Nixpkgs Security Tracker

Login with GitHub

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Permalink CVE-2004-2154
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed
    68 packages
    • apcupsd
    • cups-bjnp
    • cups-dymo
    • carps-cups
    • cups-zj-58
    • cups-browsed
    • cups-filters
    • cups-kyocera
    • cups-printers
    • gutenprintBin
    • cups-kyodialog
    • cups-pk-helper
    • gutenprint-bin
    • libcupsfilters
    • canon-cups-ufr2
    • cups-idprt-tspl
    • cups-pdf-to-pdf
    • cups-idprt-mt888
    • cups-idprt-mt890
    • cups-idprt-sp900
    • cups-idprt-barcode
    • brgenml1cupswrapper
    • mfc465cncupswrapper
    • cups-brother-dcpt310
    • cups-toshiba-estudio
    • dcp375cw-cupswrapper
    • mfc5890cncupswrapper
    • mfcj880dwcupswrapper
    • perlPackages.NetCUPS
    • mfc9140cdncupswrapper
    • mfcj470dw-cupswrapper
    • mfcl2700dncupswrapper
    • mfcl2720dwcupswrapper
    • mfcl2740dwcupswrapper
    • perl5Packages.NetCUPS
    • magicard-cups-driver
    • cups-brother-dcpt725dw
    • cups-brother-hl3170cdw
    • cups-brother-hll2350dw
    • cups-brother-hll2375dw
    • cups-kyocera-3500-4500
    • dcp9020cdw-cupswrapper
    • mfcj6510dw-cupswrapper
    • mfcl3770cdwcupswrapper
    • mfcl8690cdwcupswrapper
    • cups-brother-mfcl2710dw
    • cups-brother-mfcl2750dw
    • cups-brother-mfcl2800dw
    • perl538Packages.NetCUPS
    • perl540Packages.NetCUPS
    • cups-brother-dcp1610wlpr
    • cups-brother-dcpl3550cdw
    • python312Packages.pycups
    • python313Packages.pycups
    • python314Packages.pycups
    • mfcj470dwlpr.x86_64-linux
    • prometheus-apcupsd-exporter
    • cups-kyocera-ecosys-m552x-p502x
    • cups-brother-hl1110.x86_64-linux
    • cups-brother-hl1210w.x86_64-linux
    • cups-brother-hl2260d.x86_64-linux
    • cups-brother-hl3140cw.x86_64-linux
    • cups-brother-hll2340dw.x86_64-linux
    • home-assistant-component-tests.cups
    • cups-brother-hll3230cdw.x86_64-linux
    • home-assistant-component-tests.apcupsd
    • cups-kyocera-ecosys-m2x35-40-p2x35-40dnw
    • tests.home-assistant-component-tests.apcupsd
    1 month ago
  • @LeSuisse dismissed 1 month ago
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as …

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

References

Affected products

n/a
  • ==n/a
cups
  • <1.1.21
ubuntu_linux
  • ==4.10

Matching in nixpkgs

Package maintainers

Old issue. No impact on current stable branch.
Permalink CVE-2003-0063
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed
    3 packages
    • fontxfree86type1
    • font-xfree86-type1
    • xorg.fontxfree86type1
    1 month ago
  • @LeSuisse dismissed 1 month ago
The xterm terminal emulator in XFree86 4.2.0 and earlier allows …

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

References

Affected products

n/a
  • ==n/a
xfree86
  • =<4.2.0 
Old issue. No impact on current stable branch.
Permalink CVE-2026-2531
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed
    3 packages
    • python312Packages.mindsdb-evaluator
    • python313Packages.mindsdb-evaluator
    • python314Packages.mindsdb-evaluator
    1 month ago
  • @LeSuisse dismissed 1 month ago
MindsDB File Upload security.py clear_filename server-side request forgery

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue.

