Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2024-7259 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Ovirt-engine: potential exposure of cleartext provider passwords via web ui A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. ovirt-engine <4.5.7 pkgs.rubyPackages.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 pkgs.rubyPackages_3_1.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_2.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_3.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_4.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 CVE-2024-5154 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @fricklerhandwerk accepted as draft 10 months, 1 week ago @fricklerhandwerk marked as untriaged 10 months, 1 week ago @fricklerhandwerk accepted as draft 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Cri-o: malicious container can create symlink on host A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. cri-o <1.28.7 <1.30.1 <1.29.5 * rhcos * conman conmon kernel * openshift * container-tools:rhel8/podman pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 Package maintainers: 2 @vdemeester Vincent Demeester <vincent@sbr.pm> @saschagrunert Sascha Grunert <mail@saschagrunert.de> CVE-2024-6861 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @fricklerhandwerk accepted as draft 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. foreman * <3.3 satellite:el8/foreman satellite-utils:el8/foreman satellite-capsule:el8/foreman CVE-2024-8418 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse accepted as draft 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime. rhcos aardvark-dns * containers-common containers/aardvark-dns ==1.12.1 ==1.12.0 container-tools:rhel8/aardvark-dns container-tools:rhel8/containers-common pkgs.aardvark-dns Authoritative dns server for A/AAAA container records nixos-unstable 1.13.1 nixos-unstable-small 1.13.1 nixpkgs-unstable 1.13.1 Package maintainers: 2 @vdemeester Vincent Demeester <vincent@sbr.pm> @saschagrunert Sascha Grunert <mail@saschagrunert.de> CVE-2023-23456 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Upx: heap-buffer-overflow in packtmt::pack() A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. upx * pkgs.upx Ultimate Packer for eXecutables nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4 CVE-2024-9341 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): LOW Availability impact (A): NONE updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 1 week ago @fricklerhandwerk dismissed 10 months, 1 week ago Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. cri-o * rhcos * podman * buildah * container-tools:rhel8 * container-tools:rhel8/podman github.com/containers/common <0.60.4 container-tools:rhel8/buildah openshift4/ose-docker-builder openshift4/ose-docker-builder-rhel9 pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.podman Program for managing pods, containers and container images nixos-unstable 5.3.1 nixos-unstable-small 5.3.1 nixpkgs-unstable 5.3.1 pkgs.buildah Tool which facilitates building OCI images nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0 pkgs.podman-tui Podman Terminal UI nixos-unstable 1.3.0 nixos-unstable-small 1.3.0 nixpkgs-unstable 1.3.0 pkgs.podman-compose Implementation of docker-compose with podman backend nixos-unstable 1.2.0 nixos-unstable-small 1.2.0 nixpkgs-unstable 1.2.0 pkgs.podman-desktop A graphical tool for developing on containers and Kubernetes nixos-unstable 1.13.2 nixos-unstable-small 1.13.2 nixpkgs-unstable 1.13.2 pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.buildah-unwrapped Tool which facilitates building OCI images nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0 pkgs.nomad-driver-podman Podman task driver for Nomad nixos-unstable 0.6.1 nixos-unstable-small 0.6.1 nixpkgs-unstable 0.6.1 pkgs.python311Packages.podman Python bindings for Podman's RESTful API nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0 pkgs.python312Packages.podman Python bindings for Podman's RESTful API nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0 Package maintainers: 8 @saschagrunert Sascha Grunert <mail@saschagrunert.de> @vdemeester Vincent Demeester <vincent@sbr.pm> @sikmir Nikolay Korotkiy <sikmir@disroot.org> @aaronjheng Aaron Jheng <wentworth@outlook.com> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com> @panda2134 panda2134 <me+nixpkgs@panda2134.site> @cpcloud Phillip Cloud CVE-2024-9902 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): LOW updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 2 weeks ago @fricklerhandwerk accepted as draft 10 months, 1 week ago @fricklerhandwerk dismissed 10 months, 1 week ago Ansible-core: ansible-core user may read/write unauthorized content A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. core ansible-core <2.17.6rc1 * <2.15.13rc1 <2.16.13rc1 <2.18.0rc2 <2.14.18rc1 ee-29-container * ee-minimal-container * openstack-ansible-core * ansible-builder-container * ansible-automation-platform/ee-29-rhel8 * ansible-automation-platform/ee-minimal-rhel8 * ansible-automation-platform/ee-minimal-rhel9 * ansible-automation-platform/ansible-builder-rhel8 * ansible-automation-platform/ansible-builder-rhel9 * CVE-2024-9924 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 2 weeks ago @fricklerhandwerk dismissed 10 months, 1 week ago Hgiga OAKlouds - Arbitrary File Read And Delete The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . OAKlouds-webbase-2.0 <1162 CVE-2024-9924 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 2 weeks ago @fricklerhandwerk dismissed 10 months, 1 week ago Hgiga OAKlouds - Arbitrary File Read And Delete The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . OAKlouds-webbase-2.0 <1162
CVE-2024-7259 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Ovirt-engine: potential exposure of cleartext provider passwords via web ui A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. ovirt-engine <4.5.7 pkgs.rubyPackages.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 pkgs.rubyPackages_3_1.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_2.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_3.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_4.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_1.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_2.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_3.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_4.ovirt-engine-sdk nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
CVE-2024-5154 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @fricklerhandwerk accepted as draft 10 months, 1 week ago @fricklerhandwerk marked as untriaged 10 months, 1 week ago @fricklerhandwerk accepted as draft 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Cri-o: malicious container can create symlink on host A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. cri-o <1.28.7 <1.30.1 <1.29.5 * rhcos * conman conmon kernel * openshift * container-tools:rhel8/podman pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 Package maintainers: 2 @vdemeester Vincent Demeester <vincent@sbr.pm> @saschagrunert Sascha Grunert <mail@saschagrunert.de>
pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2
pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2
CVE-2024-6861 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @fricklerhandwerk accepted as draft 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. foreman * <3.3 satellite:el8/foreman satellite-utils:el8/foreman satellite-capsule:el8/foreman
CVE-2024-8418 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse accepted as draft 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime. rhcos aardvark-dns * containers-common containers/aardvark-dns ==1.12.1 ==1.12.0 container-tools:rhel8/aardvark-dns container-tools:rhel8/containers-common pkgs.aardvark-dns Authoritative dns server for A/AAAA container records nixos-unstable 1.13.1 nixos-unstable-small 1.13.1 nixpkgs-unstable 1.13.1 Package maintainers: 2 @vdemeester Vincent Demeester <vincent@sbr.pm> @saschagrunert Sascha Grunert <mail@saschagrunert.de>
pkgs.aardvark-dns Authoritative dns server for A/AAAA container records nixos-unstable 1.13.1 nixos-unstable-small 1.13.1 nixpkgs-unstable 1.13.1
CVE-2023-23456 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 1 week ago by @LeSuisse Activity log Created automatic suggestion 10 months, 1 week ago @LeSuisse dismissed 10 months, 1 week ago Upx: heap-buffer-overflow in packtmt::pack() A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. upx * pkgs.upx Ultimate Packer for eXecutables nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4
pkgs.upx Ultimate Packer for eXecutables nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4
