Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2013-10005 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago Infinite loop in github.com/btcsuite/go-socks The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow. github.com/btcsuite/go-socks <0.0.0-20130808000456-233bccbb1abe github.com/btcsuitereleases/go-socks <0.0.0-20130808000456-233bccbb1abe CVE-2024-52337 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago CVE Program Container None tuned <2.24.1 * CVE-2024-49506 0.0 NONE CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago Fixed temporary file path in aeon-checks allows fixing of disk encryption key Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem tik <1.2.4 aeon-check <1.0.2 CVE-2024-52336 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. tuned <2.24.1 * CVE-2024-8553 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago Foreman: read-only access to entire db from templates A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information. foreman * CVE-2023-27456 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19. total =<2.1.19 pkgs.autotalent Real-time pitch correction LADSPA plugin (no MIDI control) nixos-unstable 0.2 nixos-unstable-small 0.2 nixpkgs-unstable 0.2 pkgs.haskellPackages.total Exhaustive pattern matching using lenses, traversals, and prisms nixos-unstable 1.0.6 nixos-unstable-small 1.0.6 nixpkgs-unstable 1.0.6 pkgs.emacsPackages.total-lines nixos-unstable 20171227.1239 nixos-unstable-small 20171227.1239 nixpkgs-unstable 20171227.1239 pkgs.haskellPackages.total-alternative Alternative interface for total versions of partial function on the Prelude nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1 pkgs.python311Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12 pkgs.python312Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12 pkgs.home-assistant-component-tests.totalconnect Open source home automation that puts local control and privacy first nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3 pkgs.python312Packages.total-connect-client.x86_64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.aarch64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.x86_64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.aarch64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 Package maintainers: 6 @Gabriella439 Gabriella Gonzalez <GenuineGabriella@gmail.com> @dotlambda Robert Schütz <rschuetz17@gmail.com> @michalrus Michal Rus <m@michalrus.com> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @Mic92 Jörg Thalheim <joerg@thalheim.io> @fabaff Fabian Affolter <mail@fabian-affolter.ch> CVE-2024-54245 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago WordPress Clients plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients allows Stored XSS.This issue affects Clients: from n/a through 1.1.4. clients =<1.1.4 pkgs.argus-clients Clients for ARGUS nixos-unstable 3.0.8.3 nixos-unstable-small 3.0.8.3 nixpkgs-unstable 3.0.8.3 pkgs.xorg.xlsclients nixos-unstable 1.1.5 nixos-unstable-small 1.1.5 nixpkgs-unstable 1.1.5 pkgs.haskellPackages.clientsession Securely store session data in a client-side cookie nixos-unstable 0.9.2.0 nixos-unstable-small 0.9.2.0 nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.wai-session-clientsession Session store based on clientsession nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 pkgs.haskellPackages.clientsession.x86_64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.x86_64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 Package maintainers: 1 @leenaars Michiel Leenaars <ml.software@leenaa.rs> CVE-2024-54322 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago WordPress Media Downloader plugin <= 0.4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through 0.4.7.4. media-downloader =<0.4.7.4 CVE-2024-45770 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Pcp: pmpost symlink attack allows escalating pcp to root user A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges. pcp * pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10 pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27 pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 Package maintainers: 5 @Rakesh4G Rakesh Gupta <rakeshgupta4u@gmail.com> @MikePlayle Mike Playle <mike@mythik.co.uk> @MatthewCroughan Matthew Croughan <matt@croughan.sh> @k0ral Koral <koral@mailoo.org> @lovek323 Jason O'Conal <jason@oconal.id.au> CVE-2024-45769 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Pcp: pmcd heap corruption through metric pmstore operations A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. pcp * pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10 pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27 pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 Package maintainers: 5 @Rakesh4G Rakesh Gupta <rakeshgupta4u@gmail.com> @MikePlayle Mike Playle <mike@mythik.co.uk> @MatthewCroughan Matthew Croughan <matt@croughan.sh> @k0ral Koral <koral@mailoo.org> @lovek323 Jason O'Conal <jason@oconal.id.au>
CVE-2013-10005 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago Infinite loop in github.com/btcsuite/go-socks The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow. github.com/btcsuite/go-socks <0.0.0-20130808000456-233bccbb1abe github.com/btcsuitereleases/go-socks <0.0.0-20130808000456-233bccbb1abe
CVE-2024-52337 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago CVE Program Container None tuned <2.24.1 *
CVE-2024-49506 0.0 NONE CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago Fixed temporary file path in aeon-checks allows fixing of disk encryption key Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem tik <1.2.4 aeon-check <1.0.2
CVE-2024-52336 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. tuned <2.24.1 *
CVE-2024-8553 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago Foreman: read-only access to entire db from templates A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information. foreman *