References

Affected products

MindsDB
  • ==25.14.0
  • ==25.14.1 
mindsdb/mindsdb is not present in nixpkgs.
Permalink CVE-2005-2354
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed
    45 packages
    • tests.hardeningFlags.sfa1StdenvUnsupp
    • tests.hardeningFlags.sfa3StdenvUnsupp
    • tests.hardeningFlags.fortifyStdenvUnsupp
    • tests.hardeningFlags.lchFastStdenvUnsupp
    • tests.hardeningFlags-gcc.sfa1StdenvUnsupp
    • tests.hardeningFlags-gcc.sfa3StdenvUnsupp
    • tests.hardeningFlags.fortify3StdenvUnsupp
    • tests.hardeningFlags-clang.sfa1StdenvUnsupp
    • tests.hardeningFlags-clang.sfa3StdenvUnsupp
    • tests.hardeningFlags-gcc.fortifyStdenvUnsupp
    • tests.hardeningFlags-gcc.fortify3StdenvUnsupp
    • tests.hardeningFlags-clang.fortifyStdenvUnsupp
    • tests.hardeningFlags-clang.lchFastStdenvUnsupp
    • tests.hardeningFlags-clang.fortify3StdenvUnsupp
    • tests.hardeningFlags.stackProtectorStdenvUnsupp
    • tests.hardeningFlags.glibcxxassertionsStdenvUnsupp
    • tests.hardeningFlags-gcc.stackProtectorStdenvUnsupp
    • tests.hardeningFlags.sfa1StdenvUnsuppUnsupportsSfa3
    • tests.hardeningFlags-clang.stackProtectorStdenvUnsupp
    • tests.hardeningFlags.sfa3StdenvUnsuppDoesntUnsuppSfa1
    • tests.hardeningFlags.stackClashProtectionStdenvUnsupp
    • tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp
    • tests.hardeningFlags-gcc.sfa1StdenvUnsuppUnsupportsSfa3
    • tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp
    • tests.hardeningFlags-clang.sfa1StdenvUnsuppUnsupportsSfa3
    • tests.hardeningFlags-gcc.sfa3StdenvUnsuppDoesntUnsuppSfa1
    • tests.hardeningFlags-gcc.stackClashProtectionStdenvUnsupp
    • tests.hardeningFlags.fortifyStdenvUnsuppUnsupportsFortify3
    • tests.hardeningFlags-clang.sfa3StdenvUnsuppDoesntUnsuppSfa1
    • tests.hardeningFlags-clang.stackClashProtectionStdenvUnsupp
    • tests.hardeningFlags.fortify3StdenvUnsuppDoesntUnsuppFortify1
    • tests.hardeningFlags.sfa3StdenvUnsuppDoesntUnsuppSfa1ExecTest
    • tests.hardeningFlags-gcc.fortifyStdenvUnsuppUnsupportsFortify3
    • tests.hardeningFlags.lchFastStdenvUnsuppUnsupportsLchExtensive
    • tests.hardeningFlags-clang.fortifyStdenvUnsuppUnsupportsFortify3
    • tests.hardeningFlags-gcc.fortify3StdenvUnsuppDoesntUnsuppFortify1
    • tests.hardeningFlags-gcc.sfa3StdenvUnsuppDoesntUnsuppSfa1ExecTest
    • tests.hardeningFlags-clang.fortify3StdenvUnsuppDoesntUnsuppFortify1
    • tests.hardeningFlags-clang.sfa3StdenvUnsuppDoesntUnsuppSfa1ExecTest
    • tests.hardeningFlags.lchExtensiveStdenvUnsuppDoesntUnsupportLchFast
    • tests.hardeningFlags-clang.lchFastStdenvUnsuppUnsupportsLchExtensive
    • tests.hardeningFlags.fortify3StdenvUnsuppDoesntUnsuppFortify1ExecTest
    • tests.hardeningFlags-clang.lchExtensiveStdenvUnsuppDoesntUnsupportLchFast
    • tests.hardeningFlags-gcc.fortify3StdenvUnsuppDoesntUnsuppFortify1ExecTest
    • tests.hardeningFlags-clang.fortify3StdenvUnsuppDoesntUnsuppFortify1ExecTest
    1 month ago
  • @LeSuisse dismissed 1 month ago
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which …

Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.

References

Affected products

Nvu
  • ==0.99+1.0pre 
Old issue, no impact on the current stable branch.
Permalink CVE-1999-0084
8.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed
    15 packages
    • python312Packages.pynfsclient
    • perl538Packages.FileNFSLock
    • perl5Packages.FileNFSLock
    • perlPackages.FileNFSLock
    • mkinitcpio-nfs-utils
    • nfs-ganesha
    • nfs-utils
    • openfst
    • unfs3
    • libnfs
    • svnfs
    • nfstrace
    • unionfs-fuse
    • coqPackages.InfSeqExt
    • perl540Packages.FileNFSLock
    1 month ago
  • @LeSuisse dismissed 1 month ago
Certain NFS servers allow users to use mknod to gain …

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

References

Affected products

n/a
  • ==n/a
nfs
  • <4.1.3 
Old issue. Unclear what was impacted but it is very unlikely something in the current stable branch is.
Permalink CVE-1999-0038
8.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed package xlockmore 1 month ago
  • @LeSuisse dismissed 1 month ago
Buffer overflow in xlock program allows local users to execute …

Buffer overflow in xlock program allows local users to execute commands as root.

References

Affected products

n/a
  • ==n/a
xlock
  • * 
Old issue. Current stable branch was never impacted.
Permalink CVE-1999-0036
8.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed package mairix 1 month ago
  • @LeSuisse dismissed 1 month ago
IRIX login program with a nonzero LOCKOUT parameter allows creation …

IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.

