⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-45617
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 9 months, 3 weeks ago
Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

opensc
libopensc
<0.26.0

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

pkgs.openscenegraph

3D graphics toolkit

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vimPlugins.vim-openscad.x86_64-linux

pkgs.vimPlugins.vim-openscad.aarch64-linux

pkgs.vimPlugins.vim-openscad.x86_64-darwin

pkgs.vimPlugins.vim-openscad.aarch64-darwin

pkgs.vscode-extensions.antyos.openscad.x86_64-linux

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.aarch64-linux

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.x86_64-darwin

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.aarch64-darwin

OpenSCAD highlighting, snippets, and more for VSCode
Package maintainers: 8
CVE-2024-38789
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 9 months, 3 weeks ago
WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2.

telegram-bot
=<3.8.2

pkgs.telegram-bot-api

Telegram Bot API server

pkgs.haskellPackages.telegram-bot-api

Easy to use library for building Telegram bots. Exports Telegram Bot API.

pkgs.haskellPackages.telegram-bot-simple

Easy to use library for building Telegram bots

pkgs.python311Packages.python-telegram-bot

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.x86_64-linux

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.aarch64-linux

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.x86_64-darwin

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.aarch64-darwin

Python library to interface with the Telegram Bot API
Package maintainers: 5
CVE-2024-38766
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 9 months, 3 weeks ago
WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1.

matomo
=<5.1.1

pkgs.matomo

Real-time web analytics application

pkgs.matomo_5

Real-time web analytics application
Package maintainers: 11
CVE-2023-47183
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 9 months, 3 weeks ago
WordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1.

give
=<2.33.1
CVE-2024-38765
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 9 months, 3 weeks ago
WordPress Oceanic theme <= 1.0.48 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Freelancelot Oceanic allows Cross Site Request Forgery.This issue affects Oceanic: from n/a through 1.0.48.

oceanic
=<1.0.48

pkgs.vscode-extensions.naumovs.theme-oceanicnext

Oceanic Next theme for VSCode + dimmed bg version for better looking UI

pkgs.vscode-extensions.naumovs.theme-oceanicnext.x86_64-linux

Oceanic Next theme for VSCode + dimmed bg version for better looking UI

pkgs.vscode-extensions.naumovs.theme-oceanicnext.aarch64-linux

Oceanic Next theme for VSCode + dimmed bg version for better looking UI

pkgs.vscode-extensions.naumovs.theme-oceanicnext.x86_64-darwin

Oceanic Next theme for VSCode + dimmed bg version for better looking UI

pkgs.vscode-extensions.naumovs.theme-oceanicnext.aarch64-darwin

Oceanic Next theme for VSCode + dimmed bg version for better looking UI
Package maintainers: 1
CVE-2024-45616
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 9 months, 3 weeks ago
Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

opensc
libopensc
<0.26.0

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

pkgs.openscenegraph

3D graphics toolkit

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vimPlugins.vim-openscad.x86_64-linux

pkgs.vimPlugins.vim-openscad.aarch64-linux

pkgs.vimPlugins.vim-openscad.x86_64-darwin

pkgs.vimPlugins.vim-openscad.aarch64-darwin

pkgs.vscode-extensions.antyos.openscad.x86_64-linux

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.aarch64-linux

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.x86_64-darwin

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.aarch64-darwin

OpenSCAD highlighting, snippets, and more for VSCode
Package maintainers: 8
CVE-2024-37490
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 9 months, 3 weeks ago
WordPress Bard theme <= 2.210 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Bard allows Cross Site Request Forgery.This issue affects Bard: from n/a through 2.210.

bard
=<2.210

pkgs.bombardier

Fast cross-platform HTTP benchmarking tool written in Go
Package maintainers: 1
CVE-2023-23672
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 9 months, 3 weeks ago
WordPress GiveWP plugin <= 2.25.1 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1.

give
=<2.25.1
CVE-2024-37478
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 9 months, 3 weeks ago
WordPress Ashe theme <= 2.233 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Ashe allows Cross Site Request Forgery.This issue affects Ashe: from n/a through 2.233.

ashe
=<2.233

pkgs.dasher

Information-efficient text-entry interface, driven by natural continuous pointing gestures

pkgs.hashes

Simple hash algorithm identification GUI

pkgs.seashells

Pipe command-line programs to seashells.io

pkgs.gcfflasher

CFFlasher is the tool to program the firmware of dresden elektronik's Zigbee products

pkgs.rnix-hashes

Nix Hash Converter

pkgs.seashells.x86_64-linux

Pipe command-line programs to seashells.io

pkgs.seashells.aarch64-linux

Pipe command-line programs to seashells.io

pkgs.seashells.x86_64-darwin

Pipe command-line programs to seashells.io

pkgs.rnix-hashes.x86_64-linux

Nix Hash Converter

pkgs.seashells.aarch64-darwin

Pipe command-line programs to seashells.io

pkgs.python311Packages.cashews

Cache tools with async power

pkgs.python312Packages.cashews

Cache tools with async power

pkgs.rnix-hashes.aarch64-linux

Nix Hash Converter

pkgs.rnix-hashes.x86_64-darwin

Nix Hash Converter

pkgs.rnix-hashes.aarch64-darwin

Nix Hash Converter

pkgs.haskellPackages.hashes.x86_64-linux

Hash functions

pkgs.haskellPackages.hashes.aarch64-linux

Hash functions

pkgs.haskellPackages.hashes.x86_64-darwin

Hash functions

pkgs.haskellPackages.hashes.aarch64-darwin

Hash functions

pkgs.python311Packages.universal-silabs-flasher

Flashes Silicon Labs radios running EmberZNet or CPC multi-pan firmware

pkgs.python312Packages.universal-silabs-flasher

Flashes Silicon Labs radios running EmberZNet or CPC multi-pan firmware

pkgs.home-assistant-component-tests.ruckus_unleashed

Open source home automation that puts local control and privacy first

pkgs.python312Packages.universal-silabs-flasher.x86_64-linux

Flashes Silicon Labs radios running EmberZNet or CPC multi-pan firmware

pkgs.python312Packages.universal-silabs-flasher.aarch64-linux

Flashes Silicon Labs radios running EmberZNet or CPC multi-pan firmware
Package maintainers: 9
CVE-2024-45615
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 9 months, 3 weeks ago
Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

opensc
libopensc
<0.26.0

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

pkgs.openscenegraph

3D graphics toolkit

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vimPlugins.vim-openscad.x86_64-linux

pkgs.vimPlugins.vim-openscad.aarch64-linux

pkgs.vimPlugins.vim-openscad.x86_64-darwin

pkgs.vimPlugins.vim-openscad.aarch64-darwin

pkgs.vscode-extensions.antyos.openscad.x86_64-linux

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.aarch64-linux

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.x86_64-darwin

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.aarch64-darwin

OpenSCAD highlighting, snippets, and more for VSCode
Package maintainers: 8