CVE-2023-27456 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19. total =<2.1.19 pkgs.autotalent Real-time pitch correction LADSPA plugin (no MIDI control) nixos-unstable 0.2 nixos-unstable-small 0.2 nixpkgs-unstable 0.2 pkgs.haskellPackages.total Exhaustive pattern matching using lenses, traversals, and prisms nixos-unstable 1.0.6 nixos-unstable-small 1.0.6 nixpkgs-unstable 1.0.6 pkgs.emacsPackages.total-lines nixos-unstable 20171227.1239 nixos-unstable-small 20171227.1239 nixpkgs-unstable 20171227.1239 pkgs.haskellPackages.total-alternative Alternative interface for total versions of partial function on the Prelude nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1 pkgs.python311Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12 pkgs.python312Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12 pkgs.home-assistant-component-tests.totalconnect Open source home automation that puts local control and privacy first nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3 pkgs.python312Packages.total-connect-client.x86_64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.aarch64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.x86_64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.aarch64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 Package maintainers: 6 @Gabriella439 Gabriella Gonzalez <GenuineGabriella@gmail.com> @dotlambda Robert Schütz <rschuetz17@gmail.com> @michalrus Michal Rus <m@michalrus.com> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @Mic92 Jörg Thalheim <joerg@thalheim.io> @fabaff Fabian Affolter <mail@fabian-affolter.ch>
pkgs.autotalent Real-time pitch correction LADSPA plugin (no MIDI control) nixos-unstable 0.2 nixos-unstable-small 0.2 nixpkgs-unstable 0.2
pkgs.haskellPackages.total Exhaustive pattern matching using lenses, traversals, and prisms nixos-unstable 1.0.6 nixos-unstable-small 1.0.6 nixpkgs-unstable 1.0.6
pkgs.emacsPackages.total-lines nixos-unstable 20171227.1239 nixos-unstable-small 20171227.1239 nixpkgs-unstable 20171227.1239
pkgs.haskellPackages.total-alternative Alternative interface for total versions of partial function on the Prelude nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1
pkgs.python311Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12
pkgs.python312Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12
pkgs.home-assistant-component-tests.totalconnect Open source home automation that puts local control and privacy first nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3
pkgs.python312Packages.total-connect-client.x86_64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
pkgs.python312Packages.total-connect-client.aarch64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
pkgs.python312Packages.total-connect-client.x86_64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
pkgs.python312Packages.total-connect-client.aarch64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
CVE-2024-54245 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago WordPress Clients plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients allows Stored XSS.This issue affects Clients: from n/a through 1.1.4. clients =<1.1.4 pkgs.argus-clients Clients for ARGUS nixos-unstable 3.0.8.3 nixos-unstable-small 3.0.8.3 nixpkgs-unstable 3.0.8.3 pkgs.xorg.xlsclients nixos-unstable 1.1.5 nixos-unstable-small 1.1.5 nixpkgs-unstable 1.1.5 pkgs.haskellPackages.clientsession Securely store session data in a client-side cookie nixos-unstable 0.9.2.0 nixos-unstable-small 0.9.2.0 nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.wai-session-clientsession Session store based on clientsession nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 pkgs.haskellPackages.clientsession.x86_64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.x86_64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 Package maintainers: 1 @leenaars Michiel Leenaars <ml.software@leenaa.rs>
pkgs.argus-clients Clients for ARGUS nixos-unstable 3.0.8.3 nixos-unstable-small 3.0.8.3 nixpkgs-unstable 3.0.8.3
pkgs.haskellPackages.clientsession Securely store session data in a client-side cookie nixos-unstable 0.9.2.0 nixos-unstable-small 0.9.2.0 nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.wai-session-clientsession Session store based on clientsession nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1
pkgs.haskellPackages.clientsession.x86_64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.aarch64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.x86_64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.aarch64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0
CVE-2024-54322 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago WordPress Media Downloader plugin <= 0.4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through 0.4.7.4. media-downloader =<0.4.7.4
CVE-2024-45770 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Pcp: pmpost symlink attack allows escalating pcp to root user A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges. pcp * pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10 pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27 pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 Package maintainers: 5 @Rakesh4G Rakesh Gupta <rakeshgupta4u@gmail.com> @MikePlayle Mike Playle <mike@mythik.co.uk> @MatthewCroughan Matthew Croughan <matt@croughan.sh> @k0ral Koral <koral@mailoo.org> @lovek323 Jason O'Conal <jason@oconal.id.au>
pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0
pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10
pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27
pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30
pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30
CVE-2024-45769 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Pcp: pmcd heap corruption through metric pmstore operations A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. pcp * pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10 pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27 pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30 Package maintainers: 5 @Rakesh4G Rakesh Gupta <rakeshgupta4u@gmail.com> @MikePlayle Mike Playle <mike@mythik.co.uk> @MatthewCroughan Matthew Croughan <matt@croughan.sh> @k0ral Koral <koral@mailoo.org> @lovek323 Jason O'Conal <jason@oconal.id.au>
pkgs.pcp Command line peer-to-peer data transfer tool based on libp2p nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0
pkgs.ncmpcpp Featureful ncurses based MPD client inspired by ncmpc nixos-unstable 0.10 nixos-unstable-small 0.10 nixpkgs-unstable 0.10
pkgs.libamqpcpp Library for communicating with a RabbitMQ server nixos-unstable 4.3.27 nixos-unstable-small 4.3.27 nixpkgs-unstable 4.3.27
pkgs.python311Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30
pkgs.python312Packages.pcpp C99 preprocessor written in pure Python nixos-unstable 1.30 nixos-unstable-small 1.30 nixpkgs-unstable 1.30