Nixpkgs Security Tracker

Permalink CVE-2015-7810

updated 1 month ago by @pyrox0 Activity log

Created automatic suggestion 1 month ago
@pyrox0 dismissed 1 month ago

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when …

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2015-7810 x_refsource_MISC
http://www.securityfocus.com/bid/72769 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/10/12/7 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2015-7810 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2015-7810 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2015-7810 x_transferred x_refsource_MISC
http://www.securityfocus.com/bid/72769 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/10/12/7 x_transferred x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2015-7810 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2015-7810 x_refsource_MISC
http://www.securityfocus.com/bid/72769 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/10/12/7 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2015-7810 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2015-7810 x_transferred x_refsource_MISC
http://www.securityfocus.com/bid/72769 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/10/12/7 x_transferred x_refsource_MISC

Affected products

libbluray

==1

Matching in nixpkgs

pkgs.libbluray

Library to access Blu-Ray disks for video playback

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0
nixos-25.11 1.3.4
- nixos-25.11-small 1.3.4
- nixpkgs-25.11-darwin 1.3.4

pkgs.libbluray-full

Library to access Blu-Ray disks for video playback

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0

Package maintainers

@abbradar Nikolay Amiantov <ab@fmap.me>
@amarshall Andrew Marshall <andrew@johnandrewmarshall.com>

Does not apply to nixpkgs versions

Permalink CVE-2013-2018

updated 1 month ago by @pyrox0 Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed package boinctui 1 month ago
@pyrox0 dismissed 1 month ago

Multiple SQL injection vulnerabilities in BOINC allow remote attackers to …

Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

http://www.openwall.com/lists/oss-security/2013/04/28/3 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/04/29/11 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/04/28/3 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/04/29/11 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/04/28/3 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/04/29/11 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/04/28/3 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/04/29/11 x_transferred x_refsource_MISC

Affected products

BOINC

==possibly 7.x and earlier

Matching in nixpkgs

pkgs.boinc

Free software for distributed and grid computing

nixos-unstable 8.2.8
- nixpkgs-unstable 8.2.8
- nixos-unstable-small 8.2.8
nixos-25.11 8.2.6
- nixos-25.11-small 8.2.6
- nixpkgs-25.11-darwin 8.2.6

pkgs.boinc-headless

Free software for distributed and grid computing

nixos-unstable 8.2.8
- nixpkgs-unstable 8.2.8
- nixos-unstable-small 8.2.8
nixos-25.11 8.2.6
- nixos-25.11-small 8.2.6
- nixpkgs-25.11-darwin 8.2.6

Ignored packages (1)

pkgs.boinctui

Curses based fullscreen BOINC manager

nixos-unstable 2.7.1-unstable-2023-12-14
- nixpkgs-unstable 2.7.1-unstable-2023-12-14
- nixos-unstable-small 2.7.1-unstable-2023-12-14
nixos-25.11 2.7.1-unstable-2023-12-14
- nixos-25.11-small 2.7.1-unstable-2023-12-14
- nixpkgs-25.11-darwin 2.7.1-unstable-2023-12-14

Package maintainers

@Luflosi Luflosi <luflosi@luflosi.de>

Do not apply to nixpkgs versions

Permalink CVE-2026-2650

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 1 month ago by @pyrox0 Activity log

Created automatic suggestion 1 month ago
@pyrox0 removed
19 packages
- netflix
- mkchromecast
- chrome-export
- go-chromecast
- xf86videoopenchrome
- chrome-token-signing
- chrome-pak-customizer
- xf86-video-openchrome
- xorg.xf86videoopenchrome
- ocamlPackages.chrome-trace
- noto-fonts-monochrome-emoji
- python312Packages.pychromecast
- python313Packages.pychromecast
- python314Packages.pychromecast
- ocamlPackages_latest.chrome-trace
- python312Packages.undetected-chromedriver
- python313Packages.undetected-chromedriver
- python314Packages.undetected-chromedriver
- grafanaPlugins.ventura-psychrometric-panel
1 month ago
@pyrox0 dismissed 1 month ago

Heap buffer overflow in Media in Google Chrome prior to …

Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

References

Affected products

Chrome

<145.0.7632.109

Matching in nixpkgs

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 145.0.7632.67
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.75
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 145.0.7632.67
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.75
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.electron-chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.0
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 145.0.7632.67
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.75
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-25.11 36.9.5
- nixos-25.11-small 36.9.5
- nixpkgs-25.11-darwin 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.3
- nixpkgs-unstable 37.10.3
- nixos-unstable-small 37.10.3
nixos-25.11 37.10.3
- nixos-25.11-small 37.10.3
- nixpkgs-25.11-darwin 37.10.3

