434 matches found
CVE-2024-38531 Nix sandbox escape
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...
Nix Security Vulnerabilities
Nix is a powerful package manager from the Nix open source. It is used for making packages. A security vulnerability exists in Nix version 2.23 and earlier. An attacker can escalate privileges by exploiting the vulnerability...
PT-2024-28057 · Nix +3 · Nix +3
Name of the Vulnerable Software and Affected Versions: Nix versions prior to 2.23.1 Nix versions prior to 2.22.2 Nix versions prior to 2.21.3 Nix versions prior to 2.20.7 Nix versions prior to 2.19.5 Nix versions prior to 2.18.4 Description: Nix is a package manager for Linux and other Unix syste...
DEBIAN-CVE-2021-47484
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix possible null pointer dereference. This patch fixes possible null pointer dereference in files "rvudebugfs.c" and "rvunix.c"...
UBUNTU-CVE-2021-47484
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix possible null pointer dereference. This patch fixes possible null pointer dereference in files "rvudebugfs.c" and "rvunix.c"...
CVE-2024-36050
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...
DEBIAN-CVE-2024-36050
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...
CVE-2024-36050
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...
CVE-2024-36050
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...
UBUNTU-CVE-2024-36050
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...
CVE-2024-36050
CVE-2024-36050 affects Nix up to version 2.22.1, where mishandling of hash caches enables an attacker to substitute attacker-controlled source code by luring a maintainer into accepting a malicious pull request. The available data specify a MEDIUM severity (CVSS 3.1 base score 4.3) with no disclo...
CVE-2024-36050
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...
CVE-2024-36050
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...
CVE-2024-36050
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...
PT-2024-26864 · Nix +1 · Nix +1
Name of the Vulnerable Software and Affected Versions: Nix versions prior to 2.22.1 Description: The issue makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request. This is due to the mishandli...
Nix 安全漏洞
Nix is a powerful package manager from the Nix open source. It is used for making packages. A security vulnerability exists in Nix 2.22.1 and earlier versions that stems from mishandling certain uses of the hash cache, making it easier for an attacker to replace current source code with...
Debian dsa-5669 : guix - security update
The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5669 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5669-1...
CVE-2024-32657
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
CVE-2024-32657
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...