Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2024-50431
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
WordPress Breeze plugin <= 2.1.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.14.

References

Affected products

breeze
  • =<2.1.14

Matching in nixpkgs

pkgs.kdePackages.breeze

Artwork, styles and assets for the Breeze visual style for the Plasma Desktop

  • nixos-unstable -
Permalink CVE-2024-10041
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Pam: libpam: libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

References

Affected products

pam
  • <1.6.0
  • *

Matching in nixpkgs

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.opam

Package manager for OCaml

  • nixos-unstable -

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

  • nixos-unstable -

pkgs.dspam

Community Driven Antispam Filter

  • nixos-unstable -

pkgs.pamix

Pulseaudio terminal mixer

  • nixos-unstable -

pkgs.rspamd

Advanced spam filtering system

  • nixos-unstable -

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

pkgs.pam_p11

Authentication with PKCS#11 modules

  • nixos-unstable -

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

  • nixos-unstable -

pkgs.pamixer

Pulseaudio command line mixer

  • nixos-unstable -

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

  • nixos-unstable -

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

  • nixos-unstable -

pkgs.opam2json

Convert opam file syntax to JSON

  • nixos-unstable -

pkgs.pam_gnupg

Unlock GnuPG keys on login

  • nixos-unstable -

pkgs.pam_mount

PAM module to mount volumes for a user session

  • nixos-unstable -

pkgs.pam_mysql

PAM authentication module against a MySQL database

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

pkgs.pamtester

Utility program to test the PAM facility

  • nixos-unstable -

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

  • nixos-unstable -
    • nixpkgs-unstable 10

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

  • nixos-unstable -

pkgs.pam_rundir

Provide user runtime directory on Linux systems

  • nixos-unstable -

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

  • nixos-unstable -

pkgs.apparmor-pam

Mandatory access control system - PAM service

  • nixos-unstable -

pkgs.opam-publish

Tool to ease contributions to opam repositories

  • nixos-unstable -

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

  • nixos-unstable -

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

  • nixos-unstable -

pkgs.opam-installer

Handle (un)installation from opam install files

  • nixos-unstable -

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

  • nixos-unstable -

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training

Package maintainers

Permalink CVE-2024-6519
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.

References

Affected products

qemu
qemu-kvm
qemu-kvm-ma
virt:av/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

  • nixos-unstable -

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

Package maintainers

Permalink CVE-2024-49241
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
WordPress Tito plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tady Walsh Tito allows DOM-Based XSS.This issue affects Tito: from n/a through 2.3.

References

Affected products

tito
  • =<2.3

Matching in nixpkgs

pkgs.flatito

Grep for keys in YAML and JSON files

  • nixos-unstable -

pkgs.adif-multitool

Command-line program for working with ham logfiles

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-22034
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 6 months ago
Crafted projects can overwrite special files in the .osc config directory

Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim

References

Affected products

osc
  • <1.9.0-150400.10.6.1
  • <1.9.0-1.1
  • <0.183.0-15.18.1

Matching in nixpkgs

pkgs.osc

Command line tool to access the system clipboard from anywhere using the ANSI OSC52 sequence

  • nixos-unstable -

pkgs.OSCAR

Software for reviewing and exploring data produced by CPAP and related machines used in the treatment of sleep apnea

  • nixos-unstable -

pkgs.oscar

Software for reviewing and exploring data produced by CPAP and related machines used in the treatment of sleep apnea

  • nixos-unstable -

pkgs.c-blosc

Blocking, shuffling and loss-less compression library

  • nixos-unstable -

pkgs.ergoscf

Quantum chemistry program for large-scale self-consistent field calculations

  • nixos-unstable -

pkgs.osc-cli

Official Outscale CLI providing connectors to Outscale API

  • nixos-unstable -

pkgs.oscclip

Program that allows to copy/paste from a terminal using osc-52 control sequences

  • nixos-unstable -

pkgs.xoscope

Oscilloscope through the sound card

  • nixos-unstable -

pkgs.badtouch

Scriptable network authentication cracker

  • nixos-unstable -

pkgs.c-blosc2

Fast, compressed, persistent binary data store library for C

pkgs.octoscan

Static vulnerability scanner for GitHub action workflows

  • nixos-unstable -

pkgs.oscavmgr

Face tracking & utilities for Resonite and VRChat

  • nixos-unstable -

pkgs.talosctl

CLI for out-of-band management of Kubernetes nodes created by Talos

  • nixos-unstable -

pkgs.touchosc

Next generation modular control surface

pkgs.cytoscape

General platform for complex network analysis and visualization

  • nixos-unstable -

pkgs.picoscope

Oscilloscope application that works with all PicoScope models

pkgs.pyroscope

Continuous profiling platform; debug performance issues down to a single line of code

