Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2023-31315
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Improper validation in a model specific register (MSR) could allow …

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

References

Affected products

PI
  • <Milan PI 1.0.0.D
epyc_embedded_3000
  • ==various
epyc_embedded_7002
  • ==various
epyc_embedded_7003
  • ==various
epyc_embedded_9003
  • <emgenoa.pi.1.0.0.7
  • ==various
ryzen_embedded_5000
  • ==various
ryzen_embedded_7000
  • ==various
ryzen_embedded_r1000
  • ==various
ryzen_embedded_r2000
  • ==various
ryzen_embedded_v1000
  • ==various
ryzen_embedded_v2000
  • ==various
ryzen_embedded_v3000
  • ==various
AMD EPYC™ Embedded 3000
  • ==various
AMD EPYC™ Embedded 7002
  • ==various
AMD EPYC™ Embedded 7003
  • ==various
AMD EPYC™ Embedded 9003
  • <EmbGenoaPI 1.0.0.7
AMD Ryzen™ Embedded 5000
  • ==various
AMD Ryzen™ Embedded 7000
  • ==various
1st_gen_amd_epyc_processors
  • <naples.pi.1.0.0.m
2nd_gen_amd_epyc_processors
  • <rome.pi.1.0.0.j
3rd_gen_amd_epyc_processors
  • <milan.pi.1.0.0.d
4th_gen_amd_epyc_processors
  • <genoa_pi_1.0.0.c
AMD Ryzen™ Embedded R1000
  • ==various
AMD Ryzen™ Embedded R2000
  • ==various
AMD Ryzen™ Embedded V1000
  • ==various
AMD Ryzen™ Embedded V2000
  • ==various
AMD Ryzen™ Embedded V3000
  • ==various
ryzen_7000_desktop_processors
  • <comboam5pi.1.2.0.1
1st Gen AMD EPYC™ Processors
  • <Naples PI 1.0.0.M
2nd Gen AMD EPYC™ Processors
  • <Rome PI 1.0.0.J
4th Gen AMD EPYC™ Processors
  • <Genoa PI 1.0.0.C
ryzen_threadripper_pro_processors
  • <castlepeakwspi-swrx8.1.0.0.8
  • <chagallwspi-swrx8.1.0.0.8
ryzen_7045_series_mobile_processors
  • <dragonrangefl1.1.0.0.3e
ryzen_3000_series_desktop_processors
  • ==various
ryzen_5000_series_desktop_processors
  • <comboam4v2pi.1.2.0.cb
  • ==various
ryzen_6000_processors_with_radeongraphics
  • <remembrandtpi-fp7.1.0.0.b
ryzen_7020_processors_with_radeongraphics
  • <mendocinopi-ft6.1.0.0.7
ryzen_7035_processors_with_radeongraphics
  • <remembrandtpi-fp7.1.0.0.b
ryzen_threadripper_3000_series_processors
  • <castlepeakpl-sp3r3.1.0.0.b
AMD Ryzen™ 7045 Series Mobile Processors
  • <DragonRangeFL1 1.0.0.3e
AMD Ryzen™ 3000 Series Desktop Processors
  • ==various
AMD Ryzen™ 5000 Series Desktop Processors
  • <ComboAM4v2PI 1.2.0.cb
AMD Ryzen™ 7000 Series Desktop Processors
  • <ComboAM5PI 1.2.0.1
AMD Ryzen™ Threadripper™ PRO Processors
  • <CastlePeakWSPI-sWRX8 1.0.0.D
  • <ChagallWSPI-sWRX8 1.0.0.8
ryzen_threadripper_pro_3000wx_series_processors
  • <chagallwspi-swrx8.1.0.0.8
ryzen_8000_series_processors_with_radeongraphics
  • <comboam5pi.1.2.0.1
AMD Ryzen™ Threadripper™ 3000 Series Processors
  • <CastlePeakPI-SP3r3 1.0.0.B
ryzen_4000_series_mobile_processors_with_radeon_graphics
  • <renoirpi-fp6.1.0.0.e
ryzen_5000_series_mobile_processors_with_radeon_graphics
  • <cezannepi-fp6.1.0.1.1
ryzen_7030_series-mobile_processors_with_radeon_graphics
  • <cezannepi-fp6
ryzen_7040_series_mobile_processors_with_radeon_graphics
  • <phoenixpi-fp8-fp7.1.1.0.3
AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
  • <ChagallWSPI-sWRX8 1.0.0.8
athlon_3000_series_mobile_processors_with_radeon_graphics
  • <picasso-fp5.1.0.1.2
  • <pollockpi-ft5.1.0.0.8
ryzen_3000_series_desktop_processors_with_radeon_graphics
  • <picasso-fp5.1.0.1.2
ryzen_4000_series_desktop_processors_with_radeon_graphics
  • <comboam4v2pi.1.2.0.cb
ryzen_5000_series_desktop_processors_with_radeon_graphics
  • <comboam4v2pi.1.2.0.cb
  • ==various
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
  • <RembrandtPI-FP7 1.0.0.B
AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
  • <MendocinoPI-FT6 1.0.0.7
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
  • <RembrandtPI-FP7 1.0.0.B
AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics
  • <ComboAM5PI 1.2.0.1
AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
  • <Picasso-FP5 1.0.1.2
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
  • <RenoirPI-FP6 1.0.0.E
AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics
  • <ComboAM4v2PI 1.2.0.cb
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
  • <CezannePI-FP6 1.0.1.1
AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics
  • <CezannePI-FP6
AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
  • <PhoenixPI-FP8-FP7 1.1.0.3
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
  • <PollockPI-FT5 1.0.0.8
  • <Picasso-FP5 1.0.1.2
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
  • <ComboAM4v2PI 1.2.0.cb

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2024-43167
2.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months ago
Unbound: null pointer dereference in unbound

A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

References

Affected products

rhcos
unbound
openstack-unbound-container
rhosp-rhel9/openstack-unbound
rhosp-rhel8-tech-preview/openstack-unbound

Matching in nixpkgs

pkgs.unbound

Validating, recursive, and caching DNS resolver

  • nixos-unstable -

pkgs.unbound-full

Validating, recursive, and caching DNS resolver

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-7006
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Libtiff: null pointer dereference in tif_dirinfo.c

A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.