References

  • 990 x_refsource_OSVDB vdb-entry
  • H-106 third-party-advisory government-resource x_refsource_CIAC
  • 19970508-02-PX vendor-advisory x_refsource_SGI
  • sgi-lockout(557) vdb-entry x_refsource_XF
  • 990 x_refsource_OSVDB x_transferred vdb-entry
  • H-106 third-party-advisory x_transferred government-resource x_refsource_CIAC
  • 19970508-02-PX vendor-advisory x_transferred x_refsource_SGI
  • sgi-lockout(557) x_transferred vdb-entry x_refsource_XF
  • 990 x_refsource_OSVDB vdb-entry
  • H-106 third-party-advisory government-resource x_refsource_CIAC
  • 19970508-02-PX vendor-advisory x_refsource_SGI
  • sgi-lockout(557) vdb-entry x_refsource_XF
  • 990 x_refsource_OSVDB x_transferred vdb-entry
  • H-106 third-party-advisory x_transferred government-resource x_refsource_CIAC
  • 19970508-02-PX vendor-advisory x_transferred x_refsource_SGI
  • sgi-lockout(557) x_transferred vdb-entry x_refsource_XF
  • 19970508-02-PX vendor-advisory x_refsource_SGI
  • sgi-lockout(557) vdb-entry x_refsource_XF
  • 990 x_refsource_OSVDB vdb-entry
  • H-106 third-party-advisory government-resource x_refsource_CIAC
  • 990 x_refsource_OSVDB x_transferred vdb-entry
  • H-106 third-party-advisory x_transferred government-resource x_refsource_CIAC
  • 19970508-02-PX vendor-advisory x_transferred x_refsource_SGI
  • sgi-lockout(557) x_transferred vdb-entry x_refsource_XF

Affected products

n/a
  • ==n/a
irix
  • ==5.2
  • ==6.0
  • ==5.0
  • ==6.3
  • ==6.1
  • ==6.2
  • ==5.0.1
  • ==5.1.1
  • ==5.3
  • ==6.0.1
  • ==5.1
  • ==6.4 
Not present in nixpkgs. Old issue.
Permalink CVE-1999-0029
8.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed package mairix 1 month ago
  • @LeSuisse dismissed 1 month ago
root privileges via buffer overflow in ordist command on SGI …

root privileges via buffer overflow in ordist command on SGI IRIX systems.

References

Affected products

n/a
  • ==n/a
irix
  • * 
Not present in nixpkgs. Old issue.
Permalink CVE-2005-4890
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed
    40 packages
    • tests.hardeningFlags-clang.allExplicitDisabledShadowStack
    • tests.hardeningFlags-clang.shadowStackExplicitDisabled
    • tests.hardeningFlags-clang.shadowStackExplicitEnabled
    • tests.hardeningFlags.allExplicitDisabledShadowStack
    • tests.hardeningFlags-gcc.shadowStackExplicitEnabled
    • tests.hardeningFlags.shadowStackExplicitEnabled
    • tests.hardeningFlags-gcc.shadowStackExplicitDisabled
    • tests.hardeningFlags.shadowStackExplicitDisabled
    • tests.hardeningFlags-gcc.allExplicitDisabledShadowStack
    • obs-studio-plugins.obs-stroke-glow-shadow
    • su
    • qsudo
    • sudo-rs
    • psudohash
    • shadowenv
    • shadowfox
    • sudo-font
    • shadow-tls
    • darwin.sudo
    • gnome-sudoku
    • doas-sudo-shim
    • lxqt.lxqt-sudo
    • go-shadowsocks2
    • shadowsocks-rust
    • yaziPlugins.sudo
    • shadowsocks-libev
    • libsForQt5.ksudoku
    • kdePackages.ksudoku
    • typstPackages.shadowed
    • plasma5Packages.ksudoku
    • shadowsocks-v2ray-plugin
    • fishPlugins.plugin-sudope
    • haskellPackages.shadowsocks
    • typstPackages.shadowed_0_1_0
    • shadow
    • haskellPackages.Unixutils-shadow
    • wayfirePlugins.wayfire-shadows
    • typstPackages.shadowed_0_2_0
    • typstPackages.shadowed_0_1_2
    • typstPackages.shadowed_0_1_1
    1 month ago
  • @LeSuisse added package shadow 1 month ago
  • @LeSuisse dismissed 1 month ago
There is a possible tty hijacking in shadow 4.x before …

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

References

Affected products

sudo
  • ==1.x before 1.7.4
shadow
  • ==4.x before 4.1.5

Matching in nixpkgs

Package maintainers

Old issue. Never impacted the current stable branch.
Permalink CVE-1999-0039
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed package mairix 1 month ago
  • @LeSuisse dismissed 1 month ago
webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers …

webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.

References

Affected products

n/a
  • ==n/a
irix
  • ==0 
Not present in nixpkgs. Old issue.