  • nixos-unstable -

pkgs.authoscope

Scriptable network authentication cracker

  • nixos-unstable -

pkgs.diffoscope

Perform in-depth comparison of files, archives, and directories

  • nixos-unstable -

pkgs.hdf5-blosc

Filter for HDF5 that uses the Blosc compressor

  • nixos-unstable -

pkgs.nethoscope

Listen to your network traffic

  • nixos-unstable -

pkgs.microscheme

Scheme subset for Atmel microcontrollers

  • nixos-unstable -

pkgs.exoscale-cli

Command-line tool for everything at Exoscale: compute, storage, dns

  • nixos-unstable -

pkgs.vokoscreen-ng

User friendly Open Source screencaster for Linux and Windows

  • nixos-unstable -

pkgs.mpvScripts.uosc

Feature-rich minimalist proximity-based UI for MPV player

  • nixos-unstable -

pkgs.iio-oscilloscope

GTK+ based oscilloscope application for interfacing with various IIO devices

  • nixos-unstable -

pkgs.diffoscopeMinimal

Perform in-depth comparison of files, archives, and directories

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-pyroscope-app

Integrate seamlessly with Pyroscope, the open-source continuous profiling platform, providing a smooth, query-less experience for browsing and analyzing profiling data

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-32190
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable

mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.

References

Affected products

mlocate
  • <0.26-37.1
opensuse_tumbleweed
  • <0.26-37.1

Matching in nixpkgs

pkgs.mlocate

Merging locate is an utility to index and quickly search for files

  • nixos-unstable -
Permalink CVE-2024-22029
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
tomcat packaging allows for escalation to root from tomcat user

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

References

Affected products

tomcat
  • <9.0.85-150200.57.1
  • <9.0.85-3.1

Matching in nixpkgs

pkgs.tomcat9

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat10

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat11

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat-native

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-9676
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

References

Affected products

cri-o
  • *
conmon
podman
  • *
skopeo
buildah
  • *
containers/storage
  • <1.55.1
container-tools:rhel8
  • *
quay/quay-builder-rhel8
ocp-tools-4/jenkins-rhel8
container-tools:rhel8/conmon
container-tools:rhel8/podman
container-tools:rhel8/skopeo
container-tools:rhel8/buildah
openshift4/ose-docker-builder
  • *
jenkins-agent-base-rhel9-container
openshift4/ose-docker-builder-rhel9
  • *
ocp-tools-4/jenkins-agent-base-rhel8

Matching in nixpkgs

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

  • nixos-unstable -

pkgs.conmon

OCI container runtime monitor

  • nixos-unstable -

pkgs.podman

Program for managing pods, containers and container images

  • nixos-unstable -

pkgs.skopeo

Command line utility for various operations on container images and image repositories

  • nixos-unstable -

pkgs.buildah

Tool which facilitates building OCI images

  • nixos-unstable -

pkgs.conmon-rs

OCI container runtime monitor written in Rust

  • nixos-unstable -

pkgs.podman-bootc

Streamlining podman+bootc interactions

  • nixos-unstable -

pkgs.podman-compose

Implementation of docker-compose with podman backend

  • nixos-unstable -

pkgs.podman-desktop

Graphical tool for developing on containers and Kubernetes

  • nixos-unstable -

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-9979
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Pyo3: risk of use-after-free in `borrowed` reads from python weak references

A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.

References

Affected products

pyo3
  • <0.22.4
python-rpds-py
python3.11-nh3
python3.11-rpds-py
python3.11-cryptography
python3.12-cryptography

Matching in nixpkgs

Package maintainers

Permalink CVE-2024-8376
created 6 months ago
Memory leak

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

References

Affected products

mosquitto
  • ==2.0.18
  • ==2.0.19

Matching in nixpkgs

pkgs.mosquitto

Open source MQTT v3.1/3.1.1/5.0 broker

  • nixos-unstable -

Package maintainers