Nixpkgs security tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: cpcfs

Found 3 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-5476
4.6 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Adjacent (A)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Not Defined (X)
  • Remediation Level (RL): Not Defined (X)
  • Report Confidence (RC): Reasonable (R)
  • Modified Attack Vector (MAV): Adjacent (A)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
created 1 month, 3 weeks ago Activity log
  • Created suggestion 1 month, 3 weeks ago
NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow

A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project.

Affected products

cFS
  • ==7.0

Matching in nixpkgs

pkgs.cfssl

Cloudflare's PKI and TLS toolkit

pkgs.encfs

Encrypted filesystem in user-space via FUSE

pkgs.lxcfs

FUSE filesystem for LXC

pkgs.gencfsm

EncFS manager and mounter with GNOME3 integration

  • nixos-unstable 1.9
    • nixpkgs-unstable 1.9
    • nixos-unstable-small 1.9
  • nixos-25.11 1.9
    • nixos-25.11-small 1.9
    • nixpkgs-25.11-darwin 1.9
Permalink CVE-2026-5473
4.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Not Defined (X)
  • Report Confidence (RC): Reasonable (R)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
created 1 month, 3 weeks ago Activity log
  • Created suggestion 1 month, 3 weeks ago
NASA cFS Pickle pickle.load deserialization

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

cFS
  • ==7.0

Matching in nixpkgs

pkgs.cfssl

Cloudflare's PKI and TLS toolkit

pkgs.encfs

Encrypted filesystem in user-space via FUSE

pkgs.lxcfs

FUSE filesystem for LXC

pkgs.gencfsm

EncFS manager and mounter with GNOME3 integration

  • nixos-unstable 1.9
    • nixpkgs-unstable 1.9
    • nixos-unstable-small 1.9
  • nixos-25.11 1.9
    • nixos-25.11-small 1.9
    • nixpkgs-25.11-darwin 1.9
Permalink CVE-2026-1739
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
created 3 months, 3 weeks ago Activity log
  • Created suggestion 3 months, 3 weeks ago
Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference

A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.

Affected products

pcf
  • ==1.4.0
  • ==1.4.1

Matching in nixpkgs

pkgs.cpcfs

Manipulating CPC dsk images and files

pkgs.bdftopcf

Converts X font from Bitmap Distribution Format to Portable Compiled Format

  • nixos-unstable 1.1.2
    • nixpkgs-unstable 1.1.2
    • nixos-unstable-small 1.1.2
  • nixos-25.11 -
    • nixos-25.11-small 1.1.2
    • nixpkgs-25.11-darwin 1.1.2

Package maintainers