Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: perl538Packages.MojoliciousPluginOpenAPI

Found 27 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2024-58135
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets

Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

References

Affected products

Mojolicious
  • =<*
  • =<9.40
  • =<9.39

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2024-58134
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 6 months ago
Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default

Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

References

Affected products

Mojolicious
  • =<*
  • =<9.40
  • =<9.39

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2024-21981
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 6 months ago
Improper key usage control in AMD Secure Processor (ASP) may …

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

References

Affected products

PI
  • ==various
epyc
  • *
ryzen
  • *
athlon
  • *
AMD EPYC™ 7002 Series Processors
  • ==various
AMD EPYC™ 7003 Series Processors
  • ==various
AMD EPYC™ Embedded 3000 Series Processors
  • ==various
AMD EPYC™ Embedded 7002 Series Processors
  • ==various
AMD EPYC™ Embedded 7003 Series Processors
  • ==various
AMD Ryzen™ 3000 Series Desktop Processors
  • ==various
AMD Ryzen™ 5000 Series Desktop Processors
  • ==various
AMD Ryzen™ Embedded 5000 Series Processors
  • ==various
AMD Ryzen™ Embedded R1000 Series Processors
  • ==various
AMD Ryzen™ Embedded R2000 Series Processors
  • ==various
AMD Ryzen™ Embedded V1000 Series Processors
  • ==various
AMD Ryzen™ Threadripper™ PRO 5000WX Processors
  • ==various
AMD Ryzen™ Threadripper™ 3000 Series Processors
  • ==various
AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
  • ==various
AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
  • ==various
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
  • ==various
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
  • ==various
AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
  • ==various
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Untriaged
Permalink CVE-2021-26387
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Insufficient access controls in ASP kernel may allow a privileged …

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.

References

Affected products

PI
  • ==various
AMD EPYC™ 7002 Series Processors
  • ==various
AMD EPYC™ 7003 Series Processors
  • ==various
AMD EPYC™ 9004 Series Processors
  • ==various
AMD EPYC™ Embedded 3000 Series Processors
  • ==various
AMD EPYC™ Embedded 7002 Series Processors
  • ==various
AMD EPYC™ Embedded 7003 Series Processors
  • ==various
AMD EPYC™ Embedded 9003 Series Processors
  • ==various
AMD Ryzen™ 3000 Series Desktop Processors
  • ==ComboAM4PI 1.0.0.9
  • ==ComboAM4 V2 PI 1.2.0.8
AMD Ryzen™ 5000 Series Desktop Processors
  • ==ComboAM4 V2 PI 1.2.0.8
AMD Ryzen™ 7000 Series Desktop Processors
  • ==ComboAM5 1.0.8.0
AMD Ryzen™ Embedded 5000 Series Processors
  • ==EmbAM4PI 1.0.0.2
AMD Ryzen™ Embedded R1000 Series Processors
  • ==EmbeddedPI-FP5 1.2.0.A
AMD Ryzen™ Embedded R2000 Series Processors
  • ==EmbeddedR2KPI-FP5 1.0.0.2
AMD Ryzen™ Embedded V1000 Series Processors
  • ==EmbeddedPI-FP5 1.2.0.A
AMD Ryzen™ Embedded V2000 Series Processors
  • ==EmbeddedPI-FP6 1.0.0.6
AMD Ryzen™ Embedded V3000 Series Processors
  • ==EmbeddedPI-FP7r2 1.0.0.9
AMD Ryzen™ Threadripper™ PRO 5000WX Processors
  • ==ChagallWSPI-sWRX8 1.0.0.2
AMD Ryzen™ Threadripper™ 3000 Series Processors
  • ==CastlePeakPI-SP3r3 1.0.0.7
AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
  • ==ChagallWSPI-sWRX8 1.0.0.2
  • ==CastlePeakWSPI-sWRX8 1.0.0.9
AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
  • ==CezannePI-FP6 1.0.0.9
AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
  • ==CezannePI-FP6 1.0.0.9
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
  • ==RembrandtPI-FP7 1.0.0.9b
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
  • ==RembrandtPI-FP7 1.0.0.9b
AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
  • ==PicassoPI-FP5 1.0.0.E
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
  • ==RenoirPI-FP6 1.0.0.8
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
  • ==ComboAM4v2 PI 1.2.0.6
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
  • ==CezannePI-FP6 1.0.0.9
  • ==CezannePI-FP6 1.0.0.9
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
  • ==ComboAM4v2 PI 1.2.0.5
AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
  • ==ComboAM4v2 PI 1.2.0.8
  • ==ComboAM4PI 1.0.0.9
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
  • ==PollockPI-FT5 1.0.0.4
  • ==PicassoPI-FP5 1.0.0.E

