Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2023-31346
6.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Failure to initialize memory in SEV Firmware may allow a …

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

References

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2023-20565
created 6 months ago
Insufficient protections in System Management Mode (SMM) code may allow …

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

References

Affected products

PI
  • ==various
AMD Ryzen™ Embedded V3000
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2023-20579
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Improper Access Control in the AMD SPI protection feature may …

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

References

Affected products

PI
  • ==Various
  • ==various
  • ==various
AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
  • ==various
AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics
  • ==various
AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2023-20526
1.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Insufficient input validation in the ASP Bootloader may enable a …

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.

References

Affected products

PI
  • ==various
  • ==various
AMD EPYC™ Embedded 3000
  • ==various
  • ==various
AMD EPYC™ Embedded 7002
  • ==various
  • ==various
AMD EPYC™ Embedded 7003
  • ==various
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2022-23820
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Failure to validate the AMD SMM communication buffer may allow …

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

References

Affected products

PI
  • ==Various
  • ==Various
  • ==various
  • ==various
AMD EPYC™ Embedded 7003
  • ==various
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2021-46774
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): HIGH
  • Availability impact (A): LOW
created 6 months ago
Insufficient DRAM address validation in System Management Unit (SMU) may …

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

References

Affected products

PI
  • ==various
  • ==various
AMD EPYC™ Embedded 3000
  • ==various
AMD EPYC™ Embedded 7002
  • ==various
AMD EPYC™ Embedded 7003
  • ==various
AMD Ryzen™ Embedded 5000
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2021-26345
1.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months ago
Failure to validate the value in APCB may allow a …

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

References

Affected products

PI
  • ==various
  • ==various
AMD EPYC™ Embedded 7002
  • ==various
AMD EPYC™ Embedded 7003
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2021-46766
2.5 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Improper clearing of sensitive data in the ASP Bootloader may …

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

References

Affected products

PI
  • ==various
  • ==various
AMD EPYC™ Embedded 9003
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2023-20521
3.3 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months ago
TOCTOU in the ASP Bootloader may allow an attacker with …

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

References

Affected products

PI
  • ==various
  • ==various
AMD EPYC™ Embedded 3000
  • ==various
AMD EPYC™ Embedded 7002
  • ==various
AMD EPYC™ Embedded 7003
  • ==various
AMD Ryzen™ Embedded R1000
  • ==various
AMD Ryzen™ Embedded R2000
  • ==various
AMD Ryzen™ Embedded V1000
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2024-1485
6.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Registry-support: decompress can delete files outside scope via relative paths

A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope.

References

Affected products

odo
registry-support
  • ==1.16.2
openshift4/ose-console

Matching in nixpkgs

pkgs.odo

Developer-focused CLI for OpenShift and Kubernetes

  • nixos-unstable -

pkgs.todo

Simple todo cli program written in rust

  • nixos-unstable -

pkgs.ctodo

Simple ncurses-based task list manager

  • nixos-unstable -

pkgs.godot

Free and Open Source 2D and 3D game engine

pkgs.diodon

Aiming to be the best integrated clipboard manager for the Unity desktop

  • nixos-unstable -

pkgs.godot3

Free and Open Source 2D and 3D game engine (X11 tools)

  • nixos-unstable -

pkgs.komodo

Tool to build and deploy software on many servers

  • nixos-unstable -

pkgs.devtodo

Hierarchical command-line task manager

  • nixos-unstable -

pkgs.robodoc

Documentation Extraction Tool

pkgs.todoman

Standards-based task manager based on iCalendar

  • nixos-unstable -

pkgs.comodoro

CLI to manage your time

  • nixos-unstable -

pkgs.dadadodo

Markov chain-based text generator

  • nixos-unstable -

pkgs.mastodon

Self-hosted, globally interconnected microblogging software based on ActivityPub

  • nixos-unstable -

pkgs.todofi-sh

Todo-txt + Rofi = Todofi.sh

  • nixos-unstable -

pkgs.podofo_0_9

Library to work with the PDF file format

  • nixos-unstable -

pkgs.podofo_1_0

Library to work with the PDF file format

  • nixos-unstable -

pkgs.sleek-todo

Todo manager based on todo.txt syntax

  • nixos-unstable -

pkgs.godot3-mono

Free and Open Source 2D and 3D game engine (mono build)

  • nixos-unstable -

pkgs.podofo_0_10

Library to work with the PDF file format

  • nixos-unstable -

pkgs.godotpcktool

Standalone tool for extracting and creating Godot .pck files

  • nixos-unstable -

pkgs.libre-bodoni

Bodoni fonts adapted for today's web requirements

  • nixos-unstable -

pkgs.pomodoro-gtk

Simple and intuitive timer application (also named Planytimer)

  • nixos-unstable -

pkgs.autodock-vina

One of the fastest and most widely used open-source docking engines

  • nixos-unstable -

pkgs.godot3-server

Free and Open Source 2D and 3D game engine (server)

  • nixos-unstable -

pkgs.koodousfinder

Tool to allows users to search for and analyze Android apps

  • nixos-unstable -

pkgs.gnome-pomodoro

Time management utility for GNOME based on the pomodoro technique

  • nixos-unstable -

pkgs.godot3-headless

Free and Open Source 2D and 3D game engine (headless)

  • nixos-unstable -

pkgs.openpomodoro-cli

Command-line Pomodoro tracker which uses the Open Pomodoro Format

  • nixos-unstable -

pkgs.godot3-mono-server

Free and Open Source 2D and 3D game engine (mono server)

  • nixos-unstable -

pkgs.godot3-debug-server

Free and Open Source 2D and 3D game engine (debug server)

  • nixos-unstable -

pkgs.gnomeExtensions.todo

Lightweight and user-friendly extension designed to help you manage your tasks efficiently. With a minimalistic interface, it allows you to add, modify, and delete tasks effortlessly. No complicated settings, just pure productivity!

  • nixos-unstable -
    • nixpkgs-unstable 5

Package maintainers