Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2023-41134 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 1 month, 1 week ago WordPress Antispam Bee plugin <= 2.11.3 - Country IP Restriction Bypass vulnerability Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3. antispam-bee =<2.11.3 pkgs.wordpressPackages.plugins.antispam-bee nixos-unstable ??? nixpkgs-unstable 2.11.7 CVE-2024-34803 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 1 month, 1 week ago WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. fastly =<1.2.25 pkgs.fastly Command line tool for interacting with the Fastly API nixos-unstable ??? nixpkgs-unstable 11.5.0 pkgs.prometheus-fastly-exporter Prometheus exporter for the Fastly Real-time Analytics API nixos-unstable ??? nixpkgs-unstable 9.5.0 pkgs.terraform-providers.fastly nixos-unstable ??? nixpkgs-unstable 5.17.0 Package maintainers: 4 @ereslibre Rafael Fernández López <ereslibre@ereslibre.es> @invokes-su Souvik Sen <nixpkgs-commits@deshaw.com> @de11n Elliot Cameron <nixpkgs-commits@deshaw.com> @despsyched Priyanshu Tripathi <priyanshu.tripathi@deshaw.com> CVE-2021-3899 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 1 week ago There is a race condition in the 'replaced executable' detection … There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. apport <2.21.0 pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable ??? nixpkgs-unstable 0.0.0.4 Package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de> CVE-2022-1242 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 1 week ago Apport can be tricked into connecting to arbitrary sockets as … Apport can be tricked into connecting to arbitrary sockets as the root user apport <2.21.0 pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable ??? nixpkgs-unstable 0.0.0.4 Package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de> CVE-2024-5197 created 1 month, 1 week ago Integer overflow in libvpx There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond libvpx <1.14.1 pkgs.libvpx WebM VP8/VP9 codec SDK nixos-unstable ??? nixpkgs-unstable 1.15.2 Package maintainers: 1 @codyopel Cody Opel <codyopel@gmail.com> CVE-2024-5138 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 1 week ago The snapctl component within snapd allows a confined snap to … The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar. snapd <68ee9c6aa916ab87dbfd9a26030690f2cabf1e14 pkgs.snapdragon-profiler Profiler for Android devices running Snapdragon chips nixos-unstable ??? nixpkgs-unstable 2021.2 CVE-2024-5564 7.4 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 1 week ago Libndp: buffer overflow in route information length field A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information. libndp * <1.7-7 pkgs.libndp Library for Neighbor Discovery Protocol nixos-unstable ??? nixpkgs-unstable 1.9 CVE-2024-2199 5.7 MEDIUM CVSS version: 3.1 Attack vector (AV): ADJACENT_NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 1 month, 1 week ago 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. 389-ds:1.4 * 389-ds-base * <3.1.1 redhat-ds:11 * redhat-ds:12 * 389-ds:1.4/389-ds-base redhat-ds:11/389-ds-base redhat-ds:12/389-ds-base pkgs._389-ds-base Enterprise-class Open Source LDAP server for Linux nixos-unstable ??? nixpkgs-unstable 3.1.3 Package maintainers: 1 @ners ners <ners@gmx.ch> CVE-2024-3657 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 1 month, 1 week ago 389-ds-base: potential denial of service via specially crafted kerberos as-req request A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service 389-ds:1.4 * 389-ds-base * redhat-ds:11 * redhat-ds:12 * 389-ds:1.4/389-ds-base redhat-ds:11/389-ds-base redhat-ds:12/389-ds-base pkgs._389-ds-base Enterprise-class Open Source LDAP server for Linux nixos-unstable ??? nixpkgs-unstable 3.1.3 Package maintainers: 1 @ners ners <ners@gmx.ch> CVE-2023-6349 created 1 month, 1 week ago Heap overflow in libvpx A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above libvpx <1.13.1 pkgs.libvpx WebM VP8/VP9 codec SDK nixos-unstable ??? nixpkgs-unstable 1.15.2 Package maintainers: 1 @codyopel Cody Opel <codyopel@gmail.com>
CVE-2023-41134 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 1 month, 1 week ago WordPress Antispam Bee plugin <= 2.11.3 - Country IP Restriction Bypass vulnerability Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3. antispam-bee =<2.11.3 pkgs.wordpressPackages.plugins.antispam-bee nixos-unstable ??? nixpkgs-unstable 2.11.7
CVE-2024-34803 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 1 month, 1 week ago WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. fastly =<1.2.25 pkgs.fastly Command line tool for interacting with the Fastly API nixos-unstable ??? nixpkgs-unstable 11.5.0 pkgs.prometheus-fastly-exporter Prometheus exporter for the Fastly Real-time Analytics API nixos-unstable ??? nixpkgs-unstable 9.5.0 pkgs.terraform-providers.fastly nixos-unstable ??? nixpkgs-unstable 5.17.0 Package maintainers: 4 @ereslibre Rafael Fernández López <ereslibre@ereslibre.es> @invokes-su Souvik Sen <nixpkgs-commits@deshaw.com> @de11n Elliot Cameron <nixpkgs-commits@deshaw.com> @despsyched Priyanshu Tripathi <priyanshu.tripathi@deshaw.com>
pkgs.fastly Command line tool for interacting with the Fastly API nixos-unstable ??? nixpkgs-unstable 11.5.0
pkgs.prometheus-fastly-exporter Prometheus exporter for the Fastly Real-time Analytics API nixos-unstable ??? nixpkgs-unstable 9.5.0
CVE-2021-3899 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 1 week ago There is a race condition in the 'replaced executable' detection … There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. apport <2.21.0 pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable ??? nixpkgs-unstable 0.0.0.4 Package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de>
pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable ??? nixpkgs-unstable 0.0.0.4
CVE-2022-1242 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 1 week ago Apport can be tricked into connecting to arbitrary sockets as … Apport can be tricked into connecting to arbitrary sockets as the root user apport <2.21.0 pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable ??? nixpkgs-unstable 0.0.0.4 Package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de>
pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable ??? nixpkgs-unstable 0.0.0.4
CVE-2024-5197 created 1 month, 1 week ago Integer overflow in libvpx There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond libvpx <1.14.1 pkgs.libvpx WebM VP8/VP9 codec SDK nixos-unstable ??? nixpkgs-unstable 1.15.2 Package maintainers: 1 @codyopel Cody Opel <codyopel@gmail.com>
CVE-2024-5138 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 1 week ago The snapctl component within snapd allows a confined snap to … The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar. snapd <68ee9c6aa916ab87dbfd9a26030690f2cabf1e14 pkgs.snapdragon-profiler Profiler for Android devices running Snapdragon chips nixos-unstable ??? nixpkgs-unstable 2021.2
pkgs.snapdragon-profiler Profiler for Android devices running Snapdragon chips nixos-unstable ??? nixpkgs-unstable 2021.2
CVE-2024-5564 7.4 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 1 week ago Libndp: buffer overflow in route information length field A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information. libndp * <1.7-7 pkgs.libndp Library for Neighbor Discovery Protocol nixos-unstable ??? nixpkgs-unstable 1.9
CVE-2024-2199 5.7 MEDIUM CVSS version: 3.1 Attack vector (AV): ADJACENT_NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 1 month, 1 week ago 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. 389-ds:1.4 * 389-ds-base * <3.1.1 redhat-ds:11 * redhat-ds:12 * 389-ds:1.4/389-ds-base redhat-ds:11/389-ds-base redhat-ds:12/389-ds-base pkgs._389-ds-base Enterprise-class Open Source LDAP server for Linux nixos-unstable ??? nixpkgs-unstable 3.1.3 Package maintainers: 1 @ners ners <ners@gmx.ch>
pkgs._389-ds-base Enterprise-class Open Source LDAP server for Linux nixos-unstable ??? nixpkgs-unstable 3.1.3
CVE-2024-3657 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 1 month, 1 week ago 389-ds-base: potential denial of service via specially crafted kerberos as-req request A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service 389-ds:1.4 * 389-ds-base * redhat-ds:11 * redhat-ds:12 * 389-ds:1.4/389-ds-base redhat-ds:11/389-ds-base redhat-ds:12/389-ds-base pkgs._389-ds-base Enterprise-class Open Source LDAP server for Linux nixos-unstable ??? nixpkgs-unstable 3.1.3 Package maintainers: 1 @ners ners <ners@gmx.ch>
pkgs._389-ds-base Enterprise-class Open Source LDAP server for Linux nixos-unstable ??? nixpkgs-unstable 3.1.3
CVE-2023-6349 created 1 month, 1 week ago Heap overflow in libvpx A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above libvpx <1.13.1 pkgs.libvpx WebM VP8/VP9 codec SDK nixos-unstable ??? nixpkgs-unstable 1.15.2 Package maintainers: 1 @codyopel Cody Opel <codyopel@gmail.com>