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Untriaged
Permalink CVE-2023-20578
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with …

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

References

Affected products

PI
  • ==NaplesPI 1.0.0.K
epyc_7001
  • ==1.0.0.k
epyc_7002
  • ==1.0.0.g
epyc_9004
  • ==1.0.0.2
epyc_embedded_3000
  • ==1.1.0.a
epyc_embedded_7002
  • ==1.0.0.a
epyc_embedded_7003
  • ==1.0.0.7
epyc_embedded_9003
  • ==1.0.0.0
ryzen_embedded_7000
  • ==1.0.0.0
ryzen_embedded_v3000
  • ==1.0.0.8
AMD EPYC™ Embedded 3000
  • ==SnowyOwl PI 1.1.0.A
AMD EPYC™ Embedded 7002
  • ==EmbRomePI-SP3 1.0.0.A
AMD EPYC™ Embedded 7003
  • ==EmbMilanPI-SP3 1.0.0.7
AMD EPYC™ Embedded 9003
  • ==EmbGenoaPI-SP5 1.0.0.0
AMD RyzenTM Embedded V3000
  • ==EmbeddedPI-FP7r2 1.0.0.8
AMD Ryzen™ Embedded 7000
  • ==EmbeddedAM5PI 1.0.0.0
AMD EPYC™ 7002 Processors
  • ==RomePI 1.0.0.G
AMD EPYC™ 7003 Processors
  • ==MilanPI 1.0.0.B
AMD EPYC™ 9004 Processors
  • ==GenoaPI 1.0.0.2
AMD Ryzen™ 7000 Series Desktop Processors
  • ==ComboAM5 1.0.0.1
AMD Ryzen™ Threadripper™ PRO 5000WX Processors
  • ==ChagallWSPI-sWRX8 1.0.0.7
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
  • ==RembrandtPI-FP7 1.0.0.9b
AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
  • ==MendocinoPI-FT6 1.0.0.0
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
  • ==RembrandtPI-FP7 1.0.0.9b

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Untriaged
Permalink CVE-2023-31315
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Improper validation in a model specific register (MSR) could allow …

