Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2022-23830
1.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
SMM configuration may not be immutable, as intended, when SNP …

SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.

References

Affected products

PI
  • ==various
  • ==various
AMD EPYC™ Embedded 7003
  • ==various
AMD EPYC™ Embedded 7003
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2023-20563
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Insufficient protections in System Management Mode (SMM) code may allow …

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

References

Affected products

PI
  • ==various
ryzen_embedded_5000
  • ==EmbAM4PI 1.0.0.3 (2023-07-31)
ryzen_embedded_r1000
  • ==EmbeddedPI-FP5 1.2.0.A (2023-07-31)
ryzen_embedded_r2000
  • ==EmbeddedPI-FP5 1.0.0.2 (2023-07-31)
ryzen_embedded_v3000
  • ==EmbeddedPI-FP7r2 1.0.0.6 (2023-09-15)
AMD Ryzen™ Embedded 5000
  • ==various
AMD Ryzen™ Embedded R1000
  • ==various
AMD Ryzen™ Embedded R2000
  • ==various
AMD Ryzen™ Embedded V3000
  • ==various
ryzen_7000_series_desktop_processors
  • ==ComboAM5 1.0.7.0 (2023-04-18)
ryzen_5000_series_processors_with_radeon_graphics
  • ==CezannePI-FP6 1.0.0.F (2023-06-20)
ryzen_6000_series_processors_with_radeon_graphics
  • ==RembrandtPI-FP7 1.0.0.9 (2023-05-16)
ryzen_7035_series_processors_with_radeon_graphics
  • ==RembrandtPI-FP7 1.0.0.9 (2023-05-16)
ryzen_5000_series_mobile_processors_with_radeon_graphics
  • ==CezannePI-FP6 1.0.0.F (2023-06-20)
ryzen_7030_series_mobile_processors_with_radeon_graphics
  • ==CezannePI-FP6 1.0.0.F (2023-06-20)
ryzen_7040_series_mobile_processors_with_radeon_graphics
  • ==PhoenixPI-FP8-FP7 PI 1.0.0.1g (2023-05-11)
ryzen_5000_series_desktop_processors_with_radeon_graphics
  • ==ComboAM4V2 1.2.0.B *(2023-08-25)

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2024-25914
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
WordPress SMTP Mail Plugin <= 1.3.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20.

References

Affected products

smtp-mail
  • =<1.3.20

Matching in nixpkgs

Package maintainers

Permalink CVE-2023-31347
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 6 months ago
Due to a code bug in Secure_TSC, SEV firmware may …

Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.  

References

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2022-23821
created 6 months ago
Improper access control in System Management Mode (SMM) may allow …

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

References

Affected products

PI
  • ==various
AMD Ryzen™ Embedded 5000
  • ==various
AMD Ryzen™ Embedded R1000
  • ==various
AMD Ryzen™ Embedded R2000
  • ==various
AMD Ryzen™ Embedded V1000
  • ==various
AMD Ryzen™ Embedded V2000
  • ==various
AMD Ryzen™ Embedded V3000
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2023-20533
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 6 months ago
Insufficient DRAM address validation in System Management Unit (SMU) may …

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

References

Affected products

PI
  • ==various
  • ==various
AMD EPYC™ Embedded 7002
  • ==various
AMD EPYC™ Embedded 7003
  • ==various
AMD EPYC™ Embedded 7002
  • ==various
  • ==various
AMD EPYC™ Embedded 7003
  • ==various
  • ==various
AMD Ryzen™ Embedded 5000
  • ==various
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

  • nixos-unstable -
Permalink CVE-2024-1454
3.4 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
Opensc: memory use after free in authentic driver when updating token info

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

References

Affected products

opensc
  • ==0.25.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

  • nixos-unstable -

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

  • nixos-unstable -

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-1062
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

References

Affected products

389-ds:1.4
  • *
389-ds-base
  • ==2.2.0
  • <2.2.*
  • =<2.2.*
  • *
redhat-ds:11
  • *
redhat-ds:12
  • *
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base

Matching in nixpkgs

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-1151
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Kernel: stack overflow problem in open vswitch kernel module leading to dos

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.

References

Affected products

kernel
  • *
  • ==6.8-rc4
kernel-rt
  • *

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-51415
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 3.2.2.

References

Affected products

give
  • =<3.2.2

Matching in nixpkgs