⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-12087
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 9 months, 1 week ago
Rsync: path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.

rhcos
rsync
*
=<3.3.0
registry.redhat.io/discovery/discovery-ui-rhel9
*

pkgs.rsync

Fast incremental file transfer utility

pkgs.grsync

Synchronize folders, files and make backups

pkgs.rrsync

Helper to run rsync-only environments from ssh-logins

pkgs.librsync

Implementation of the rsync remote-delta algorithm

pkgs.diskrsync

Rsync for block devices and disk images

pkgs.vdirsyncer

Synchronize calendars and contacts

pkgs.rsync.x86_64-linux

Fast incremental file transfer utility

pkgs.rrsync.x86_64-linux

Helper to run rsync-only environments from ssh-logins

pkgs.rsync.aarch64-linux

Fast incremental file transfer utility

pkgs.rsync.x86_64-darwin

Fast incremental file transfer utility

pkgs.rrsync.aarch64-linux

Helper to run rsync-only environments from ssh-logins

pkgs.rrsync.x86_64-darwin

Helper to run rsync-only environments from ssh-logins

pkgs.rsync.aarch64-darwin

Fast incremental file transfer utility

pkgs.librsync.x86_64-linux

Implementation of the rsync remote-delta algorithm

pkgs.rrsync.aarch64-darwin

Helper to run rsync-only environments from ssh-logins

pkgs.librsync.aarch64-linux

Implementation of the rsync remote-delta algorithm

pkgs.librsync.x86_64-darwin

Implementation of the rsync remote-delta algorithm

pkgs.librsync.aarch64-darwin

Implementation of the rsync remote-delta algorithm

pkgs.python311Packages.sysrsync

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync

Simple and safe system's rsync wrapper for Python

pkgs.python311Packages.vdirsyncer

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer

Synchronize calendars and contacts

pkgs.python312Packages.sysrsync.x86_64-linux

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync.aarch64-linux

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync.x86_64-darwin

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync.aarch64-darwin

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.vdirsyncer.x86_64-linux

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer.aarch64-linux

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer.x86_64-darwin

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer.aarch64-darwin

Synchronize calendars and contacts
Package maintainers: 7
CVE-2024-12088
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 9 months, 1 week ago
Rsync: --safe-links option bypass leads to path traversal

A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

rhcos
rsync
*
=<3.3.0
registry.redhat.io/discovery/discovery-ui-rhel9
*

pkgs.rsync

Fast incremental file transfer utility

pkgs.grsync

Synchronize folders, files and make backups

pkgs.rrsync

Helper to run rsync-only environments from ssh-logins

pkgs.librsync

Implementation of the rsync remote-delta algorithm

pkgs.diskrsync

Rsync for block devices and disk images

pkgs.vdirsyncer

Synchronize calendars and contacts

pkgs.rsync.x86_64-linux

Fast incremental file transfer utility

pkgs.rrsync.x86_64-linux

Helper to run rsync-only environments from ssh-logins

pkgs.rsync.aarch64-linux

Fast incremental file transfer utility

pkgs.rsync.x86_64-darwin

Fast incremental file transfer utility

pkgs.rrsync.aarch64-linux

Helper to run rsync-only environments from ssh-logins

pkgs.rrsync.x86_64-darwin

Helper to run rsync-only environments from ssh-logins

pkgs.rsync.aarch64-darwin

Fast incremental file transfer utility

pkgs.librsync.x86_64-linux

Implementation of the rsync remote-delta algorithm

pkgs.rrsync.aarch64-darwin

Helper to run rsync-only environments from ssh-logins

pkgs.librsync.aarch64-linux

Implementation of the rsync remote-delta algorithm

pkgs.librsync.x86_64-darwin

Implementation of the rsync remote-delta algorithm

pkgs.librsync.aarch64-darwin

Implementation of the rsync remote-delta algorithm

pkgs.python311Packages.sysrsync

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync

Simple and safe system's rsync wrapper for Python

pkgs.python311Packages.vdirsyncer

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer

Synchronize calendars and contacts

pkgs.python312Packages.sysrsync.x86_64-linux

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync.aarch64-linux

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync.x86_64-darwin

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync.aarch64-darwin

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.vdirsyncer.x86_64-linux

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer.aarch64-linux

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer.x86_64-darwin

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer.aarch64-darwin

Synchronize calendars and contacts
Package maintainers: 7
CVE-2024-12085
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 9 months, 1 week ago
Rsync: info leak via uninitialized stack contents

A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

rhcos
*
rsync
*
=<3.3.0
openshift-logging/vector-rhel9
*
openshift-logging/fluentd-rhel9
*
openshift4/ose-operator-sdk-rhel9
*
openshift4/ose-helm-rhel9-operator
*
openshift-logging/eventrouter-rhel9
*
openshift-logging/logging-loki-rhel9
*
openshift-logging/loki-rhel9-operator
*
openshift-logging/opa-openshift-rhel9
*
openshift4/ose-ansible-rhel9-operator
*
openshift-logging/elasticsearch6-rhel9
*
openshift-logging/loki-operator-bundle
*
openshift-logging/logging-curator5-rhel9
*
openshift-logging/lokistack-gateway-rhel9
*
openshift-logging/elasticsearch-proxy-rhel9
*
openshift-logging/logging-view-plugin-rhel9
*
openshift-logging/elasticsearch-rhel9-operator
*
openshift-logging/elasticsearch-operator-bundle
*
openshift-logging/cluster-logging-rhel8-operator
openshift-logging/cluster-logging-rhel9-operator
*
openshift-logging/log-file-metric-exporter-rhel9
*
openshift-logging/cluster-logging-operator-bundle
*

pkgs.rsync

Fast incremental file transfer utility

pkgs.grsync

Synchronize folders, files and make backups

pkgs.rrsync

Helper to run rsync-only environments from ssh-logins

pkgs.librsync

Implementation of the rsync remote-delta algorithm

pkgs.diskrsync

Rsync for block devices and disk images

pkgs.vdirsyncer

Synchronize calendars and contacts

pkgs.rsync.x86_64-linux

Fast incremental file transfer utility

pkgs.rrsync.x86_64-linux

Helper to run rsync-only environments from ssh-logins

pkgs.rsync.aarch64-linux

Fast incremental file transfer utility

pkgs.rsync.x86_64-darwin

Fast incremental file transfer utility

pkgs.rrsync.aarch64-linux

Helper to run rsync-only environments from ssh-logins

pkgs.rrsync.x86_64-darwin

Helper to run rsync-only environments from ssh-logins

pkgs.rsync.aarch64-darwin

Fast incremental file transfer utility

pkgs.librsync.x86_64-linux

Implementation of the rsync remote-delta algorithm

pkgs.rrsync.aarch64-darwin

Helper to run rsync-only environments from ssh-logins

pkgs.librsync.aarch64-linux

Implementation of the rsync remote-delta algorithm

pkgs.librsync.x86_64-darwin

Implementation of the rsync remote-delta algorithm

pkgs.librsync.aarch64-darwin

Implementation of the rsync remote-delta algorithm

pkgs.python311Packages.sysrsync

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync

Simple and safe system's rsync wrapper for Python

pkgs.python311Packages.vdirsyncer

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer

Synchronize calendars and contacts

pkgs.python312Packages.sysrsync.x86_64-linux

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync.aarch64-linux

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync.x86_64-darwin

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.sysrsync.aarch64-darwin

Simple and safe system's rsync wrapper for Python

pkgs.python312Packages.vdirsyncer.x86_64-linux

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer.aarch64-linux

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer.x86_64-darwin

Synchronize calendars and contacts

pkgs.python312Packages.vdirsyncer.aarch64-darwin

Synchronize calendars and contacts
Package maintainers: 7
CVE-2023-25041
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 9 months, 2 weeks ago
WordPress Monolit Theme <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions.

monolit
=<2.0.6

pkgs.monolith

Bundle any web page into a single HTML file
Package maintainers: 1
CVE-2022-47613
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 9 months, 2 weeks ago
WordPress AI ChatBot Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions.

chatbot
=<4.3.0
CVE-2023-5156
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 9 months, 2 weeks ago
Glibc: dos due to memory leak in getaddrinfo.c

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

glibc
compat-glibc

pkgs.glibc

GNU C Library

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.glibcLocales

Locale information for the GNU C Library

pkgs.glibcLocalesUtf8

Locale information for the GNU C Library

pkgs.locale.x86_64-linux

pkgs.locale.aarch64-linux

pkgs.libiconv.x86_64-linux

pkgs.libiconv.aarch64-linux

Package maintainers: 2
CVE-2023-1907
8.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 9 months, 2 weeks ago
Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

pgadmin
<7.0

pkgs.pgadmin4

Administration and development platform for PostgreSQL

pkgs.pgadmin4-desktopmode

Administration and development platform for PostgreSQL. Desktop Mode

pkgs.pgadmin4.x86_64-linux

Administration and development platform for PostgreSQL

pkgs.pgadmin4.aarch64-linux

Administration and development platform for PostgreSQL

pkgs.pgadmin4.x86_64-darwin

Administration and development platform for PostgreSQL

pkgs.pgadmin4.aarch64-darwin

Administration and development platform for PostgreSQL

pkgs.pgadmin4-desktopmode.x86_64-linux

Administration and development platform for PostgreSQL. Desktop Mode

pkgs.pgadmin4-desktopmode.aarch64-linux

Administration and development platform for PostgreSQL. Desktop Mode

pkgs.pgadmin4-desktopmode.x86_64-darwin

Administration and development platform for PostgreSQL. Desktop Mode

pkgs.pgadmin4-desktopmode.aarch64-darwin

Administration and development platform for PostgreSQL. Desktop Mode
Package maintainers: 1
CVE-2024-56826
5.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 9 months, 2 weeks ago
Openjpeg: heap buffer overflow in bin/common/color.c

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

openjpeg
*
openjpeg2
*
gimp:flatpak/openjpeg2

pkgs.openjpeg

Open-source JPEG 2000 codec written in C language

pkgs.python311Packages.pylibjpeg-openjpeg

A J2K and JP2 plugin for pylibjpeg

pkgs.python312Packages.pylibjpeg-openjpeg

A J2K and JP2 plugin for pylibjpeg

pkgs.python312Packages.pylibjpeg-openjpeg.x86_64-linux

A J2K and JP2 plugin for pylibjpeg
Package maintainers: 2
CVE-2022-47183
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 9 months, 2 weeks ago
WordPress Extra Block Design, Style, CSS for ANY Gutenberg Blocks Plugin <= 0.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.

stylist
=<0.2.6

pkgs.haskellPackages.stylist-traits

Traits, datatypes, & parsers for Haskell Stylist
CVE-2023-23668
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 9 months, 2 weeks ago
WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions.

give
=<2.25.1