Nixpkgs Security Tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2024-41937
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 8 months, 4 weeks ago
Apache Airflow: Stored XSS Vulnerability on provider link

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link. Users should upgrade to 2.10.0 or later, which fixes this vulnerability.

Affected products

apache-airflow
  • <2.10.0

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

Package maintainers: 3

CVE-2023-31346
6.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 8 months, 4 weeks ago
Failure to initialize memory in SEV Firmware may allow a …

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.spoofdpi.x86_64-linux

Simple and fast anti-censorship tool written in Go

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.spoofdpi.aarch64-linux

Simple and fast anti-censorship tool written in Go

pkgs.spoofdpi.x86_64-darwin

Simple and fast anti-censorship tool written in Go

pkgs.spoofdpi.aarch64-darwin

Simple and fast anti-censorship tool written in Go

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPI.x86_64-linux

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI.aarch64-linux

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI.x86_64-darwin

Parse, Analyze and Manipulate Perl (without perl)

pkgs.haskellPackages.hsPID.x86_64-linux

PID control loop

pkgs.perl540Packages.PPI.aarch64-darwin

Parse, Analyze and Manipulate Perl (without perl)

pkgs.spirv-llvm-translator.x86_64-linux

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.haskellPackages.hsPID.aarch64-linux

PID control loop

pkgs.haskellPackages.hsPID.x86_64-darwin

PID control loop

pkgs.spirv-llvm-translator.aarch64-linux

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.spirv-llvm-translator.x86_64-darwin

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.haskellPackages.hsPID.aarch64-darwin

PID control loop

pkgs.perl540Packages.PDFAPI2.x86_64-linux

Create, modify, and examine PDF files

pkgs.spirv-llvm-translator.aarch64-darwin

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl540Packages.PDFAPI2.aarch64-linux

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2.x86_64-darwin

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2.aarch64-darwin

Create, modify, and examine PDF files

pkgs.perl540Packages.PPIxUtils.x86_64-linux

Utility functions for PPI

pkgs.perl540Packages.PPIxRegexp.x86_64-linux

Parse regular expressions

pkgs.perl540Packages.PPIxUtils.aarch64-linux

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils.x86_64-darwin

Utility functions for PPI

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.PPIxRegexp.aarch64-linux

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp.x86_64-darwin

Parse regular expressions

pkgs.perl540Packages.PPIxUtils.aarch64-darwin

Utility functions for PPI

pkgs.perl540Packages.ProcPIDFile.x86_64-linux

Manage process id files

pkgs.perl540Packages.PPIxRegexp.aarch64-darwin

Parse regular expressions

pkgs.perl540Packages.ProcPIDFile.aarch64-linux

Manage process id files

pkgs.perl540Packages.ProcPIDFile.x86_64-darwin

Manage process id files

pkgs.perl540Packages.WWWTwilioAPI.x86_64-linux

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.x86_64-linux

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.x86_64-linux

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.x86_64-linux

Extensions to PPI|PPI

pkgs.perl540Packages.ProcPIDFile.aarch64-darwin

Manage process id files

pkgs.perl540Packages.WWWTwilioAPI.aarch64-linux

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI.x86_64-darwin

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.aarch64-linux

Client for talking to an Open API powered server

pkgs.perl540Packages.OpenAPIClient.x86_64-darwin

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.aarch64-linux

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxQuoteLike.x86_64-darwin

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.aarch64-linux

Extensions to PPI|PPI

pkgs.perl540Packages.PPIxUtilities.x86_64-darwin

Extensions to PPI|PPI

pkgs.perl540Packages.WWWTwilioAPI.aarch64-darwin

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.aarch64-darwin

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.aarch64-darwin

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.aarch64-darwin

Extensions to PPI|PPI

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-darwin

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-darwin

OpenAPI / Swagger plugin for Mojolicious

CVE-2024-25142
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 8 months, 4 weeks ago
Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue.

Affected products

apache-airflow
  • <2.9.2

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

Package maintainers: 3

CVE-2022-28656
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 8 months, 4 weeks ago
is_closing_session() allows users to consume RAM in the Apport process

is_closing_session() allows users to consume RAM in the Apport process

Affected products

apport
  • <2.21.0

Matching in nixpkgs

pkgs.haskellPackages.apportionment

Round a set of numbers while maintaining its sum

Package maintainers: 1

CVE-2024-6219
3.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 8 months, 4 weeks ago
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, …

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.

Affected products

lxd
  • <5.21.1

Matching in nixpkgs

pkgs.lxd-ui

Web user interface for LXD

pkgs.lxd-lts

Daemon based on liblxc offering a REST API to manage containers

pkgs.lxdvdrip

Command line tool to make a copy from a video DVD for private use

pkgs.lxd-image-server

Creates and manages a simplestreams lxd image server on top of nginx

pkgs.lxd-unwrapped-lts

Daemon based on liblxc offering a REST API to manage containers

pkgs.python311Packages.pylxd

Library for interacting with the LXD REST API

pkgs.python312Packages.pylxd

Library for interacting with the LXD REST API

pkgs.python312Packages.pylxd.x86_64-linux

Library for interacting with the LXD REST API

pkgs.python312Packages.pylxd.aarch64-linux

Library for interacting with the LXD REST API

pkgs.python312Packages.pylxd.x86_64-darwin

Library for interacting with the LXD REST API

pkgs.python312Packages.pylxd.aarch64-darwin

Library for interacting with the LXD REST API

Package maintainers: 1

CVE-2023-32190
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 8 months, 4 weeks ago
mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable

mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.

