103 derivations with active advisories

------------------------------------------------------------------------
SDL_ttf-2.0.11

/nix/store/6akg13v13jh95wlcwyl8n5z7kx8hh8g5-SDL_ttf-2.0.11.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-27470    7.8      SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

------------------------------------------------------------------------
ShellCheck-0.9.0

/nix/store/plbp71qisk34jql6nx0w24nhgh75vq80-ShellCheck-0.9.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8      The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath.

------------------------------------------------------------------------
ShellCheck-0.9.0-r1.cabal

/nix/store/iy8p12sn2na90ra4fm6kjh13hjxp4hh7-ShellCheck-0.9.0-r1.cabal.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8      The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath.

------------------------------------------------------------------------
accountsservice-23.13.9

/nix/store/ckcfyb0q0kcfh1jvskcahb7gkhba9qga-accountsservice-23.13.9.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-3297     7.8      In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

------------------------------------------------------------------------
allegro-4.4.3.1

/nix/store/1wx6nli6mfdrba040lmnvp1lam8qkr71-allegro-4.4.3.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-36489    6.5      Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.

------------------------------------------------------------------------
async-2.2.4

/nix/store/bdwmf22xshkavaq72ldpqbgisrcdsqv2-async-2.2.4.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-43138    7.8      In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

------------------------------------------------------------------------
async-2.2.4-r4.cabal

/nix/store/8ycx860g0yw19iqxw0xyas3n7136wqz0-async-2.2.4-r4.cabal.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-43138    7.8      In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

------------------------------------------------------------------------
audiofile-0.3.6

/nix/store/17ppapcm6q8ssyzimnpzzafmc8y22h4b-audiofile-0.3.6.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-18781    5.5      Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.

------------------------------------------------------------------------
avahi-0.8

/nix/store/kmqkzy8gpacyvd3ydbdw23nr7hb69f5g-avahi-0.8.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-26720    7.8      avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.

------------------------------------------------------------------------
avahi-0.8

/nix/store/18kmmcbrv14145a2sa6aw47h3ydjzqla-avahi-0.8.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-26720    7.8      avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.

------------------------------------------------------------------------
bind-9.18.24

/nix/store/a712l6j41g0nk13s6zpscqxp2nsyd525-bind-9.18.24.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2019-6470     7.5      There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.

------------------------------------------------------------------------
binutils-2.40

/nix/store/i9nabsm6h43ang88m4d1af872z1818wn-binutils-2.40.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-25585    5.5      A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
https://nvd.nist.gov/vuln/detail/CVE-2023-25586    5.5      A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
https://nvd.nist.gov/vuln/detail/CVE-2023-25588    5.5      A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

------------------------------------------------------------------------
busybox-1.36.1

/nix/store/gwxmydaymm8bkildq804m0118kiaw2k5-busybox-1.36.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-42363    5.5      A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
https://nvd.nist.gov/vuln/detail/CVE-2023-42364    5.5      A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
https://nvd.nist.gov/vuln/detail/CVE-2023-42365    5.5      A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
https://nvd.nist.gov/vuln/detail/CVE-2023-42366    5.5      A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

------------------------------------------------------------------------
cereal-0.5.8.3

/nix/store/s81gj7d0j563bk9m0rrv4z7fbyhkazj5-cereal-0.5.8.3.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8      An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests.
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3      An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside of a trusted context.

------------------------------------------------------------------------
commonmark-0.2.4

/nix/store/ch3bvlgqs0km63ap6pcagka4a579jsp1-commonmark-0.2.4.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1      Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.

------------------------------------------------------------------------
coreutils-9.4

/nix/store/anqn1bi6n9rrlvk9n2j2ykbbjpbnaycb-coreutils-9.4.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2024-0684     5.5      A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

------------------------------------------------------------------------
cpio-0.3.0

/nix/store/1dcpqff189g2v8iwc2gb2gnx6fj77id9-cpio-0.3.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-38185    7.8      GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
https://nvd.nist.gov/vuln/detail/CVE-2019-14866    7.3      In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.

------------------------------------------------------------------------
crossbeam-0.8.2

/nix/store/jz87ydpr92hq1vfdsc6wy2xka58kckm3-crossbeam-0.8.2.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-23639    8.1      crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.