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.0
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.5.2
- nixpkgs-unstable 39.5.2
- nixos-unstable-small 39.5.2
nixos-25.11 39.4.0
- nixos-25.11-small 39.5.2
- nixpkgs-25.11-darwin 39.5.2

pkgs.electron-chromedriver_40

WebDriver server for running Selenium tests on Chrome

nixos-unstable 40.3.0
- nixpkgs-unstable 40.3.0
- nixos-unstable-small 40.3.0
nixos-25.11 40.1.0
- nixos-25.11-small 40.3.0
- nixpkgs-25.11-darwin 40.3.0

Ignored packages (19)

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2025-12-21
- nixpkgs-unstable 2025-12-21
- nixos-unstable-small 2025-12-21
nixos-25.11 2022-10-31
- nixos-25.11-small 2022-10-31
- nixpkgs-25.11-darwin 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4
nixos-25.11 0.3.4
- nixos-25.11-small 0.3.4
- nixpkgs-25.11-darwin 0.3.4

pkgs.xf86videoopenchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5
nixos-25.11 1.1.5
- nixos-25.11-small 1.1.5
- nixpkgs-25.11-darwin 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24
nixos-25.11 2.0-unstable-2021-06-24
- nixos-25.11-small 2.0-unstable-2021-06-24
- nixpkgs-25.11-darwin 2.0-unstable-2021-06-24

pkgs.xf86-video-openchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.xorg.xf86videoopenchrome

None

nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2
nixos-25.11 3.20.2
- nixos-25.11-small 3.20.2
- nixpkgs-25.11-darwin 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000
nixos-25.11 3.000
- nixos-25.11-small 3.000
- nixpkgs-25.11-darwin 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9
nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python314Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.ocamlPackages_latest.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5
nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python314Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.1.0
- nixpkgs-unstable 5.1.0
- nixos-unstable-small 5.1.0
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@TomaSajt TomaSajt
@teutat3s teutat3s <teutates@mailbox.org>
@GGG-KILLER GGG <gggkiller2@gmail.com>

Does not apply to nixpkgs versions

Permalink CVE-2014-9192

updated 1 month ago by @pyrox0 Activity log

Created automatic suggestion 1 month ago
@pyrox0 removed package vtsls 1 month ago
@pyrox0 dismissed 1 month ago

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through …

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.

References

https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02 x_refsource_MISC
71591 vdb-entry x_refsource_BID
https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02 x_transferred x_refsource_MISC
71591 x_transferred vdb-entry x_refsource_BID
https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02
71591 vdb-entry x_refsource_BID
http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm
https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02 x_transferred x_refsource_MISC
71591 x_transferred vdb-entry x_refsource_BID
https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02
71591 vdb-entry x_refsource_BID
http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm
https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02 x_transferred x_refsource_MISC
71591 x_transferred vdb-entry x_refsource_BID

Affected products

VTS

<10.2.21
<9.1.19

n/a

==n/a

Ignored packages (1)

pkgs.vtsls

LSP wrapper for typescript extension of vscode.

nixos-unstable 0.2.9
- nixpkgs-unstable 0.2.9
- nixos-unstable-small 0.2.9
nixos-25.11 0.2.9
- nixos-25.11-small 0.2.9
- nixpkgs-25.11-darwin 0.2.9

Does not apply to nixpkgs

Permalink CVE-2014-3495

updated 1 month ago by @pyrox0 Activity log

Created automatic suggestion 1 month ago
@pyrox0 dismissed 1 month ago

duplicity 0.6.24 has improper verification of SSL certificates

References

https://security-tracker.debian.org/tracker/CVE-2014-3495 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495 x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3495 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2014-3495 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495 x_transferred x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3495 x_transferred x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2014-3495 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495 x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3495 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495 x_transferred x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3495 x_transferred x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2014-3495 x_transferred x_refsource_MISC

Affected products

duplicity

==0.6.24

Matching in nixpkgs

pkgs.duplicity

Encrypted bandwidth-efficient backup using the rsync algorithm

nixos-unstable 3.0.7
- nixpkgs-unstable 3.0.7
- nixos-unstable-small 3.0.7
nixos-25.11 3.0.7
- nixos-25.11-small 3.0.7
- nixpkgs-25.11-darwin 3.0.7

Package maintainers

@corngood David McFarland <corngood@gmail.com>

Does not affect current versions

Permalink CVE-2010-0737

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@pyrox0 removed
2 packages
- jboss_mysql_jdbc
- jboss
1 month ago
@pyrox0 accepted 1 month ago
@LeSuisse dismissed 1 month ago

A missing permission check was found in The CLI in …

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737 x_transferred x_refsource_MISC