Affected products

mlocate
  • <0.26-37.1

Matching in nixpkgs

pkgs.mlocate

Merging locate is an utility to index and quickly search for files

CVE-2024-11734
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 8 months, 4 weeks ago
Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.

Affected products

keycloak
  • <26.0.8
rhbk/keycloak-rhel9
  • *
rhbk/keycloak-rhel9-operator
  • *
rhbk/keycloak-operator-bundle
  • *
org.keycloak/keycloak-quarkus-server

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python311Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-darwin

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-darwin

Provides access to the Keycloak API

Package maintainers: 3

CVE-2024-11736
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 8 months, 4 weeks ago
Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing.

Affected products

keycloak
  • <26.0.8
rhbk/keycloak-rhel9
  • *
rhbk/keycloak-rhel9-operator
  • *
rhbk/keycloak-operator-bundle
  • *
org.keycloak/keycloak-quarkus-server

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python311Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-darwin

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-darwin

Provides access to the Keycloak API

Package maintainers: 3

CVE-2023-20578
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 9 months ago
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with …

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

Affected products

PI
  • ==NaplesPI 1.0.0.K

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.spoofdpi.x86_64-linux

Simple and fast anti-censorship tool written in Go

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.spoofdpi.aarch64-linux

Simple and fast anti-censorship tool written in Go

pkgs.spoofdpi.x86_64-darwin

Simple and fast anti-censorship tool written in Go

pkgs.spoofdpi.aarch64-darwin

Simple and fast anti-censorship tool written in Go

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPI.x86_64-linux

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI.aarch64-linux

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI.x86_64-darwin

Parse, Analyze and Manipulate Perl (without perl)

pkgs.haskellPackages.hsPID.x86_64-linux

PID control loop

pkgs.perl540Packages.PPI.aarch64-darwin

Parse, Analyze and Manipulate Perl (without perl)

pkgs.spirv-llvm-translator.x86_64-linux

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.haskellPackages.hsPID.aarch64-linux

PID control loop

pkgs.haskellPackages.hsPID.x86_64-darwin

PID control loop

pkgs.spirv-llvm-translator.aarch64-linux

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.spirv-llvm-translator.x86_64-darwin

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.haskellPackages.hsPID.aarch64-darwin

PID control loop

pkgs.perl540Packages.PDFAPI2.x86_64-linux

Create, modify, and examine PDF files

pkgs.spirv-llvm-translator.aarch64-darwin

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl540Packages.PDFAPI2.aarch64-linux

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2.x86_64-darwin

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2.aarch64-darwin

Create, modify, and examine PDF files

pkgs.perl540Packages.PPIxUtils.x86_64-linux

Utility functions for PPI

pkgs.perl540Packages.PPIxRegexp.x86_64-linux

Parse regular expressions

pkgs.perl540Packages.PPIxUtils.aarch64-linux

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils.x86_64-darwin

Utility functions for PPI

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.PPIxRegexp.aarch64-linux

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp.x86_64-darwin

Parse regular expressions

pkgs.perl540Packages.PPIxUtils.aarch64-darwin

Utility functions for PPI

pkgs.perl540Packages.ProcPIDFile.x86_64-linux

Manage process id files

pkgs.perl540Packages.PPIxRegexp.aarch64-darwin

Parse regular expressions

pkgs.perl540Packages.ProcPIDFile.aarch64-linux

Manage process id files

pkgs.perl540Packages.ProcPIDFile.x86_64-darwin

Manage process id files

pkgs.perl540Packages.WWWTwilioAPI.x86_64-linux

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.x86_64-linux

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.x86_64-linux

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.x86_64-linux

Extensions to PPI|PPI

pkgs.perl540Packages.ProcPIDFile.aarch64-darwin

Manage process id files

pkgs.perl540Packages.WWWTwilioAPI.aarch64-linux

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI.x86_64-darwin

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.aarch64-linux

Client for talking to an Open API powered server

pkgs.perl540Packages.OpenAPIClient.x86_64-darwin

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.aarch64-linux

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxQuoteLike.x86_64-darwin

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.aarch64-linux

Extensions to PPI|PPI

pkgs.perl540Packages.PPIxUtilities.x86_64-darwin

Extensions to PPI|PPI

pkgs.perl540Packages.WWWTwilioAPI.aarch64-darwin

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.aarch64-darwin

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.aarch64-darwin

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.aarch64-darwin

Extensions to PPI|PPI

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-darwin

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-darwin

OpenAPI / Swagger plugin for Mojolicious

CVE-2025-2487
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 9 months ago
389-ds-base: null pointer dereference leads to denial of service

A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash.

Affected products

389-ds-base
  • =<2.5.3
  • =<2.6.1
  • =<2.4.6
  • *
  • =<3.0.6
redhat-ds:12
  • *
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base

Matching in nixpkgs

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

Package maintainers: 1