References

Affected products

libtiff
  • ==4.0.9
  • ==4.4.0
  • *

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-43168
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Unbound: heap-buffer-overflow in unbound

A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.

References

Affected products

rhcos
unbound
openstack-unbound-container
designate-operator-container
rhosp-rhel9/openstack-unbound
designate-operator-bundle-container
rhosp-rhel8-tech-preview/openstack-unbound

Matching in nixpkgs

pkgs.unbound

Validating, recursive, and caching DNS resolver

  • nixos-unstable -

pkgs.unbound-full

Validating, recursive, and caching DNS resolver

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-5290
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
An issue was discovered in Ubuntu wpa_supplicant that resulted in …

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

References

Affected products

wpa
  • <2:2.6-15ubuntu2.8+esm1
  • <2:2.10-21ubuntu0.1
  • <2.4-0ubuntu6.8+esm1
  • <2:2.9-1ubuntu4.4
  • <2:2.10-6ubuntu2.1
  • <2.1-0ubuntu1.7+esm5
wpa_supplicant
  • <2:2.6-15ubuntu2.8+esm1
  • <2:2.10-21ubuntu0.1
  • <2.4-0ubuntu6.8+esm1
  • <2:2.9-1ubuntu4.4
  • <2:2.10-6ubuntu2.1
  • <2.1-0ubuntu1.7+esm5

Matching in nixpkgs

pkgs.wpaperd

Minimal wallpaper daemon for Wayland

  • nixos-unstable -

pkgs.cowpatty

Offline dictionary attack against WPA/WPA2 networks

  • nixos-unstable -

pkgs.vowpal-wabbit

Machine learning system focused on online reinforcement learning

  • nixos-unstable -

pkgs.python312Packages.vowpalwabbit

Vowpal Wabbit is a fast machine learning library for online learning, and this is the python wrapper for the project

  • nixos-unstable -

pkgs.python313Packages.vowpalwabbit

Vowpal Wabbit is a fast machine learning library for online learning, and this is the python wrapper for the project

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-7383
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Libnbd: nbd server improper certificate validation

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

References

Affected products

libnbd
  • <1.20.2
  • <1.18.5
  • *
virt:rhel
  • *
virt:av/libnbd
virt-devel:rhel
  • *
virt:rhel/libnbd

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

  • nixos-unstable -

Package maintainers

Permalink CVE-2021-46758
created 6 months ago
Insufficient validation of SPI flash addresses in the ASP (AMD …

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

References

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2022-47161
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.

References

Affected products

health-check
  • =<1.5.1

Matching in nixpkgs

pkgs.grpc-health-check

Minimal, high performance, memory-friendly, safe implementation of the gRPC health checking protocol

Package maintainers

Permalink CVE-2021-3429
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
sensitive data exposure in cloud-init logs

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.

References

Affected products

cloud-init
  • <21.2

Matching in nixpkgs

pkgs.cloud-init

Provides configuration and customization of cloud instance

  • nixos-unstable -

Package maintainers

Permalink CVE-2022-34148
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
WordPress Backup Guard Plugin <= 1.6.9.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin <= 1.6.9.0 versions.

References

Affected products

backup
  • =<1.6.9.0

Matching in nixpkgs

pkgs.ghbackup

Backup your GitHub repositories with a simple command-line application written in Go

  • nixos-unstable -

pkgs.dvdbackup

Tool to rip video DVDs from the command line

  • nixos-unstable -

pkgs.gb-backup

Gamer Backup, a super opinionated cloud backup system

pkgs.qr-backup

Utility to generate paper backup of files using QR codes

  • nixos-unstable -

pkgs.zfsbackup

Backup ZFS snapshots to cloud storage such as Google, Amazon, Azure, etc

pkgs.borgbackup

Deduplicating archiver with compression and encryption

  • nixos-unstable -

pkgs.luckybackup

Powerful, fast and reliable backup & sync tool

  • nixos-unstable -

pkgs.mylvmbackup

Tool for quickly creating full physical backups of a MySQL server's data files

  • nixos-unstable -

pkgs.storeBackup

Backup suite that stores files on other disks

  • nixos-unstable -

pkgs.rdiff-backup

Backup system trying to combine best a mirror and an incremental backup system

  • nixos-unstable -

pkgs.git-backup-go

Backup all your GitHub & GitLab repositories

  • nixos-unstable -

pkgs.virtnbdbackup

Backup utility for Libvirt/qemu/kvm

  • nixos-unstable -

pkgs.zfs-autobackup

ZFS backup, replicationand snapshot tool

  • nixos-unstable -

pkgs.automysqlbackup

Script to run daily, weekly and monthly backups for your MySQL database

  • nixos-unstable -

pkgs.urbackup-client

Easy to setup Open Source client/server backup system

  • nixos-unstable -

pkgs.one-click-backup

Simple Program to backup folders to an external location by copying them

pkgs.clickhouse-backup

Tool for easy ClickHouse backup and restore using object storage for backup files

  • nixos-unstable -

Package maintainers