Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: stalwart-mail-enterprise

Found 6 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-26312
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 1 month, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 1 week ago
  • @LeSuisse removed package stalwart-cli 1 month, 1 week ago
  • @LeSuisse accepted 1 month, 1 week ago
  • @LeSuisse published on GitHub 1 month, 1 week ago
Stalwart Mail Server has Out-of-Memory Denial of Service via Malformed Nested MIME Messages

Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested `message/rfc822` MIME parts via IMAP or JMAP causes excessive CPU and memory consumption, potentially leading to an out-of-memory condition and server crash. The malformed structure causes the `mail-parser` crate to produce cyclical references in its parsed representation, which Stalwart then follows indefinitely. Version 0.15.5 contains a patch.

References

Affected products

stalwart
  • ==>= 0.13.0, < 0.15.5

Matching in nixpkgs

Ignored packages (1)

Package maintainers

Upstream advisory: https://github.com/stalwartlabs/stalwart/security/advisories/GHSA-jm95-876q-c9gw
Untriaged
Permalink CVE-2025-30896
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months, 1 week ago
WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP ERP: from n/a through 1.13.4.

References

Affected products

erp
  • =<1.13.4

Matching in nixpkgs

pkgs.lerpn

Curses RPN calculator written in straight Python

pkgs.serpl

Simple terminal UI for search and replace, ala VS Code

  • nixos-unstable -

pkgs.sherpa

Monte Carlo event generator for the Simulation of High-Energy Reactions of PArticles

  • nixos-unstable -

pkgs.makerpm

Clean, simple RPM packager reimplemented completely from scratch

  • nixos-unstable -

pkgs.serpent

Compiler for the Serpent language for Ethereum

pkgs.overpass

Font heavily inspired by Highway Gothic

  • nixos-unstable -

pkgs.overpush

Self-hosted, drop-in replacement for Pushover that can use XMPP

  • nixos-unstable -

pkgs.powerpipe

Dynamically query your cloud, code, logs & more with SQL

  • nixos-unstable -

pkgs.featherpad

Lightweight Qt5 Plain-Text Editor for Linux

  • nixos-unstable -

pkgs.filterpath

Retrieve a valid path from a messy piped line

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.ciderpress2

File archive utility for Apple II disk images and file archives

  • nixos-unstable -

pkgs.letterpress

Create beautiful ASCII art

  • nixos-unstable -

pkgs.pufferpanel

Free, open source game management panel

  • nixos-unstable -

pkgs.fingerprintx

Standalone utility for service discovery on open ports

  • nixos-unstable -

pkgs.hyperpotamus

YAML based HTTP script processing engine

  • nixos-unstable -

pkgs.etherpad-lite

Modern really-real-time collaborative document editor

  • nixos-unstable -

pkgs.open-interpreter

OpenAI's Code Interpreter in your terminal, running locally

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-45765
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months, 1 week ago
WordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6.

References

Affected products

erp
  • =<1.12.6

Matching in nixpkgs

pkgs.lerpn

Curses RPN calculator written in straight Python

pkgs.serpl

Simple terminal UI for search and replace, ala VS Code

  • nixos-unstable -

pkgs.sherpa

Monte Carlo event generator for the Simulation of High-Energy Reactions of PArticles

  • nixos-unstable -

pkgs.makerpm

Clean, simple RPM packager reimplemented completely from scratch

  • nixos-unstable -

pkgs.serpent

Compiler for the Serpent language for Ethereum

pkgs.overpass

Font heavily inspired by Highway Gothic

  • nixos-unstable -

pkgs.overpush

Self-hosted, drop-in replacement for Pushover that can use XMPP

  • nixos-unstable -

pkgs.powerpipe

Dynamically query your cloud, code, logs & more with SQL

  • nixos-unstable -

pkgs.featherpad

Lightweight Qt5 Plain-Text Editor for Linux

  • nixos-unstable -

pkgs.filterpath

Retrieve a valid path from a messy piped line

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.ciderpress2

File archive utility for Apple II disk images and file archives

  • nixos-unstable -

pkgs.letterpress

Create beautiful ASCII art

  • nixos-unstable -

pkgs.pufferpanel

Free, open source game management panel

  • nixos-unstable -

pkgs.fingerprintx

Standalone utility for service discovery on open ports

  • nixos-unstable -

pkgs.hyperpotamus

YAML based HTTP script processing engine

  • nixos-unstable -

pkgs.etherpad-lite

Modern really-real-time collaborative document editor

  • nixos-unstable -

pkgs.open-interpreter

OpenAI's Code Interpreter in your terminal, running locally

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2024-47640
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months, 1 week ago
WordPress WP ERP plugin <= 1.13.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2.

