Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Nixos Security Vulnerabilities

cve
cve

CVE-2017-11501

NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verifica...

5.9CVSS

5.8AI Score

0.002EPSS

2017-07-20 11:29 PM
20
cve
cve

CVE-2017-7412

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.

7.8CVSS

7.6AI Score

0.0004EPSS

2017-04-04 12:59 AM
28
4
cve
cve

CVE-2024-32657

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is servin...

4.6CVSS

7AI Score

0.0004EPSS

2024-04-22 11:15 PM
33