Affected products

JBoss

==2.3.1

Ignored packages (2)

pkgs.jboss

Open Source J2EE application server

nixos-unstable 7.1.1.Final
- nixpkgs-unstable 7.1.1.Final
- nixos-unstable-small 7.1.1.Final
nixos-25.11 7.1.1.Final
- nixos-25.11-small 7.1.1.Final
- nixpkgs-25.11-darwin 7.1.1.Final

pkgs.jboss_mysql_jdbc

MySQL Connector/J

nixos-unstable 9.6.0
- nixpkgs-unstable 9.6.0
- nixos-unstable-small 9.6.0
nixos-25.11 9.4.0
- nixos-25.11-small 9.4.0
- nixpkgs-25.11-darwin 9.4.0

Only affects up to version 2.3.1

Permalink CVE-2012-5558

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@pyrox0 removed package smiley-sans 1 month ago
@pyrox0 accepted 1 month ago
@LeSuisse dismissed 1 month ago

Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions …

Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym.

References

http://drupal.org/node/1840892 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/11/20/4 x_refsource_MISC
http://drupal.org/node/1840954 x_refsource_MISC
http://drupal.org/node/1840956 x_refsource_MISC
http://drupal.org/node/1840892 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/11/20/4 x_transferred x_refsource_MISC
http://drupal.org/node/1840954 x_transferred x_refsource_MISC
http://drupal.org/node/1840956 x_transferred x_refsource_MISC
http://drupal.org/node/1840892 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/11/20/4 x_refsource_MISC
http://drupal.org/node/1840954 x_refsource_MISC
http://drupal.org/node/1840956 x_refsource_MISC
http://drupal.org/node/1840956 x_transferred x_refsource_MISC
http://drupal.org/node/1840892 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/11/20/4 x_transferred x_refsource_MISC
http://drupal.org/node/1840954 x_transferred x_refsource_MISC

Affected products

Smiley

==6.x-1.x versions prior to 6.x-1.1

Smileys

==6.x-1.x versions prior to 6.x-1.1

Ignored packages (1)

pkgs.smiley-sans

Condensed and oblique Chinese typeface seeking a visual balance between the humanist and the geometric

nixos-unstable 2.0.1
- nixpkgs-unstable 2.0.1
- nixos-unstable-small 2.0.1
nixos-25.11 2.0.1
- nixos-25.11-small 2.0.1
- nixpkgs-25.11-darwin 2.0.1

Does not apply to the font.

Permalink CVE-2014-3655

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
5 packages
- terraform-providers.keycloak
- python312Packages.python-keycloak
- python313Packages.python-keycloak
- python314Packages.python-keycloak
- terraform-providers.keycloak_keycloak
1 month ago
@LeSuisse dismissed 1 month ago

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_transferred x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_transferred x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_transferred x_refsource_MISC

Affected products

KeyCloak

==Fixed in version 1.1.0-Alpha1

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.5.3
- nixpkgs-unstable 26.5.3
- nixos-unstable-small 26.5.3
nixos-25.11 26.5.3
- nixos-25.11-small 26.5.3
- nixpkgs-25.11-darwin 26.5.3

Ignored packages (5)

pkgs.terraform-providers.keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.6.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0
nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python314Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.terraform-providers.keycloak_keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.6.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

Package maintainers

@leona-ya Leona Maroni <nix@leona.is>
@NickCao Nick Cao <nickcao@nichi.co>
@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>

Current stable branch was never impacted

https://github.com/NixOS/nixpkgs/commit/efc7ecaf9c79f655737104ecabaea761afe81a7b

Permalink CVE-2026-2665

6.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
2 packages
- python312Packages.firebase-admin
- python313Packages.firebase-admin
1 month ago
@LeSuisse dismissed 1 month ago

huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

References

https://github.com/huanzi-qch/base-admin/ product
VDB-346462 | huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload vdb-entry technical-description
VDB-346462 | CTI Indicators (IOB, IOC, TTP, IOA) signature permissions-required
Submit #753240 | https://github.com/huanzi-qch/base-admin base-admin v1.0 Upload any file third-party-advisory
https://github.com/huanzi-qch/base-admin/issues/38 issue-tracking
https://github.com/huanzi-qch/base-admin/issues/38#issue-3905100373 issue-tracking exploit

Affected products

base-admin

==57a8126bb3353a004f3c7722089e3b926ea83596

Ignored packages (2)

pkgs.python312Packages.firebase-admin

Firebase Admin Python SDK

nixos-25.11 7.1.0
- nixos-25.11-small 7.1.0
- nixpkgs-25.11-darwin 7.1.0

pkgs.python313Packages.firebase-admin

Firebase Admin Python SDK

nixos-unstable 7.1.0
- nixpkgs-unstable 7.1.0
- nixos-unstable-small 7.1.0
nixos-25.11 7.1.0
- nixos-25.11-small 7.1.0
- nixpkgs-25.11-darwin 7.1.0