------------------------------------------------------------------------
cups-2.4.7

/nix/store/mwv0lz8nqcw1gzb25azss97w6fc3l8wy-cups-2.4.7.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7      A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.

------------------------------------------------------------------------
curl-0.4.44

/nix/store/ym1798z3jrbd4id2ihrincdljnix4kqk-curl-0.4.44.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-32221    9.8      When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
https://nvd.nist.gov/vuln/detail/CVE-2019-5443     7.8      A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
https://nvd.nist.gov/vuln/detail/CVE-2022-27781    7.5      libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
https://nvd.nist.gov/vuln/detail/CVE-2022-27782    7.5      libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
https://nvd.nist.gov/vuln/detail/CVE-2023-28319    7.5      A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.
https://nvd.nist.gov/vuln/detail/CVE-2022-27776    6.5      A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
https://nvd.nist.gov/vuln/detail/CVE-2022-32206    6.5      curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
https://nvd.nist.gov/vuln/detail/CVE-2022-43552    5.9      A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
https://nvd.nist.gov/vuln/detail/CVE-2023-28320    5.9      A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.
https://nvd.nist.gov/vuln/detail/CVE-2023-28321    5.9      An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.
https://nvd.nist.gov/vuln/detail/CVE-2020-8284     3.7      A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
https://nvd.nist.gov/vuln/detail/CVE-2022-35252    3.7      When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
https://nvd.nist.gov/vuln/detail/CVE-2023-28322    3.7      An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

------------------------------------------------------------------------
curl-8.4.0

/nix/store/rcrrmgjvblvk7raqslyl7vxrhsnqgg44-curl-8.4.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-46218    6.5      This flaw allows a malicious HTTP server to set "super cookies" in curl that
are then passed back to more origins than what is otherwise allowed or
possible. This allows a site to set cookies that then would get sent to
different and unrelated sites and domains.

It could do this by exploiting a mixed case flaw in curl's function that
verifies a given cookie domain against the Public Suffix List (PSL). For
example a cookie could be set with `domain=co.UK` when the URL used a lower
case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.

https://nvd.nist.gov/vuln/detail/CVE-2023-46219    5.3      When saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file unaware of
the HSTS status they should otherwise use.


------------------------------------------------------------------------
dash-0.5.12

/nix/store/zmqpy9ggp1bzbarr9lk74vhvfhpidb61-dash-0.5.12.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2024-21485    5.4      Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server.

**Note:**

This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user.

------------------------------------------------------------------------
dbus-1

/nix/store/zjlxj6pvyjjdpnpy93h3n1brvfwxz51a-dbus-1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2019-12749    7.1      dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
https://nvd.nist.gov/vuln/detail/CVE-2022-42010    6.5      An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
https://nvd.nist.gov/vuln/detail/CVE-2022-42011    6.5      An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
https://nvd.nist.gov/vuln/detail/CVE-2022-42012    6.5      An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

------------------------------------------------------------------------
djvulibre-3.5.28

/nix/store/59g86gvrhpckx81nwnhps39hbj45cjz4-djvulibre-3.5.28.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-46310    6.5      An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
https://nvd.nist.gov/vuln/detail/CVE-2021-46312    6.5      An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

------------------------------------------------------------------------
faad2-2.10.1

/nix/store/vv4cqhwmjnq0lw27kqffaglrsbcbn2vk-faad2-2.10.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-38858    6.5      Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.
https://nvd.nist.gov/vuln/detail/CVE-2023-38857    5.5      Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.

------------------------------------------------------------------------
ffmpeg-4.4.4

/nix/store/iwfbg6mph5dx0j3ypa820938q3l9g91z-ffmpeg-4.4.4.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2024-22860    9.8      Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
https://nvd.nist.gov/vuln/detail/CVE-2024-22862    9.8      Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
https://nvd.nist.gov/vuln/detail/CVE-2022-48434    8.1      libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
https://nvd.nist.gov/vuln/detail/CVE-2023-47470    7.8      Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
https://nvd.nist.gov/vuln/detail/CVE-2022-3109     7.5      An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
https://nvd.nist.gov/vuln/detail/CVE-2024-22861    7.5      Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
https://nvd.nist.gov/vuln/detail/CVE-2023-46407    5.5      FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
https://nvd.nist.gov/vuln/detail/CVE-2022-3341     5.3      A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.