References

Affected products

erp
  • =<1.13.2

Matching in nixpkgs

pkgs.lerpn

Curses RPN calculator written in straight Python

pkgs.serpl

Simple terminal UI for search and replace, ala VS Code

  • nixos-unstable -

pkgs.sherpa

Monte Carlo event generator for the Simulation of High-Energy Reactions of PArticles

  • nixos-unstable -

pkgs.makerpm

Clean, simple RPM packager reimplemented completely from scratch

  • nixos-unstable -

pkgs.serpent

Compiler for the Serpent language for Ethereum

pkgs.overpass

Font heavily inspired by Highway Gothic

  • nixos-unstable -

pkgs.overpush

Self-hosted, drop-in replacement for Pushover that can use XMPP

  • nixos-unstable -

pkgs.powerpipe

Dynamically query your cloud, code, logs & more with SQL

  • nixos-unstable -

pkgs.featherpad

Lightweight Qt5 Plain-Text Editor for Linux

  • nixos-unstable -

pkgs.filterpath

Retrieve a valid path from a messy piped line

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.ciderpress2

File archive utility for Apple II disk images and file archives

  • nixos-unstable -

pkgs.letterpress

Create beautiful ASCII art

  • nixos-unstable -

pkgs.pufferpanel

Free, open source game management panel

  • nixos-unstable -

pkgs.fingerprintx

Standalone utility for service discovery on open ports

  • nixos-unstable -

pkgs.hyperpotamus

YAML based HTTP script processing engine

  • nixos-unstable -

pkgs.etherpad-lite

Modern really-real-time collaborative document editor

  • nixos-unstable -

pkgs.open-interpreter

OpenAI's Code Interpreter in your terminal, running locally

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-34008
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months, 1 week ago
WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions.

References

Affected products

erp
  • =<1.12.3

Matching in nixpkgs

pkgs.lerpn

Curses RPN calculator written in straight Python

pkgs.serpl

Simple terminal UI for search and replace, ala VS Code

  • nixos-unstable -

pkgs.sherpa

Monte Carlo event generator for the Simulation of High-Energy Reactions of PArticles

  • nixos-unstable -

pkgs.makerpm

Clean, simple RPM packager reimplemented completely from scratch

  • nixos-unstable -

pkgs.serpent

Compiler for the Serpent language for Ethereum

pkgs.overpass

Font heavily inspired by Highway Gothic

  • nixos-unstable -

pkgs.overpush

Self-hosted, drop-in replacement for Pushover that can use XMPP

  • nixos-unstable -

pkgs.powerpipe

Dynamically query your cloud, code, logs & more with SQL

  • nixos-unstable -

pkgs.featherpad

Lightweight Qt5 Plain-Text Editor for Linux

  • nixos-unstable -

pkgs.filterpath

Retrieve a valid path from a messy piped line

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.ciderpress2

File archive utility for Apple II disk images and file archives

  • nixos-unstable -

pkgs.letterpress

Create beautiful ASCII art

  • nixos-unstable -

pkgs.pufferpanel

Free, open source game management panel

  • nixos-unstable -

pkgs.fingerprintx

Standalone utility for service discovery on open ports

  • nixos-unstable -

pkgs.hyperpotamus

YAML based HTTP script processing engine

  • nixos-unstable -

pkgs.etherpad-lite

Modern really-real-time collaborative document editor

  • nixos-unstable -

pkgs.open-interpreter

OpenAI's Code Interpreter in your terminal, running locally

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2024-21747
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months, 1 week ago
WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting: from n/a through 1.12.8.

References

Affected products

erp
  • =<1.12.8

Matching in nixpkgs

pkgs.lerpn

Curses RPN calculator written in straight Python

pkgs.serpl

Simple terminal UI for search and replace, ala VS Code

  • nixos-unstable -

pkgs.sherpa

Monte Carlo event generator for the Simulation of High-Energy Reactions of PArticles

  • nixos-unstable -

pkgs.makerpm

Clean, simple RPM packager reimplemented completely from scratch

  • nixos-unstable -

pkgs.serpent

Compiler for the Serpent language for Ethereum

pkgs.overpass

Font heavily inspired by Highway Gothic

  • nixos-unstable -

pkgs.overpush

Self-hosted, drop-in replacement for Pushover that can use XMPP

  • nixos-unstable -

pkgs.powerpipe

Dynamically query your cloud, code, logs & more with SQL

  • nixos-unstable -

pkgs.featherpad

Lightweight Qt5 Plain-Text Editor for Linux

  • nixos-unstable -

pkgs.filterpath

Retrieve a valid path from a messy piped line

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.ciderpress2

File archive utility for Apple II disk images and file archives

  • nixos-unstable -

pkgs.letterpress

Create beautiful ASCII art

  • nixos-unstable -

pkgs.pufferpanel

Free, open source game management panel

  • nixos-unstable -

pkgs.fingerprintx

Standalone utility for service discovery on open ports

  • nixos-unstable -

pkgs.hyperpotamus

YAML based HTTP script processing engine

  • nixos-unstable -

pkgs.etherpad-lite

Modern really-real-time collaborative document editor

  • nixos-unstable -

pkgs.open-interpreter

OpenAI's Code Interpreter in your terminal, running locally

  • nixos-unstable -

Package maintainers