Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-4340
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

sqlparse
<0.5.0

pkgs.python312Packages.sqlparse

Non-validating SQL parser for Python

pkgs.python313Packages.sqlparse

Non-validating SQL parser for Python
CVE-2024-33522
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Privilege escalation in Calico CNI install binary

In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.

cni-plugin
<v3.26.5
<v3.19.0-2.0
<v3.18.2
<v3.17.4
==v3.28.0
<v3.27.3
<v19.3.0

pkgs.cni-plugins

Some standard networking plugins, maintained by the CNI team

pkgs.dnsname-cni

DNS name resolution for containers

pkgs.calico-cni-plugin

Cloud native networking and network security

pkgs.cni-plugin-flannel

Network fabric for containers designed to work in conjunction with flannel
Package maintainers: 5
CVE-2024-3154
7.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Cri-o: arbitrary command injection via pod annotation

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

cri-o
==1.29.3
*
==1.28.5
==1.27.6
==1.28.6
==1.30.0
==1.29.4
==1.27.5

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
Package maintainers: 2
CVE-2023-32665
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Gvariant deserialisation does not match spec for non-normal data

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

glib
glib2
mingw-glib2

pkgs.glib

C library of programming buildings blocks

pkgs.glibc

GNU C Library

pkgs.iconv

GNU C Library

pkgs.alglib

Numerical analysis and data processing library

pkgs.glibmm

C++ interface to the GLib library

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.spglib

C library for finding and handling crystal symmetries

pkgs.taglib

Library for reading and editing audio file metadata

pkgs.poppler

PDF rendering library

pkgs.libiconv

pkgs.taglib_1

Library for reading and editing audio file metadata

pkgs.dbus-glib

Obsolete glib bindings for D-Bus lightweight IPC mechanism

pkgs.glibcInfo

GNU Info manual of the GNU C Library

pkgs.json-glib

Library providing (de)serialization support for the JavaScript Object Notation (JSON) format

pkgs.arrow-glib

GLib bindings for Apache Arrow

pkgs.i3ipc-glib

C interface library to i3wm

pkgs.poppler_gi

PDF rendering library

pkgs.glibmm_2_68

C++ interface to the GLib library

pkgs.libdbusmenu

Library for passing menu structures across DBus

pkgs.libglibutil

Library of glib utilities

pkgs.libzim-glib

Partial GObject/C bindings for libzim

pkgs.glib-testing

Test library providing test harnesses and mock classes complementing the classes provided by GLib

pkgs.glibcLocales

Locale information for the GNU C Library

pkgs.jsonrpc-glib

Library to communicate using the JSON-RPC 2.0 specification

pkgs.libgit2-glib

Glib wrapper library around the libgit2 git access library

pkgs.libqrtr-glib

Qualcomm IPC Router protocol helper library

pkgs.libvirt-glib

Wrapper library of libvirt for glib-based applications

pkgs.taglib-sharp

Library for reading and writing metadata in media files

pkgs.safestringlib

Safer replacements for C library functions that prevent serious security vulnerabilities

pkgs.taglib_extras

Additional taglib plugins

pkgs.template-glib

Library for template expansion which supports calling into GObject Introspection from templates

pkgs.appstream-glib

Objects and helper methods to read and write AppStream metadata

pkgs.geocode-glib_2

Convenience library for the geocoding and reverse geocoding using Nominatim service

pkgs.glibc_memusage

GNU C Library

pkgs.libsignon-glib

Library for managing single signon credentials which can be used from GLib applications

pkgs.glib-networking

Network-related giomodules for glib

pkgs.glibcLocalesUtf8

Locale information for the GNU C Library

pkgs.libaccounts-glib

Library for managing accounts which can be used from GLib applications

pkgs.kdePackages.taglib

Library for reading and editing audio file metadata

pkgs.haskellPackages.glib

Binding to the GLIB library for Gtk2Hs

pkgs.haskellPackages.taglib

Binding to TagLib (ID3 tag library)

pkgs.appmenu-glib-translator

Library for translating from DBusMenu to GMenuModel

pkgs.haskellPackages.gi-glib

GLib bindings

pkgs.haskellPackages.htaglib

Bindings to TagLib, audio meta-data library

pkgs.python312Packages.dbglib

pkgs.python312Packages.spglib

Python bindings for C library for finding and handling crystal symmetries

pkgs.python312Packages.svglib

Pure-Python library for reading and converting SVG

pkgs.python313Packages.dbglib

pkgs.python313Packages.spglib

Python bindings for C library for finding and handling crystal symmetries

pkgs.python313Packages.svglib

Pure-Python library for reading and converting SVG

pkgs.rubyPackages.taglib-ruby

pkgs.python312Packages.pytaglib

Python bindings for the Taglib audio metadata library

pkgs.python313Packages.pytaglib

Python bindings for the Taglib audio metadata library

pkgs.haskellPackages.glib-stopgap

Stopgap package of binding for GLib

pkgs.python312Packages.kconfiglib

Flexible Python 2/3 Kconfig implementation and library

pkgs.python313Packages.kconfiglib

Flexible Python 2/3 Kconfig implementation and library

pkgs.rubyPackages_3_1.taglib-ruby

pkgs.rubyPackages_3_2.taglib-ruby

pkgs.rubyPackages_3_3.taglib-ruby

pkgs.rubyPackages_3_4.taglib-ruby

pkgs.haskellPackages.bindings-glib

Low level bindings to GLib

pkgs.haskellPackages.uu-parsinglib

Fast, online, error-correcting, monadic, applicative, merging, permuting, interleaving, idiomatic parser combinators