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

References

Affected products

PI
  • <Milan PI 1.0.0.D
epyc_embedded_3000
  • ==various
epyc_embedded_7002
  • ==various
epyc_embedded_7003
  • ==various
epyc_embedded_9003
  • <emgenoa.pi.1.0.0.7
  • ==various
ryzen_embedded_5000
  • ==various
ryzen_embedded_7000
  • ==various
ryzen_embedded_r1000
  • ==various
ryzen_embedded_r2000
  • ==various
ryzen_embedded_v1000
  • ==various
ryzen_embedded_v2000
  • ==various
ryzen_embedded_v3000
  • ==various
AMD EPYC™ Embedded 3000
  • ==various
AMD EPYC™ Embedded 7002
  • ==various
AMD EPYC™ Embedded 7003
  • ==various
AMD EPYC™ Embedded 9003
  • <EmbGenoaPI 1.0.0.7
AMD Ryzen™ Embedded 5000
  • ==various
AMD Ryzen™ Embedded 7000
  • ==various
1st_gen_amd_epyc_processors
  • <naples.pi.1.0.0.m
2nd_gen_amd_epyc_processors
  • <rome.pi.1.0.0.j
3rd_gen_amd_epyc_processors
  • <milan.pi.1.0.0.d
4th_gen_amd_epyc_processors
  • <genoa_pi_1.0.0.c
AMD Ryzen™ Embedded R1000
  • ==various
AMD Ryzen™ Embedded R2000
  • ==various
AMD Ryzen™ Embedded V1000
  • ==various
AMD Ryzen™ Embedded V2000
  • ==various
AMD Ryzen™ Embedded V3000
  • ==various
ryzen_7000_desktop_processors
  • <comboam5pi.1.2.0.1
1st Gen AMD EPYC™ Processors
  • <Naples PI 1.0.0.M
2nd Gen AMD EPYC™ Processors
  • <Rome PI 1.0.0.J
4th Gen AMD EPYC™ Processors
  • <Genoa PI 1.0.0.C
ryzen_threadripper_pro_processors
  • <castlepeakwspi-swrx8.1.0.0.8
  • <chagallwspi-swrx8.1.0.0.8
ryzen_7045_series_mobile_processors
  • <dragonrangefl1.1.0.0.3e
ryzen_3000_series_desktop_processors
  • ==various
ryzen_5000_series_desktop_processors
  • <comboam4v2pi.1.2.0.cb
  • ==various
ryzen_6000_processors_with_radeongraphics
  • <remembrandtpi-fp7.1.0.0.b
ryzen_7020_processors_with_radeongraphics
  • <mendocinopi-ft6.1.0.0.7
ryzen_7035_processors_with_radeongraphics
  • <remembrandtpi-fp7.1.0.0.b
ryzen_threadripper_3000_series_processors
  • <castlepeakpl-sp3r3.1.0.0.b
AMD Ryzen™ 7045 Series Mobile Processors
  • <DragonRangeFL1 1.0.0.3e
AMD Ryzen™ 3000 Series Desktop Processors
  • ==various
AMD Ryzen™ 5000 Series Desktop Processors
  • <ComboAM4v2PI 1.2.0.cb
AMD Ryzen™ 7000 Series Desktop Processors
  • <ComboAM5PI 1.2.0.1
AMD Ryzen™ Threadripper™ PRO Processors
  • <CastlePeakWSPI-sWRX8 1.0.0.D
  • <ChagallWSPI-sWRX8 1.0.0.8
ryzen_threadripper_pro_3000wx_series_processors
  • <chagallwspi-swrx8.1.0.0.8
ryzen_8000_series_processors_with_radeongraphics
  • <comboam5pi.1.2.0.1
AMD Ryzen™ Threadripper™ 3000 Series Processors
  • <CastlePeakPI-SP3r3 1.0.0.B
ryzen_4000_series_mobile_processors_with_radeon_graphics
  • <renoirpi-fp6.1.0.0.e
ryzen_5000_series_mobile_processors_with_radeon_graphics
  • <cezannepi-fp6.1.0.1.1
ryzen_7030_series-mobile_processors_with_radeon_graphics
  • <cezannepi-fp6
ryzen_7040_series_mobile_processors_with_radeon_graphics
  • <phoenixpi-fp8-fp7.1.1.0.3
AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
  • <ChagallWSPI-sWRX8 1.0.0.8
athlon_3000_series_mobile_processors_with_radeon_graphics
  • <picasso-fp5.1.0.1.2
  • <pollockpi-ft5.1.0.0.8
ryzen_3000_series_desktop_processors_with_radeon_graphics
  • <picasso-fp5.1.0.1.2
ryzen_4000_series_desktop_processors_with_radeon_graphics
  • <comboam4v2pi.1.2.0.cb
ryzen_5000_series_desktop_processors_with_radeon_graphics
  • <comboam4v2pi.1.2.0.cb
  • ==various
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
  • <RembrandtPI-FP7 1.0.0.B
AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
  • <MendocinoPI-FT6 1.0.0.7
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
  • <RembrandtPI-FP7 1.0.0.B
AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics
  • <ComboAM5PI 1.2.0.1
AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
  • <Picasso-FP5 1.0.1.2
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
  • <RenoirPI-FP6 1.0.0.E
AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics
  • <ComboAM4v2PI 1.2.0.cb
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
  • <CezannePI-FP6 1.0.1.1
AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics
  • <CezannePI-FP6
AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
  • <PhoenixPI-FP8-FP7 1.1.0.3
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
  • <PollockPI-FT5 1.0.0.8
  • <Picasso-FP5 1.0.1.2
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
  • <ComboAM4v2PI 1.2.0.cb

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Untriaged
Permalink CVE-2021-46758
created 6 months ago
Insufficient validation of SPI flash addresses in the ASP (AMD …

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

References

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Untriaged
Permalink CVE-2023-20519
created 6 months ago
A Use-After-Free vulnerability in the management of an SNP guest …

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.

References

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Untriaged
Permalink CVE-2023-20592
created 6 months ago
Improper or unexpected behavior of the INVD instruction in some …

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

References

Affected products

  • ==various
PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Untriaged
Permalink CVE-2023-20571
created 6 months ago
A race condition in System Management Mode (SMM) code may …

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

References

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -