Parser for nested data for 'multipart/form'

pkgs.python313Packages.nested-multipart-parser

Parser for nested data for 'multipart/form'

pkgs.haskellPackages.amazonka-connectparticipant

Amazon Connect Participant Service SDK

pkgs.haskellPackages.autodocodec-servant-multipart

Autodocodec interpreters for Servant Multipart

pkgs.chickenPackages_5.chickenEggs.multipart-form-data

Reads & decodes HTTP multipart/form-data requests.

pkgs.python312Packages.types-aiobotocore-connectparticipant

Type annotations for aiobotocore connectparticipant

pkgs.python313Packages.types-aiobotocore-connectparticipant

Type annotations for aiobotocore connectparticipant

pkgs.python312Packages.microsoft-kiota-serialization-multipart

Multipart serialization implementation for Kiota clients in Python

pkgs.python313Packages.microsoft-kiota-serialization-multipart

Multipart serialization implementation for Kiota clients in Python

Package maintainers: 24

CVE-2024-5742
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 months ago
Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

Affected products

nano
  • *

Matching in nixpkgs

pkgs.nano

Small, user-friendly console text editor

pkgs.nanomq

Ultra-lightweight and blazing-fast MQTT broker for IoT edge

pkgs.nanopb

Protocol Buffers with small code size

pkgs.nanorc

Improved Nano Syntax Highlighting Files

pkgs.nanodbc

Small C++ wrapper for the native C ODBC API

pkgs.nanomsg

Socket library that provides several common communication patterns

pkgs.nanotts

Speech synthesizer commandline utility that improves pico2wave, included with SVOX PicoTTS

pkgs.nanosaur

Port of Nanosaur, a 1998 Macintosh game by Pangea Software, for modern operating systems

pkgs.nanobench

Simple, fast, accurate single-header microbenchmarking functionality for C++11/14/17/20

pkgs.nanoemoji

Wee tool to build color fonts

pkgs.nanoflann

Header only C++ library for approximate nearest neighbor search

pkgs.nanosaur2

Port of Nanosaur2, a 2004 Macintosh game by Pangea Software, for modern operating systems

pkgs.fusee-nano

Minimalist re-implementation of the Fusée Gelée exploit

pkgs.nanovna-qt

PC GUI software for NanoVNA V2 series

pkgs.nano-wallet

Wallet for Nano cryptocurrency

pkgs.nanopbMalloc

Protocol Buffers with small code size

pkgs.nanovna-saver

Tool for reading, displaying and saving data from the NanoVNA

pkgs.nanoboyadvance

Cycle-accurate Nintendo Game Boy Advance emulator

pkgs.akkuPackages.nanopass

Nanopass Compiler Infrastructure

pkgs.haskellPackages.nanovg

Haskell bindings for nanovg

pkgs.kdePackages.plasma-nano

A minimal Plasma shell package

pkgs.haskellPackages.nano-erl

Small library for Erlang-style actor semantics

pkgs.haskellPackages.nanospec

A lightweight implementation of a subset of Hspec's API

pkgs.haskellPackages.nanotime

a tiny time library

pkgs.python312Packages.nanoid

Tiny, secure, URL-friendly, unique string ID generator for Python

pkgs.python313Packages.nanoid

Tiny, secure, URL-friendly, unique string ID generator for Python

pkgs.python312Packages.nanobind

Tiny and efficient C++/Python bindings

pkgs.python312Packages.nanoleaf

Module for interacting with Nanoleaf Aurora lighting

pkgs.python312Packages.nanotime

Provides a time object that keeps time as the number of nanoseconds since the UNIX epoch

pkgs.python313Packages.nanobind

Tiny and efficient C++/Python bindings

pkgs.python313Packages.nanoleaf

Module for interacting with Nanoleaf Aurora lighting

pkgs.python313Packages.nanotime

Provides a time object that keeps time as the number of nanoseconds since the UNIX epoch

pkgs.gnomeExtensions.nano-lights

DEPRECATED! Please use the `Smart Home` extension instead.

pkgs.python312Packages.nanoemoji

Wee tool to build color fonts

pkgs.python313Packages.nanoemoji

Wee tool to build color fonts

pkgs.python312Packages.pynanoleaf

Python3 wrapper for the Nanoleaf API, capable of controlling both Nanoleaf Aurora and Nanoleaf Canvas

pkgs.python313Packages.pynanoleaf

Python3 wrapper for the Nanoleaf API, capable of controlling both Nanoleaf Aurora and Nanoleaf Canvas

pkgs.python312Packages.aionanoleaf

Python wrapper for the Nanoleaf API

pkgs.python312Packages.nanoeigenpy

Support library for bindings between Eigen in C++ and Python, based on nanobind

pkgs.python313Packages.aionanoleaf

Python wrapper for the Nanoleaf API

pkgs.python313Packages.nanoeigenpy

Support library for bindings between Eigen in C++ and Python, based on nanobind

pkgs.python312Packages.nanomsg-python

Bindings for nanomsg

pkgs.python313Packages.nanomsg-python

Bindings for nanomsg

pkgs.chickenPackages_5.chickenEggs.nanomsg

pkgs.chickenPackages_5.chickenEggs.nanosleep

Interface to POSIX nanosleep

pkgs.home-assistant-component-tests.nanoleaf

Open source home automation that puts local control and privacy first

Package maintainers: 35