Nixpkgs security tracker

Permalink CVE-2014-2352

created 2 months ago Activity log

Created suggestion 2 months ago

Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote …

Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname.

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 x_transferredx_refsource_MISC
https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02
http://cogentdatahub.com/Download_Software.html

Affected products

n/a

==n/a

DataHub

<7.3.5

Matching in nixpkgs

pkgs.python312Packages.cryptodatahub

Repository of cryptography-related data

nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python313Packages.cryptodatahub

Repository of cryptography-related data

nixos-unstable 1.0.2
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python314Packages.cryptodatahub

Repository of cryptography-related data

nixos-unstable 1.0.2
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
@phanirithvij Phani Rithvij <phanirithvij2000@gmail.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>

Permalink CVE-2014-2353

created 2 months ago Activity log

Created suggestion 2 months ago

Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows …

Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 x_transferredx_refsource_MISC
https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02
http://cogentdatahub.com/Download_Software.html

Affected products

n/a

==n/a

DataHub

<7.3.5

Matching in nixpkgs

pkgs.python312Packages.cryptodatahub

Repository of cryptography-related data

nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python313Packages.cryptodatahub

Repository of cryptography-related data

nixos-unstable 1.0.2
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python314Packages.cryptodatahub

Repository of cryptography-related data

nixos-unstable 1.0.2
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
@phanirithvij Phani Rithvij <phanirithvij2000@gmail.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>

Permalink CVE-2014-2354

created 2 months ago Activity log

Created suggestion 2 months ago

Cogent DataHub before 7.3.5 does not use a salt during …

Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 x_transferredx_refsource_MISC
https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02
http://cogentdatahub.com/Download_Software.html

Affected products

n/a

==n/a

DataHub

<7.3.5

Matching in nixpkgs

pkgs.python312Packages.cryptodatahub

Repository of cryptography-related data

nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python313Packages.cryptodatahub

Repository of cryptography-related data

nixos-unstable 1.0.2
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python314Packages.cryptodatahub

Repository of cryptography-related data

nixos-unstable 1.0.2
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
@phanirithvij Phani Rithvij <phanirithvij2000@gmail.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>

Permalink CVE-2026-25644

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

DataHub's LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.

References

https://github.com/datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5 x_refsource_CONFIRM

Affected products

datahub

==< 1.3.1.8

Matching in nixpkgs

pkgs.python312Packages.cryptodatahub

Repository of cryptography-related data

nixos-unstable 1.0.0
nixos-25.11 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python313Packages.cryptodatahub

Repository of cryptography-related data

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2
nixos-25.11 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python314Packages.cryptodatahub

Repository of cryptography-related data

nixos-unstable -
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2

Package maintainers

@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
@fricklerhandwerk Valentin Gagarin <valentin@fricklerhandwerk.de>
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>
@wegank Weijia Wang <contact@weijia.wang>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.cryptodatahub

pkgs.python313Packages.cryptodatahub

pkgs.python314Packages.cryptodatahub

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.cryptodatahub

pkgs.python313Packages.cryptodatahub

pkgs.python314Packages.cryptodatahub

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.cryptodatahub

pkgs.python313Packages.cryptodatahub

pkgs.python314Packages.cryptodatahub

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.cryptodatahub

pkgs.python313Packages.cryptodatahub

pkgs.python314Packages.cryptodatahub

Package maintainers