CVE-2024-9341 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): LOW Availability impact (A): NONE updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 1 week ago @fricklerhandwerk dismissed 10 months, 1 week ago Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. cri-o * rhcos * podman * buildah * container-tools:rhel8 * container-tools:rhel8/podman github.com/containers/common <0.60.4 container-tools:rhel8/buildah openshift4/ose-docker-builder openshift4/ose-docker-builder-rhel9 pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.podman Program for managing pods, containers and container images nixos-unstable 5.3.1 nixos-unstable-small 5.3.1 nixpkgs-unstable 5.3.1 pkgs.buildah Tool which facilitates building OCI images nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0 pkgs.podman-tui Podman Terminal UI nixos-unstable 1.3.0 nixos-unstable-small 1.3.0 nixpkgs-unstable 1.3.0 pkgs.podman-compose Implementation of docker-compose with podman backend nixos-unstable 1.2.0 nixos-unstable-small 1.2.0 nixpkgs-unstable 1.2.0 pkgs.podman-desktop A graphical tool for developing on containers and Kubernetes nixos-unstable 1.13.2 nixos-unstable-small 1.13.2 nixpkgs-unstable 1.13.2 pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2 pkgs.buildah-unwrapped Tool which facilitates building OCI images nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0 pkgs.nomad-driver-podman Podman task driver for Nomad nixos-unstable 0.6.1 nixos-unstable-small 0.6.1 nixpkgs-unstable 0.6.1 pkgs.python311Packages.podman Python bindings for Podman's RESTful API nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0 pkgs.python312Packages.podman Python bindings for Podman's RESTful API nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0 Package maintainers: 8 @saschagrunert Sascha Grunert <mail@saschagrunert.de> @vdemeester Vincent Demeester <vincent@sbr.pm> @sikmir Nikolay Korotkiy <sikmir@disroot.org> @aaronjheng Aaron Jheng <wentworth@outlook.com> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com> @panda2134 panda2134 <me+nixpkgs@panda2134.site> @cpcloud Phillip Cloud
pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2
pkgs.podman Program for managing pods, containers and container images nixos-unstable 5.3.1 nixos-unstable-small 5.3.1 nixpkgs-unstable 5.3.1
pkgs.buildah Tool which facilitates building OCI images nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0
pkgs.podman-tui Podman Terminal UI nixos-unstable 1.3.0 nixos-unstable-small 1.3.0 nixpkgs-unstable 1.3.0
pkgs.podman-compose Implementation of docker-compose with podman backend nixos-unstable 1.2.0 nixos-unstable-small 1.2.0 nixpkgs-unstable 1.2.0
pkgs.podman-desktop A graphical tool for developing on containers and Kubernetes nixos-unstable 1.13.2 nixos-unstable-small 1.13.2 nixpkgs-unstable 1.13.2
pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-unstable 1.31.2 nixos-unstable-small 1.31.3 nixpkgs-unstable 1.31.2
pkgs.buildah-unwrapped Tool which facilitates building OCI images nixos-unstable 1.38.0 nixos-unstable-small 1.38.0 nixpkgs-unstable 1.38.0
pkgs.nomad-driver-podman Podman task driver for Nomad nixos-unstable 0.6.1 nixos-unstable-small 0.6.1 nixpkgs-unstable 0.6.1
pkgs.python311Packages.podman Python bindings for Podman's RESTful API nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0
pkgs.python312Packages.podman Python bindings for Podman's RESTful API nixos-unstable 5.3.0 nixos-unstable-small 5.3.0 nixpkgs-unstable 5.3.0
CVE-2024-9902 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): LOW updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 2 weeks ago @fricklerhandwerk accepted as draft 10 months, 1 week ago @fricklerhandwerk dismissed 10 months, 1 week ago Ansible-core: ansible-core user may read/write unauthorized content A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. core ansible-core <2.17.6rc1 * <2.15.13rc1 <2.16.13rc1 <2.18.0rc2 <2.14.18rc1 ee-29-container * ee-minimal-container * openstack-ansible-core * ansible-builder-container * ansible-automation-platform/ee-29-rhel8 * ansible-automation-platform/ee-minimal-rhel8 * ansible-automation-platform/ee-minimal-rhel9 * ansible-automation-platform/ansible-builder-rhel8 * ansible-automation-platform/ansible-builder-rhel9 *
CVE-2024-9924 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 2 weeks ago @fricklerhandwerk dismissed 10 months, 1 week ago Hgiga OAKlouds - Arbitrary File Read And Delete The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . OAKlouds-webbase-2.0 <1162
CVE-2024-9924 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 2 weeks ago @fricklerhandwerk dismissed 10 months, 1 week ago Hgiga OAKlouds - Arbitrary File Read And Delete The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . OAKlouds-webbase-2.0 <1162