Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2024-31253
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months ago
WordPress WP OAuth Server (OAuth Authentication) plugin <= 4.3.3 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3.

Affected products

oauth2-provider
  • =<4.3.3

Matching in nixpkgs

pkgs.haskellPackages.hoauth2-providers

OAuth2 Identity Providers

CVE-2024-3446
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
Qemu: virtio: dma reentrancy issue leads to double free vulnerability

A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.

Affected products

qemu
qemu-kvm
virt:rhel
  • *
qemu-kvm-ma
virt-devel:rhel
  • *
virt:av/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

pkgs.python312Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

pkgs.python313Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

Package maintainers: 11

CVE-2024-1233
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
Jboss eap: wildfly-elytron has a ssrf security issue

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

Affected products

eap
wildfly
  • <32.0.0.Final
eap7-netty
  • *
eap7-wss4j
  • *
eap7-wildfly
  • *
eap7-undertow
  • *
eap7-hibernate
  • *
eap7-apache-cxf
  • *
eap7-infinispan
  • *
eap7-hal-console
  • *
eap8-elytron-web
  • *
eap7-glassfish-el
  • *
eap7-jackson-core
  • *
eap7-xml-security
  • *
eap7-jboss-modules
  • *
eap7-jboss-metadata
  • *
eap7-wildfly-elytron
  • *
eap7-wildfly-openssl
  • *
eap8-wildfly-elytron
  • *
eap7-jackson-databind
  • *
eap7-jboss-ejb-client
  • *
eap7-wildfly-discovery
  • *
eap7-jackson-annotations
  • *
eap7-wildfly-http-client
  • *
eap7-jackson-modules-base
  • *
eap7-jackson-modules-java8
  • *
eap7-wildfly-naming-client
  • *
eap7-wildfly-openssl-linux
  • *
eap7-jboss-jsf-api_2.3_spec
  • *
eap7-jboss-server-migration
  • *
eap7-jackson-jaxrs-providers
  • *
eap7-wildfly-transaction-client
  • *
org.wildfly.security/wildfly-elytron
  • *

Matching in nixpkgs

pkgs.reap

Run process until all its spawned processes are dead

pkgs.leaps

Pair programming tool and library written in Golang

pkgs.reaper

Digital audio workstation

pkgs.teapot

Table Editor And Planner, Or: Teapot

pkgs.adreaper

Enumeration tool for Windows Active Directories

pkgs.reaper-go

Application security testing framework

pkgs.input-leap

Open-source KVM software

pkgs.tuleap-cli

Command-line interface for the Tuleap API

pkgs.libfreeaptx

Free Implementation of Audio Processing Technology codec (aptX)

pkgs.haxePackages.heaps

GPU game framework

pkgs.pineapple-pictures

Homebrew lightweight image viewer

pkgs.haskellPackages.eap

Extensible Authentication Protocol (EAP)

pkgs.haskellPackages.heap

Heaps in Haskell

pkgs.reaper-sws-extension

Reaper Plugin Extension

pkgs.sbclPackages.cl-heap

pkgs.haskellPackages.heaps

Asymptotically optimal Brodal/Okasaki heaps

pkgs.akkuPackages.pfds-heap

Heap data structure

pkgs.luaPackages.binaryheap

Binary heap implementation in pure Lua

pkgs.python312Packages.deap

Novel evolutionary computation framework for rapid prototyping and testing of ideas

pkgs.python313Packages.deap

Novel evolutionary computation framework for rapid prototyping and testing of ideas

