Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: python312Packages.biliass

Found 3 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-11346
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 months ago
ILIAS Base64 Decoding unserialize deserialization

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 is able to mitigate this issue. It is advisable to upgrade the affected component.

References

Affected products

ILIAS
  • ==8.3
  • ==8.9
  • ==8.14
  • ==9.9
  • ==8.11
  • ==9.12
  • ==10.0
  • ==8.1
  • ==9.11
  • ==8.22
  • ==8.24
  • ==8.7
  • ==9.4
  • ==8.8
  • ==8.2
  • ==8.13
  • ==8.15
  • ==8.4
  • ==8.17
  • ==8.5
  • ==9.1
  • ==8.20
  • ==8.10
  • ==9.6
  • ==9.10
  • ==8.21
  • ==8.16
  • ==9.0
  • ==9.3
  • ==9.13
  • ==8.19
  • ==9.7
  • ==9.8
  • ==9.5
  • ==10.2
  • ==8.23
  • ==8.12
  • ==10.1
  • ==8.0
  • ==9.14
  • ==9.2
  • ==8.6
  • ==8.18

Matching in nixpkgs

Package maintainers

Permalink CVE-2025-11344
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 months ago
ILIAS Certificate Import Remote Code Execution

A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component.

References

Affected products

ILIAS
  • ==8.3
  • ==8.9
  • ==8.14
  • ==9.9
  • ==8.11
  • ==9.12
  • ==10.0
  • ==8.1
  • ==9.11
  • ==8.22
  • ==8.24
  • ==8.7
  • ==9.4
  • ==8.8
  • ==8.2
  • ==8.13
  • ==8.15
  • ==8.4
  • ==8.17
  • ==8.5
  • ==9.1
  • ==8.20
  • ==8.10
  • ==9.6
  • ==9.10
  • ==8.21
  • ==8.16
  • ==9.0
  • ==9.3
  • ==9.13
  • ==8.19
  • ==9.7
  • ==9.8
  • ==9.5
  • ==10.2
  • ==8.23
  • ==8.12
  • ==10.1
  • ==8.0
  • ==9.14
  • ==9.2
  • ==8.6
  • ==8.18

Matching in nixpkgs

Package maintainers

Permalink CVE-2025-11345
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 months ago
ILIAS Test Import unserialize deserialization

A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised.

References

Affected products

ILIAS
  • ==8.3
  • ==9.9
  • ==8.9
  • ==8.14
  • ==10.0
  • ==9.12
  • ==8.11
  • ==8.1
  • ==9.11
  • ==8.24
  • ==8.22
  • ==8.7
  • ==9.4
  • ==8.8
  • ==8.2
  • ==8.13
  • ==8.15
  • ==8.4
  • ==8.17
  • ==8.5
  • ==9.1
  • ==8.20
  • ==8.10
  • ==9.6
  • ==9.10
  • ==8.21
  • ==8.16
  • ==9.0
  • ==9.3
  • ==9.13
  • ==8.19
  • ==9.7
  • ==10.2
  • ==9.8
  • ==9.5
  • ==8.23
  • ==8.12
  • ==10.1
  • ==8.0
  • ==9.14
  • ==9.2
  • ==8.6
  • ==8.18

Matching in nixpkgs

Package maintainers