pkgs.python312Packages.python-hglib

Library with a fast, convenient interface to Mercurial. It uses Mercurial’s command server for communication with hg

pkgs.python313Packages.python-hglib

Library with a fast, convenient interface to Mercurial. It uses Mercurial’s command server for communication with hg

pkgs.haskellPackages.gtk2hs-cast-glib

A type class for cast functions of Gtk2hs: glib package

pkgs.chickenPackages_5.chickenEggs.taglib

Bindings to taglib

pkgs.python312Packages.locationsharinglib

Python package to retrieve coordinates from a Google account

pkgs.python313Packages.locationsharinglib

Python package to retrieve coordinates from a Google account

pkgs.tests.pkg-config.defaultPkgConfigPackages.taglib

Test whether taglib-2.1.1 exposes pkg-config modules taglib
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags.glibcxxassertionsStdenvUnsupp

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages.taglib_c

Test whether taglib-2.1.1 exposes pkg-config modules taglib_c
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages."gio-2.0"

Test whether glib-2.84.4 exposes pkg-config modules gio-2.0
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitEnabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitDisabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages.poppler-glib

Test whether poppler-glib-25.07.0 exposes pkg-config modules poppler-glib
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages."gobject-2.0"

Test whether glib-2.84.4 exposes pkg-config modules gobject-2.0
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages."gthread-2.0"

Test whether glib-2.84.4 exposes pkg-config modules gthread-2.0
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages."dbusmenu-glib-0.4"

Test whether libdbusmenu-glib-16.04.0 exposes pkg-config modules dbusmenu-glib-0.4
  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 27
CVE-2024-33682
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress WP GDPR Compliance plugin <= 2.0.23 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23.

wp-gdpr-compliance
=<2.0.23

pkgs.wordpressPackages.plugins.wp-gdpr-compliance

CVE-2023-6717
6.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): LOW
created 1 month, 1 week ago
Keycloak: xss via assertion consumer service url in saml post-binding flow

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.

keycloak
<22.0.10
<24.0.3
mta/mta-ui-rhel8
mta/mta-ui-rhel9
rh-sso7-keycloak
rhdh-hub-container
rhbk/keycloak-rhel9
*
rhdh/rhdh-hub-rhel9
org.keycloak/keycloak-core
org.keycloak-keycloak-parent
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
openshift-gitops-1/gitops-rhel8-operator
openshift-serverless-1/logic-rhel8-operator
*
openshift-serverless-1/logic-operator-bundle
*
openshift-serverless-1/logic-swf-builder-rhel8
*
openshift-serverless-1/logic-swf-devmode-rhel8
*
openshift-serverless-1-logic-rhel8-operator-container
*
openshift-serverless-1/logic-data-index-ephemeral-rhel8
*
openshift-serverless-1-logic-swf-builder-rhel8-container
*
openshift-serverless-1-logic-swf-devmode-rhel8-container
*
openshift-serverless-1/logic-data-index-postgresql-rhel8
*
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8
*
openshift-serverless-1/logic-jobs-service-postgresql-rhel8
*
openshift-serverless-1-logic-rhel8-operator-bundle-container
*
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8
*
openshift-serverless-1-logic-data-index-ephemeral-rhel8-container
*
openshift-serverless-1-logic-data-index-postgresql-rhel8-container
*
openshift-serverless-1-logic-jobs-service-ephemeral-rhel8-container
*
openshift-serverless-1-logic-jobs-service-postgresql-rhel8-container
*
openshift-serverless-1-logic-kn-workflow-cli-artifacts-rhel8-container
*

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API
Package maintainers: 4
CVE-2023-3597
5.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
Keycloak: secondary factor bypass in step-up authentication

A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.

keycloak
<22.0.10
<24.0.3
rhbk/keycloak-rhel9
*
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API
Package maintainers: 4
CVE-2023-6484
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago
Keycloak: log injection during webauthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.

keycloak
<23.0.5
<22.0.9
rh-sso7-keycloak
*
rhbk/keycloak-rhel9
*
rh-sso-7/sso7-rhel8-operator
*
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
rh-sso-7/sso76-openshift-rhel8
*
rh-sso-7/sso7-rhel8-init-container
*
rh-sso-7/sso7-rhel8-operator-bundle
*
keycloak-rhel9-operator-bundle-container

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API
Package maintainers: 4
CVE-2024-2905
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 1 week ago
Rpm-ostree: world-readable /etc/shadow file

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.

rpm-ostree
==1.2024.4
*

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model
CVE-2024-0406
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 1 week ago
Mholt/archiver: path traversal vulnerability

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

archiver
*
*
openshift4/oc-mirror-plugin-rhel8
openshift4/oc-mirror-plugin-rhel9
*
advanced-cluster-security/rhacs-main-rhel8
advanced-cluster-security/rhacs-roxctl-rhel8
advanced-cluster-security/rhacs-scanner-rhel8

pkgs.archiver

Easily create & extract archives, and compress & decompress files of various formats

pkgs.xarchiver

GTK frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)

pkgs.fsarchiver

File system archiver for linux

pkgs.the-unarchiver

Unpacks archive files

pkgs.lxqt.lxqt-archiver

Archive tool for the LXQt desktop environment

pkgs.CuboCore.corearchiver

Archiver from the C Suite to create and extract archives

pkgs.wayback-machine-archiver

Python script to submit web pages to the Wayback Machine for archiving

pkgs.python312Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict

pkgs.python313Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict
Package maintainers: 6