434 matches found
Nix 安全漏洞
Nix is a powerful package manager from the Nix open source. It is used for making packages. A security vulnerability exists in Nix versions 2.24.0 through 2.24.5, which stems from a vulnerability that allows an alternate or malicious user to craft a NAR, resulting in the right to access arbitrary...
CVE-2024-45845
...
CVE-2024-45845
...
编号撤回
Nix is a powerful package manager from the Nix open source. It is used for making packages. This CVE number has been withdrawn...
RPC Denial of Service targeting *nix rpcbind/libtirpc
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RPC DoS targeting nix rpcbind/libtirpc', 'Description' = %q This module exploits a vulnerability in certain versions of rpcbind, LIBTIRPC, and...
CVE-2024-45049
CVE-2024-45049 affects Hydra, a CI service for Nix-based projects. The issue allows triggering evaluations without authentication, with potential impact to system availability depending on evaluation size. The advisory provides a fix: apply the commit f73043378907c2c7e44f633ad764c8bdd1c947d5 to H...
CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...
CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...
PT-2024-31400 · Nixos · Hydra
Name of the Vulnerable Software and Affected Versions: Hydra affected versions not specified Description: Hydra is a Continuous Integration service for Nix-based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can...
Hydra 安全漏洞
Hydra is a Nix open source continuous integration service based on the Nix project. A security vulnerability exists in Hydra that stems from an evaluation that can be triggered in Hydra without any authentication...
Calamares Branding and Modules for NixOS 安全漏洞
Calamares Branding and Modules for NixOS is an open source module for NixOS. A security vulnerability exists in Calamares Branding and Modules for NixOS prior to version 0.3.17, which stems from a manual disk partition creation setting in the graphical installer, where the LUKS disk encryption ke...
CVE-2024-38531
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...
CVE-2024-38531
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...
DEBIAN-CVE-2024-38531
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...
CVE-2024-38531
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...
UBUNTU-CVE-2024-38531
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...
CVE-2024-38531 Nix sandbox escape
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...
CVE-2024-38531
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...
CVE-2024-38531 Nix sandbox escape
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...
CVE-2024-38531
CVE-2024-38531 affects the Nix package manager. A build process can access and modify the permissions of the build directory, and after a setuid binary is created in a globally accessible location, a local attacker could assume the permissions of a Nix daemon worker and hijack all future builds. ...