Not present in nixpkgs

Permalink CVE-2025-15114

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
5 packages
- flaresolverr
- tests.arrayUtilities.isDeclaredMap.sameScopeDeclareSingletonMap
- tests.arrayUtilities.isDeclaredArray.sameScopeDeclareSingletonArray
- tests.arrayUtilities.isDeclaredMap.previousScopeDeclareSingletonMapFails
- tests.arrayUtilities.isDeclaredArray.previousScopeDeclareSingletonArrayFails
1 month ago
@LeSuisse dismissed 1 month ago

Ksenia Security Lares 4.0 Home Automation 1.6 PIN Exposure Vulnerability

Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

References

Zero Science Lab Disclosure (ZSL-2025-5929) third-party-advisory
VulnCheck Advisory: Ksenia Security Lares 4.0 Home Automation 1.6 PIN Exposure Vulnerability third-party-advisory
Zero Science Lab Disclosure (ZSL-2025-5929) third-party-advisory
VulnCheck Advisory: Ksenia Security Lares 4.0 Home Automation 1.6 PIN Exposure Vulnerability third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php exploit
Zero Science Lab Disclosure (ZSL-2025-5929) technical-description exploit
VulnCheck Advisory: Ksenia Security Lares 4.0 Home Automation 1.6 PIN Exposure Vulnerability third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php exploit

Affected products

lares

==1.6
==1.0.0.15

Ksenia Security Lares 4.0 Home Automation

==1.6
==1.0.0.15

Ignored packages (5)

pkgs.flaresolverr

Proxy server to bypass Cloudflare protection

nixos-unstable 3.4.6
- nixpkgs-unstable 3.4.6
- nixos-unstable-small 3.4.6
nixos-25.11 3.4.3
- nixos-25.11-small 3.4.3
- nixpkgs-25.11-darwin 3.4.3

pkgs.tests.arrayUtilities.isDeclaredMap.sameScopeDeclareSingletonMap

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.arrayUtilities.isDeclaredArray.sameScopeDeclareSingletonArray

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.arrayUtilities.isDeclaredMap.previousScopeDeclareSingletonMapFails

A wrapper around testers.testBuildFailure to simplify common use cases

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.arrayUtilities.isDeclaredArray.previousScopeDeclareSingletonArrayFails

A wrapper around testers.testBuildFailure to simplify common use cases

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Not present in nixpkgs

Dismissed suggestions

References

Affected products

Matching in nixpkgs

pkgs.libbluray

pkgs.libbluray-full

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.boinc

pkgs.boinc-headless

pkgs.boinctui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.chromedriver

pkgs.google-chrome

pkgs.electron-chromedriver

pkgs.curl-impersonate-chrome

pkgs.undetected-chromedriver

pkgs.electron-chromedriver_33

pkgs.electron-chromedriver_34

pkgs.electron-chromedriver_35

pkgs.electron-chromedriver_36

pkgs.electron-chromedriver_37

pkgs.electron-chromedriver_38

pkgs.electron-chromedriver_39

pkgs.electron-chromedriver_40

pkgs.netflix

pkgs.mkchromecast

pkgs.chrome-export

pkgs.go-chromecast

pkgs.xf86videoopenchrome

pkgs.chrome-token-signing

pkgs.chrome-pak-customizer

pkgs.xf86-video-openchrome

pkgs.xorg.xf86videoopenchrome

pkgs.ocamlPackages.chrome-trace

pkgs.noto-fonts-monochrome-emoji

pkgs.python312Packages.pychromecast

pkgs.python313Packages.pychromecast

pkgs.python314Packages.pychromecast

pkgs.ocamlPackages_latest.chrome-trace

pkgs.python312Packages.undetected-chromedriver

pkgs.python313Packages.undetected-chromedriver

pkgs.python314Packages.undetected-chromedriver

pkgs.grafanaPlugins.ventura-psychrometric-panel

Package maintainers

References

Affected products

pkgs.vtsls

References

Affected products

Matching in nixpkgs

pkgs.duplicity

Package maintainers

References

Affected products

pkgs.jboss

pkgs.jboss_mysql_jdbc

References

Affected products

pkgs.smiley-sans

References

Affected products

Matching in nixpkgs

pkgs.keycloak

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

pkgs.python313Packages.python-keycloak

pkgs.python314Packages.python-keycloak

pkgs.terraform-providers.keycloak_keycloak

Package maintainers

References

Affected products

pkgs.python312Packages.firebase-admin

pkgs.python313Packages.firebase-admin

References