------------------------------------------------------------------------
ffmpeg-6.0

/nix/store/0ahfrgfyqy9s3xy87qsrrp9b4f0bilk8-ffmpeg-6.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2024-22860    9.8      Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
https://nvd.nist.gov/vuln/detail/CVE-2024-22862    9.8      Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
https://nvd.nist.gov/vuln/detail/CVE-2023-47470    7.8      Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
https://nvd.nist.gov/vuln/detail/CVE-2024-22861    7.5      Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
https://nvd.nist.gov/vuln/detail/CVE-2023-46407    5.5      FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.

------------------------------------------------------------------------
flex-2.6.4

/nix/store/icwmyxcn986n3fqv0bq551nkpkpik61j-flex-2.6.4.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2019-6293     5.5      An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.

------------------------------------------------------------------------
fuse-2.9.9

/nix/store/831bxw4hqw5nkyrw22m0bplfj8wiwgl3-fuse-2.9.9.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5      It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5      A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/dvp4qz361cnkd2di3wklbpc4xb2s3q97-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5      It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5      A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

------------------------------------------------------------------------
fuse-3.16.2

/nix/store/pxnpcbzwispj5sfz7fn25zi4y5x041fc-fuse-3.16.2.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5      It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5      A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

------------------------------------------------------------------------
gcc-12.3.0

/nix/store/dlx7agskbxlvnrwb3lcg31lb68fc7mpp-gcc-12.3.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8      

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains 
that target AArch64 allows an attacker to exploit an existing buffer 
overflow in dynamically-sized local variables in your application 
without this being detected. This stack-protector failure only applies 
to C99-style dynamically-sized local variables or those created using 
alloca(). The stack-protector operates as intended for statically-sized 
local variables.

The default behavior when the stack-protector 
detects an overflow is to terminate your application, resulting in 
controlled loss of availability. An attacker who can exploit a buffer 
overflow without triggering the stack-protector might be able to change 
program flow control to cause an uncontrolled loss of availability or to
 go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.







------------------------------------------------------------------------
gcc-13.2.0

/nix/store/jmp1awmbs8sjcp7nvv5r050nmmrzmqga-gcc-13.2.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8      

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains 
that target AArch64 allows an attacker to exploit an existing buffer 
overflow in dynamically-sized local variables in your application 
without this being detected. This stack-protector failure only applies 
to C99-style dynamically-sized local variables or those created using 
alloca(). The stack-protector operates as intended for statically-sized 
local variables.

The default behavior when the stack-protector 
detects an overflow is to terminate your application, resulting in 
controlled loss of availability. An attacker who can exploit a buffer 
overflow without triggering the stack-protector might be able to change 
program flow control to cause an uncontrolled loss of availability or to
 go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.







------------------------------------------------------------------------
git-2.42.0

/nix/store/80cd34r522r7j0lncjmd956mml2xi6vf-git-2.42.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8      A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5      Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5      A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5      Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1      Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4      Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3      The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3      A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.

------------------------------------------------------------------------
git-2.44.0

/nix/store/n6ij928gx7850gw79fsmv853jqaizpl1-git-2.44.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8      A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5      Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5      A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5      Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1      Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4      Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3      The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3      A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.

------------------------------------------------------------------------
glibc-2.34-fix.patch?rev=50

/nix/store/0qlkv3jvivllfliyiqgdnn1hpiz2ivac-glibc-2.34-fix.patch?rev=50.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-0687     9.8      A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
https://nvd.nist.gov/vuln/detail/CVE-2023-4911     7.8      A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
https://nvd.nist.gov/vuln/detail/CVE-2021-3998     7.5      A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
https://nvd.nist.gov/vuln/detail/CVE-2023-5156     7.5      A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
https://nvd.nist.gov/vuln/detail/CVE-2023-4527     6.5      A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
https://nvd.nist.gov/vuln/detail/CVE-2023-4813     5.9      A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

------------------------------------------------------------------------
glibc-2.38-44

/nix/store/jd7m66pgl7kmd50hayh48q8i5w51mg3y-glibc-2.38-44.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-4911     7.8      A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
https://nvd.nist.gov/vuln/detail/CVE-2023-6246     7.8      A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
https://nvd.nist.gov/vuln/detail/CVE-2023-5156     7.5      A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
https://nvd.nist.gov/vuln/detail/CVE-2023-6779     7.5      An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
https://nvd.nist.gov/vuln/detail/CVE-2023-4527     6.5      A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
https://nvd.nist.gov/vuln/detail/CVE-2023-6780     5.3      An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

------------------------------------------------------------------------
glibc-2.38-44-source-unsecvars

/nix/store/sjf8mgjx4q49hyfaf5xdsiq2qpsfa229-glibc-2.38-44-source-unsecvars.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-4911     7.8      A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
https://nvd.nist.gov/vuln/detail/CVE-2023-6246     7.8      A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
https://nvd.nist.gov/vuln/detail/CVE-2023-5156     7.5      A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
https://nvd.nist.gov/vuln/detail/CVE-2023-6779     7.5      An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
https://nvd.nist.gov/vuln/detail/CVE-2023-4527     6.5      A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
https://nvd.nist.gov/vuln/detail/CVE-2023-6780     5.3      An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

------------------------------------------------------------------------
go-1.21.0-linux-amd64-bootstrap

/nix/store/gc7683dxq87ab3330s5vgj33qwqrjxfd-go-1.21.0-linux-amd64-bootstrap.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8      The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.
https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1      Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5      Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5      QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.
https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5      A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5      The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1      The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.
https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1      The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8      ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade.

------------------------------------------------------------------------
go-1.21.9

/nix/store/05d60ks7lsdyqh86brq7s7am9dkhzkv6-go-1.21.9.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8      ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade.

------------------------------------------------------------------------
graphviz-9.0.0

/nix/store/bc3riy2f4wdbyylxr9n3n8lnc2y314lv-graphviz-9.0.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-46045    7.8      Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

------------------------------------------------------------------------
grpc-1.59.1

/nix/store/2xnv73nchaksh4mh0h6hdk7l57fncjrx-grpc-1.59.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5      The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

------------------------------------------------------------------------
hedgehog-1.2

/nix/store/qsyhy23cg5wpm89xhyfhk7ivwyim2cyl-hedgehog-1.2.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8      ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in dns-stats hedgehog. It has been rated as problematic. Affected by this issue is the function DSCIOManager::dsc_import_input_from_source of the file src/DSCIOManager.cpp. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 58922c345d3d1fe89bb2020111873a3e07ca93ac. It is recommended to apply a patch to fix this issue. VDB-216746 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: We do assume that the Data Manager server can only be accessed by authorised users. Because of this, we don’t believe this specific attack is possible without such a compromise of the Data Manager server.

------------------------------------------------------------------------
hedgehog-1.2-r1.cabal

/nix/store/svj2pwc2mql5s73g3nwag2r3yhz2ylix-hedgehog-1.2-r1.cabal.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8      ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in dns-stats hedgehog. It has been rated as problematic. Affected by this issue is the function DSCIOManager::dsc_import_input_from_source of the file src/DSCIOManager.cpp. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 58922c345d3d1fe89bb2020111873a3e07ca93ac. It is recommended to apply a patch to fix this issue. VDB-216746 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: We do assume that the Data Manager server can only be accessed by authorised users. Because of this, we don’t believe this specific attack is possible without such a compromise of the Data Manager server.

------------------------------------------------------------------------
http-0.2.11

/nix/store/33scdvy0mz0619d87gxz6068rpknljrb-http-0.2.11.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-35669    6.1      An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request.

------------------------------------------------------------------------
http-client-0.7.15

/nix/store/qz1ra5xj37r35bxlldir262h54p7drhj-http-client-0.7.15.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5      Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect (302) and 3. the redirect url redirects to another domain or hostname Then the authorization header will get passed to the other domain. The problem is fixed in version 1.0.8.