pkgs.gnomeExtensions.ideapad

Lenovo IdeaPad goodies for Gnome Shell

pkgs.haskellPackages.heapsize

Determine the size of runtime data structures

pkgs.lua51Packages.binaryheap

Binary heap implementation in pure Lua

pkgs.lua52Packages.binaryheap

Binary heap implementation in pure Lua

pkgs.lua53Packages.binaryheap

Binary heap implementation in pure Lua

pkgs.lua54Packages.binaryheap

Binary heap implementation in pure Lua

pkgs.python312Packages.pyeapi

Client for Arista eAPI

pkgs.python313Packages.pyeapi

Client for Arista eAPI

pkgs.reaper-reapack-extension

Package manager for REAPER

pkgs.luajitPackages.binaryheap

Binary heap implementation in pure Lua

pkgs.python312Packages.coreapi

Python client library for Core API

pkgs.haskellPackages.cheapskate

Experimental markdown processor

pkgs.perlPackages.HeapFibonacci

Perl extensions for keeping data partially sorted

pkgs.python312Packages.heapdict

Heap with decrease-key and increase-key operations

pkgs.python313Packages.heapdict

Heap with decrease-key and increase-key operations

pkgs.python312Packages.jaydebeapi

Use JDBC database drivers from Python 2/3 or Jython with a DB-API

pkgs.python313Packages.jaydebeapi

Use JDBC database drivers from Python 2/3 or Jython with a DB-API

pkgs.haskellPackages.ghc-heap-view

Extract the heap representation of Haskell values and thunks

pkgs.haskellPackages.meldable-heap

Asymptotically optimal, Coq-verified meldable heaps, AKA priority queues

pkgs.perl538Packages.HeapFibonacci

Perl extensions for keeping data partially sorted

pkgs.perl540Packages.HeapFibonacci

Perl extensions for keeping data partially sorted

pkgs.python312Packages.pynamecheap

Namecheap API client in Python

pkgs.python313Packages.pynamecheap

Namecheap API client in Python

pkgs.terraform-providers.namecheap

pkgs.python312Packages.tami4edgeapi

Python API client for Tami4 Edge / Edge+ devices

pkgs.python313Packages.tami4edgeapi

Python API client for Tami4 Edge / Edge+ devices

pkgs.python312Packages.aioesphomeapi

Python Client for ESPHome native API

pkgs.python313Packages.aioesphomeapi

Python Client for ESPHome native API

pkgs.gnomeExtensions.ideapad-controls

Control Lenovo IdeaPad laptops options: Conservation Mode, Camera Lock, Fn Lock, Touchpad Lock, USB charging

pkgs.haskellPackages.cheapskate-lucid

Use cheapskate with Lucid

pkgs.gnomeExtensions.transcodeappsearch

Searching apps both direct and transcoded name (English, Russian, Ukrainian langs)

pkgs.rubyPackages.jekyll-theme-leap-day

pkgs.azure-cli-extensions.healthcareapis

Microsoft Azure Command-Line Tools HealthcareApisManagementClient Extension

pkgs.haskellPackages.leapseconds-announced

Leap seconds announced at library release time

pkgs.rubyPackages_3_1.jekyll-theme-leap-day

pkgs.rubyPackages_3_2.jekyll-theme-leap-day

pkgs.rubyPackages_3_3.jekyll-theme-leap-day

pkgs.rubyPackages_3_4.jekyll-theme-leap-day

pkgs.home-assistant-component-tests.spaceapi

Open source home automation that puts local control and privacy first

pkgs.kubernetes-helmPlugins.helm-mapkubeapis

Helm plugin which maps deprecated or removed Kubernetes APIs in a release to supported APIs

pkgs.chickenPackages_5.chickenEggs.binary-heap

Binary heap.

pkgs.chickenPackages_5.chickenEggs.heap-o-rama

...

pkgs.python312Packages.googleapis-common-protos

Common protobufs used in Google APIs

pkgs.python313Packages.googleapis-common-protos

Common protobufs used in Google APIs

pkgs.home-assistant-component-tests.namecheapdns

Open source home automation that puts local control and privacy first

pkgs.typstPackages.cyberschool-errorteaplate_0_1_3

This is a template originaly made for the Cyberschool of Rennes, a Cybersecurity school

pkgs.typstPackages.cyberschool-errorteaplate_0_1_4

This is a template originaly made for the Cyberschool of Rennes, a Cybersecurity school

pkgs.typstPackages.cyberschool-errorteaplate_0_1_5

This is a template originaly made for the Cyberschool of Rennes, a Cybersecurity school

Package maintainers: 37

CVE-2024-31308
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 3 months ago
WordPress WP Import Export Lite & WP Import Export plugin <= 3.9.26 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.

Affected products

wp-import-export-lite
  • =<3.9.26

Matching in nixpkgs

pkgs.wordpressPackages.plugins.wp-import-export-lite

CVE-2024-31083
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
Xorg-x11-server: user-after-free in procrenderaddglyphs

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.

Affected products

tigervnc
  • *
xorg-x11-server
  • ==21.1.12
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

CVE-2024-2312
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months ago
GRUB2 does not call the module fini functions on exit, …

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

Affected products

grub2
  • <2.12-1ubuntu5

Matching in nixpkgs

pkgs.grub2_pvgrub_image

PvGrub2 image for booting PV Xen guests

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.grub2_pvhgrub_image

PvGrub2 image for booting PVH Xen guests

  • nixos-unstable ???
    • nixpkgs-unstable

Package maintainers: 4

CVE-2024-31080
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 3 months ago
Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Affected products

tigervnc
  • *
xorg-server
  • *
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

CVE-2024-3296
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months ago
Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack

A timing-based side-channel exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

Affected products

bootc
389-ds-base
rust-bootupd
rust-openssl
  • *
rust-zincati
keylime-agent-rust
389-ds:1.4/389-ds-base
python3.12-cryptography
389-directory-server:next/389-ds-base
389-directory-server:stable/389-ds-base
389-directory-server:testing/389-ds-base

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

pkgs.podman-bootc

Streamlining podman+bootc interactions

pkgs.mlxbf-bootctl

Control BlueField boot partitions

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

pkgs.python312Packages.cryptography

Package which provides cryptographic recipes and primitives

Package maintainers: 7

CVE-2024-31081
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 3 months ago
Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Affected products

tigervnc
  • *
xorg-server
  • ==1.7.0
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

CVE-2024-31082
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 3 months ago
Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap

A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Affected products

tigervnc
xorg-server
  • <21.1.12
xorg-x11-server
xorg-x11-server-Xwayland

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL