Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2024-31386
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1.

References

Affected products

x-t9
  • =<1.19.0
i-max
  • =<1.6.2
decode
  • =<3.15.3
namaha
  • =<1.0.40
gridsby
  • =<1.3.0
i-excel
  • =<1.7.9
shopstar
  • =<1.1.33
citylogic
  • =<1.1.29
lightning
  • =<15.18.0
panoramic
  • =<1.1.56
emmet-lite
  • =<1.7.5
default-mag
  • =<1.3.5
sensible-wp
  • =<1.3.1
happenstance
  • =<3.0.1
sliding-door
  • =<3.3

Matching in nixpkgs

pkgs.decoder

"secrets" decoding for FRITZ!OS devices

pkgs.dmidecode

Tool that reads information about your system's hardware from the BIOS according to the SMBIOS/DMI standard

  • nixos-unstable -

pkgs.lightning

Run-time code generation library

  • nixos-unstable -

pkgs.clightning

Bitcoin Lightning Network implementation in C

  • nixos-unstable -

pkgs.tivodecode

Converts a .TiVo file (produced by TiVoToGo) to a normal MPEG file

pkgs.lightningcss

Extremely fast CSS parser, transformer, and minifier written in Rust

  • nixos-unstable -

pkgs.lightning-terminal

All-in-one Lightning node management tool that includes LND, Loop, Pool, Faraday, and Tapd

Package maintainers

Permalink CVE-2024-31253
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
WordPress WP OAuth Server (OAuth Authentication) plugin <= 4.3.3 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3.

References

Affected products

oauth2-provider
  • =<4.3.3

Matching in nixpkgs

Permalink CVE-2024-3446
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Qemu: virtio: dma reentrancy issue leads to double free vulnerability

A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.

References

Affected products

qemu
qemu-kvm
virt:rhel
  • *
qemu-kvm-ma
virt-devel:rhel
  • *
virt:av/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

  • nixos-unstable -

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

Package maintainers

Permalink CVE-2024-1233
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Jboss eap: wildfly-elytron has a ssrf security issue

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

References

Affected products

eap
wildfly
  • <32.0.0.Final
eap7-netty
  • *
eap7-wss4j
  • *
eap7-wildfly
  • *
eap7-undertow
  • *
eap7-hibernate
  • *
eap7-apache-cxf
  • *
eap7-infinispan
  • *
eap7-hal-console
  • *
eap8-elytron-web
  • *
eap7-glassfish-el
  • *
eap7-jackson-core
  • *
eap7-xml-security
  • *
eap7-jboss-modules
  • *
eap7-jboss-metadata
  • *
eap7-wildfly-elytron
  • *
eap7-wildfly-openssl
  • *
eap8-wildfly-elytron
  • *
eap7-jackson-databind
  • *
eap7-jboss-ejb-client
  • *
eap7-wildfly-discovery
  • *
eap7-jackson-annotations
  • *
eap7-wildfly-http-client
  • *
eap7-jackson-modules-base
  • *
eap7-jackson-modules-java8
  • *
eap7-wildfly-naming-client
  • *
eap7-wildfly-openssl-linux
  • *
eap7-jboss-jsf-api_2.3_spec
  • *
eap7-jboss-server-migration
  • *
eap7-jackson-jaxrs-providers
  • *
eap7-wildfly-transaction-client
  • *
org.wildfly.security/wildfly-elytron
  • *

Matching in nixpkgs

pkgs.reap

Run process until all its spawned processes are dead

pkgs.leaps

Pair programming tool and library written in Golang

  • nixos-unstable -

pkgs.reaper

Digital audio workstation

  • nixos-unstable -

pkgs.teapot

Table Editor And Planner, Or: Teapot

  • nixos-unstable -

pkgs.adreaper

Enumeration tool for Windows Active Directories

  • nixos-unstable -

pkgs.reaper-go

Application security testing framework

  • nixos-unstable -

pkgs.tuleap-cli

Command-line interface for the Tuleap API

  • nixos-unstable -

pkgs.libfreeaptx

Free Implementation of Audio Processing Technology codec (aptX)

  • nixos-unstable -

pkgs.python312Packages.deap

Novel evolutionary computation framework for rapid prototyping and testing of ideas

  • nixos-unstable -

pkgs.python313Packages.deap

Novel evolutionary computation framework for rapid prototyping and testing of ideas

  • nixos-unstable -

pkgs.gnomeExtensions.ideapad-controls

Control Lenovo IdeaPad laptops options: Conservation Mode, Camera Lock, Fn Lock, Touchpad Lock, USB charging

  • nixos-unstable -
    • nixpkgs-unstable 3

Package maintainers

Permalink CVE-2024-31308
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
WordPress WP Import Export Lite & WP Import Export plugin <= 3.9.26 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.

References

Affected products

wp-import-export-lite
  • =<3.9.26

Matching in nixpkgs

Permalink CVE-2024-31083
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Xorg-x11-server: user-after-free in procrenderaddglyphs

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.

References

Affected products

tigervnc
  • *
xwayland
  • ==23.2.5
xorg-server
  • ==21.1.12
xorg-x11-server
  • ==21.1.12
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

  • nixos-unstable -
Permalink CVE-2024-2312
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
GRUB2 does not call the module fini functions on exit, …

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

References

Affected products

grub2
  • <2.12-1ubuntu5

Matching in nixpkgs

pkgs.grub2_pvgrub_image

PvGrub2 image for booting PV Xen guests

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.grub2_pvhgrub_image

PvGrub2 image for booting PVH Xen guests

  • nixos-unstable -
    • nixpkgs-unstable

Package maintainers

Permalink CVE-2024-31080
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 6 months ago
Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

References

Affected products

tigervnc
  • *
xwayland
  • ==23.2.5
xorg-server
  • *
  • ==21.1.12
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

  • nixos-unstable -
Permalink CVE-2024-3296
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack

A timing-based side-channel exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

References

Affected products

bootc
upstream
389-ds-base
rust-bootupd
rust-openssl
  • *
rust-zincati
keylime-agent-rust
389-ds:1.4/389-ds-base
python3.12-cryptography
389-directory-server:next/389-ds-base
389-directory-server:stable/389-ds-base
389-directory-server:testing/389-ds-base

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

  • nixos-unstable -

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

  • nixos-unstable -

pkgs.podman-bootc

Streamlining podman+bootc interactions

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-31081
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 6 months ago
Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

References

Affected products

tigervnc
  • *
xwayland
  • ==23.2.5
xorg-server
  • ==1.7.0
  • ==21.1.12
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

  • nixos-unstable -