------------------------------------------------------------------------
http2-4.1.4

/nix/store/0pj1dq5b1wkymb2zdj9prlbf926gnmng-http2-4.1.4.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5      The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

------------------------------------------------------------------------
imagemagick-7.1.1-29

/nix/store/dfy15nva8g2s45xqxs688g37nyf3d7aq-imagemagick-7.1.1-29.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-5341     5.5      A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

------------------------------------------------------------------------
jbig2dec-0.20

/nix/store/b8418hj8rjwz2n07vaizjq1bilr39plf-jbig2dec-0.20.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-46361    6.5      Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.

------------------------------------------------------------------------
lapack-3

/nix/store/108f9ih563xp3nl957xl645nyj5sbblk-lapack-3.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-4048     9.1      An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

------------------------------------------------------------------------
lens-5.2.3

/nix/store/60xz1pkhklmcnsh1bqvpkhavblcj58n5-lens-5.2.3.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-44458    9.6      Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
https://nvd.nist.gov/vuln/detail/CVE-2021-23154    7.8      In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.

------------------------------------------------------------------------
lens-5.2.3-r2.cabal

/nix/store/affj20yskl60dy6ny9694c610y2wh6ac-lens-5.2.3-r2.cabal.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-44458    9.6      Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
https://nvd.nist.gov/vuln/detail/CVE-2021-23154    7.8      In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.

------------------------------------------------------------------------
libebml-1.4.4

/nix/store/4bgxh3v6wd8nln4l2s56094bqfsv1nhk-libebml-1.4.4.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-52339    6.5      In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.

------------------------------------------------------------------------
libmemcached-1.0.18

/nix/store/iv005x3dbb8drcdayr3rwbbldjfvn6ls-libmemcached-1.0.18.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5      libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.

------------------------------------------------------------------------
libmpeg2-0.5.1

/nix/store/n2fn07d3zh80ylgnw01pa8v033fia019-libmpeg2-0.5.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-37416    6.5      Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8.

------------------------------------------------------------------------
libraw-0.21.1

/nix/store/kv1mgm95lb1fn450w2v7dgydappy7y8m-libraw-0.21.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-22628    6.5      Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.

------------------------------------------------------------------------
libraw-0.21.2

/nix/store/cxxlxlcsmcxqjld4qv3b1bnrd7ifbqj0-libraw-0.21.2.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-22628    6.5      Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
https://nvd.nist.gov/vuln/detail/CVE-2023-1729     6.5      A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

------------------------------------------------------------------------
libtiff-4.6.0

/nix/store/w96vx1c2y7sgsgd9r9r2m3cvc3il6jd3-libtiff-4.6.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-52355    7.5      An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.

------------------------------------------------------------------------
linux-pam-1.5.2

/nix/store/625jsxfpi19ba56h7lzaqd1jkd9m4pi9-linux-pam-1.5.2.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-28321    9.8      The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.
https://nvd.nist.gov/vuln/detail/CVE-2024-22365    5.5      linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

------------------------------------------------------------------------
lodepng-3.9.1

/nix/store/qak1lssnrhpd9wzgsj4n1xwhxsmx0ag0-lodepng-3.9.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5      HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

------------------------------------------------------------------------
lua-5.2.4

/nix/store/qg4rjx6wkm6xm8srma71997a5rf78g32-lua-5.2.4.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-43519    5.5      Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

------------------------------------------------------------------------
mercurial-6.5.2

/nix/store/grrihasbdvzj9xywk92dsmvgk87wb4fb-mercurial-6.5.2.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-43410    5.3      Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.

------------------------------------------------------------------------
merge-0.1.0

/nix/store/gn14va6z4g7ijx0sqxhhiafhwljrzcbz-merge-0.1.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-28499    9.8      All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
https://nvd.nist.gov/vuln/detail/CVE-2021-3645     9.8      merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

------------------------------------------------------------------------
moby-24.0.5

/nix/store/jdq9dbq09wkxi1xhla60mr7ybhv3m5gn-moby-24.0.5.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2024-24557    7.8      Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.

------------------------------------------------------------------------
mono-6.12.0.182

/nix/store/p01hly5kfcjcb4dahfjhvppmfpv1wbwl-mono-6.12.0.182.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-35373    5.3      Mono Authenticode Validation Spoofing Vulnerability

------------------------------------------------------------------------
network-3.1.4.0

/nix/store/6di2w7w2jpjh3l8rc62ksbjcs5wvynya-network-3.1.4.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8      Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8      Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8      Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8      Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8      Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8      Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8      Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8      Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8      Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8      Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8      Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8      Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5      User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions.

------------------------------------------------------------------------
network-3.1.4.0-r1.cabal

/nix/store/jgkadyzwh0096am9krq7qcnjpwgfl8qv-network-3.1.4.0-r1.cabal.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8      Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8      Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8      Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8      Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8      Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8      Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8      Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8      Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8      Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8      Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8      Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8      Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5      User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions.

------------------------------------------------------------------------
ninja-1.11.1

/nix/store/2v7h8a2ny3xzb0l1yhr2a7mfpkdz15k5-ninja-1.11.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8      A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084.

------------------------------------------------------------------------
ninja-1.11.1

/nix/store/jf77kyxgyzhn8schssylzl6pwyayjhl5-ninja-1.11.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8      A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084.

------------------------------------------------------------------------
openexr-2.5.8

/nix/store/7l5np6br4nq86gkay5f9aiz18pnk616h-openexr-2.5.8.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-5841     9.1      Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

https://nvd.nist.gov/vuln/detail/CVE-2021-23169    8.8      A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
https://nvd.nist.gov/vuln/detail/CVE-2021-3598     5.5      There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
https://nvd.nist.gov/vuln/detail/CVE-2021-3605     5.5      There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
https://nvd.nist.gov/vuln/detail/CVE-2021-23215    5.5      An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
https://nvd.nist.gov/vuln/detail/CVE-2021-26260    5.5      An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
https://nvd.nist.gov/vuln/detail/CVE-2021-26945    5.5      An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

------------------------------------------------------------------------
openvpn-2.5.8

/nix/store/vlbjn9m6ccv65j0k12pjdjp8asnkpv97-openvpn-2.5.8.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-27569    7.5      Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.

------------------------------------------------------------------------
pandoc-3.0.1

/nix/store/g0hvxkgmi9ypj8k4gv4cf5g8fmyi8b24-pandoc-3.0.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-38745    6.3      Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names).
https://nvd.nist.gov/vuln/detail/CVE-2023-35936    5.0      Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `--extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `--extract-media` option.

The fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension.  Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `--sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `--extract-media` option.


------------------------------------------------------------------------
patch-2.7.6

/nix/store/z0kw7pv9rn944f49a6v0qp57qxk5rrp8-patch-2.7.6.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2019-20633    5.5      GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.

------------------------------------------------------------------------
polkit-1.pam

/nix/store/gianm213inpgqyvyj75g3r7k81k9wlkd-polkit-1.pam.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-4034     7.8      A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

------------------------------------------------------------------------
qemu-8.1.5

/nix/store/kjwbnp4ixmgd2bld7qhz6rpksla212p5-qemu-8.1.5.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-5088     7.0      A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
https://nvd.nist.gov/vuln/detail/CVE-2023-3019     6.5      A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
https://nvd.nist.gov/vuln/detail/CVE-2023-6693     5.3      A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.

------------------------------------------------------------------------
quote-1.0.7

/nix/store/5wivcrkmcngjzfhb7p63p508h65g3piw-quote-1.0.7.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3      An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.

------------------------------------------------------------------------
quote-1.0.26

/nix/store/wxc3jm3ndy0qmdx45xr9ygfkzk4p83h2-quote-1.0.26.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3      An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.

------------------------------------------------------------------------
quote-1.0.32

/nix/store/fqmb2ncjdnx01sg96a4kyj0j1hca0q5m-quote-1.0.32.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3      An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.

------------------------------------------------------------------------
quote-1.0.33

/nix/store/rp0wlxbkzy91nzvmrryqjh3w0nfscav4-quote-1.0.33.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3      An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.

------------------------------------------------------------------------
quote-1.0.35

/nix/store/173rr94s0zri17jxkqywyzl99hdbpszp-quote-1.0.35.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3      An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.

------------------------------------------------------------------------
rubygems-3.4.22

/nix/store/y0ggzrxrmp1yqnbmxplmh8b0150h3ffz-rubygems-3.4.22.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8      RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that account, and when a legitimate user attempts to create an account with their email (and has to reset password to gain access) and is granted access to other gems, the attacker would then be able to publish and yank versions of those gems. Commit number 90c9e6aac2d91518b479c51d48275c57de492d4d contains a patch for this issue.

------------------------------------------------------------------------
safe-0.3.19

/nix/store/dgli8wl98qrspqcydz6scrfhh194zgx7-safe-0.3.19.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8      A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop.
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8      In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5      WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 3 of 5).
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4      F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack.
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3      A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction.
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3      A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack.
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3      An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar.
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3      An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site.
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3      A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number.
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3      A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails.
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3      A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1      Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5      An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack.
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5      A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack.
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5      A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.

------------------------------------------------------------------------
samba-4.19.2

/nix/store/58j5lbaf3y2dya8hjfs25bwdylkzvxpz-samba-4.19.2.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-37966    8.1      Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-38023    8.1      Netlogon RPC Elevation of Privilege Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-32743    7.5      Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
https://nvd.nist.gov/vuln/detail/CVE-2022-37967    7.2      Windows Kerberos Elevation of Privilege Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2021-3670     6.5      MaxQueryDuration not honoured in Samba AD DC LDAP
https://nvd.nist.gov/vuln/detail/CVE-2022-1615     5.5      In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.

------------------------------------------------------------------------
sassc-3.6.2

/nix/store/fcxc5bgbrp84qayfx26hydfd6zd5k0l8-sassc-3.6.2.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-43357    7.5      Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.

------------------------------------------------------------------------
shellcheck-0.9.0

/nix/store/8i9hip6121va2g0f8dq4mylfybsdph5d-shellcheck-0.9.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8      The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath.

------------------------------------------------------------------------
snappy-1.1.10

/nix/store/d3n2hhmiqy0h5cvibqf4mwrdqkq857px-snappy-1.1.10.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-28115    9.8      Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when snappy is used with frameworks with documented POP chains like Laravel/Symfony vulnerable developer code. If a user can control the output file from the `generateFromHtml()` function, it will invoke deserialization. This vulnerability is capable of remote code execution if Snappy is used with frameworks or developer code with vulnerable POP chains. It has been fixed in version 1.4.2.
https://nvd.nist.gov/vuln/detail/CVE-2023-41330    9.8      knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page.
## Issue

On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to resolve this CVE, however if the user is able to control the second parameter of the `generateFromHtml()` function of Snappy, it will then be passed as the `$filename` parameter in the `prepareOutput()` function. In the original vulnerability, a file name with a `phar://` wrapper could be sent to the `fileExists()` function, equivalent to the `file_exists()` PHP function. This allowed users to trigger a deserialization on arbitrary PHAR files. To fix this issue, the string is now passed to the `strpos()` function and if it starts with `phar://`, an exception is raised. However, PHP wrappers being case insensitive, this patch can be bypassed using `PHAR://` instead of `phar://`. A successful exploitation of this vulnerability allows executing arbitrary code and accessing the underlying filesystem. The attacker must be able to upload a file and the server must be running a PHP version prior to 8. This issue has been addressed in commit `d3b742d61a` which has been included in version 1.4.3. Users are advised to upgrade. Users unable to upgrade should ensure that only trusted users may submit data to the `AbstractGenerator->generate(...)` function.


------------------------------------------------------------------------
strongswan-5.9.11

/nix/store/zkm1gnxa2jhhsbj6d2h2b9r2p870lcjv-strongswan-5.9.11.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-41913    9.8      strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

------------------------------------------------------------------------
tap-1.0.1

/nix/store/9kl2mmsgf4lzsssz6q18cmzakq2285qz-tap-1.0.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-41940    5.4      Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.

------------------------------------------------------------------------
tokio-1.9.0

/nix/store/nmwryz5dfd1s0wdfxpblqpkmlirwz4jz-tokio-1.9.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-45710    8.1      An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.
https://nvd.nist.gov/vuln/detail/CVE-2023-22466    5.4      Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously configured `reject_remote_clients` to `true`, this effectively undoes the configuration. Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publicly shared folder (SMB). Versions 1.23.1, 1.20.3, and 1.18.4 have been patched. The fix will also be present in all releases starting from version 1.24.0. Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected. As a workaround, ensure that `pipe_mode` is set first after initializing a `ServerOptions`.

------------------------------------------------------------------------
unzip-6.0

/nix/store/ggil5am4zk9gfgz3kafqh2knf1b41w6j-unzip-6.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3      A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

------------------------------------------------------------------------
usrsctp-0.9.5.0

/nix/store/43d9j16shjr2z18kl7bfay359z4i6g27-usrsctp-0.9.5.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2019-20503    6.5      usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/yv7krhmxmm5a309ipf62kkwdfsyrxl4c-vault-0.3.1.5.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1      HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5      HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5      HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5      HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.

Fixed in Vault 1.15.4, 1.14.8, 1.13.12.


https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7      HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.

This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5      HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4      HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4      Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3      HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3      HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3      HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3      HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7      HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

------------------------------------------------------------------------
vault-0.3.1.5-r5.cabal

/nix/store/85yin5q6f28ih6rkrzvb91d2884340vf-vault-0.3.1.5-r5.cabal.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1      HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5      HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5      HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5      HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.

Fixed in Vault 1.15.4, 1.14.8, 1.13.12.


https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7      HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.

This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5      HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4      HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4      Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3      HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3      HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3      HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3      HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7      HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

------------------------------------------------------------------------
vim-9.0.2116

/nix/store/lhm8b3dki767drwksb2vc3aff5bdzynz-vim-9.0.2116.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2024-22667    7.8      Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.
https://nvd.nist.gov/vuln/detail/CVE-2023-48706    4.7      Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.

------------------------------------------------------------------------
warp-3.3.25

/nix/store/hm40651algd1mlg2sbmylnx3mnmd518s-warp-3.3.25.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8      It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. 






https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8      Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.


https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0      support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients).

https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8      Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8      By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.
https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8      Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files.
As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.



https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8      An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user).

After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of this MSI.

ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation.

PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems.





https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3      Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials.


https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8      The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.



https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5      Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.


https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5      Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.
https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7      Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.



------------------------------------------------------------------------
warp-3.3.25-r1.cabal

/nix/store/2jh7p6iv5q5z3jghrr89p4wgy1f6dwv6-warp-3.3.25-r1.cabal.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8      It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. 






https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8      Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.


https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0      support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients).

https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8      Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8      By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.
https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8      Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files.
As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.



https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8      An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user).

After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of this MSI.

ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation.

PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems.





https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3      Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials.


https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8      The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.



https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5      Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.


https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5      Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.
https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7      Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.



------------------------------------------------------------------------
yaml-0.11.11.2

/nix/store/49c39hdib35815qggxcc7sxaxcmq705g-yaml-0.11.11.2.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5      Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5      Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

------------------------------------------------------------------------
yaml-0.11.11.2-r2.cabal

/nix/store/wx30m43d5h8w1r3aknglg8pfmw661lvs-yaml-0.11.11.2-r2.cabal.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5      Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5      Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

------------------------------------------------------------------------
yasm-1.3.0

/nix/store/mnx95r71ngbxhya6vq9c44rl7x542q7a-yasm-1.3.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5      An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5      An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5      An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5      An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5      An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5      An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5      An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5      An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5      An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5      An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5      An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5      An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5      An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5      An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5      An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5      YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re.
https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5      yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5      yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5      yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c.
https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5      A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.
https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3      yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/cl38v3qgdwjablaczyj8jyj4nq8bxibw-zlib-0.6.3.0.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8      zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8      MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5      Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit  8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.


------------------------------------------------------------------------
zlib-0.6.3.0-r4.cabal

/nix/store/psjwd4m5ycj606926k2wafzfhk6484v4-zlib-0.6.3.0-r4.cabal.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8      zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8      MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5      Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit  8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.


------------------------------------------------------------------------
zlib-1.3

/nix/store/kgvlg82fisfh14c4xpvihx2hkghi0k9y-zlib-1.3.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8      MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5      Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit  8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.


------------------------------------------------------------------------
zlib-1.3.1

/nix/store/k9xhv9dia871b78v0qka4ccfng2f9llx-zlib-1.3.1.drv
CVE                                                CVSSv3   Description
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5      Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit  8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.