Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

434 matches found

Cvelist
Cvelistadded 2024/04/22 10:24 p.m.13 views

CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

4.6CVSS5.4AI score0.00627EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2024/04/22 10:24 p.m.12 views

CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

4.6CVSS7.3AI score0.00627EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2024/04/22 12:0 a.m.3 views

PT-2024-24749 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to the fix commit applied around 2024-04-21 14:30 UTC Description: Hydra, a Continuous Integration service for Nix-based projects, has an issue that allows attackers to execute arbitrary code in the browser context and...

4.6CVSS7.5AI score0.00627EPSS
Exploits0References8
BDU FSTEC
BDU FSTECadded 2024/04/06 12:0 a.m.1 views

The vulnerability of the Nix package manager in Unix operating systems, related to synchronization errors when using shared resources, allows a perpetrator to modify the output of package processes in the Nix store.

The vulnerability of the Nix package manager in Unix operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to modify the output of package processes in the Nix store...

6.3CVSS6.6AI score0.00062EPSS
Exploits1References5Affected Software2
Veracode
Veracodeadded 2024/03/20 4:46 p.m.18 views

Improper Check For Unusual Or Exceptional Conditions

Nix is vulnerable to a Improper Check for Unusual or Exceptional Conditions which can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation through Unix domain sockets in the abstract namespace. This allows the modification of th...

6.3CVSS6.7AI score0.00062EPSS
Exploits1References5Affected Software2
OSV
OSVadded 2024/03/11 10:15 p.m.3 views

DEBIAN-CVE-2024-27297

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

6.3CVSS6.2AI score0.00062EPSS
Exploits1References1
NVD
NVDadded 2024/03/11 10:15 p.m.11 views

CVE-2024-27297

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

6.3CVSS6.2AI score0.00062EPSS
Exploits1References4
Prion
Prionadded 2024/03/11 10:15 p.m.29 views

Design/Logic Flaw

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

4.1CVSS6.2AI score0.00062EPSS
Exploits1References3
OSV
OSVadded 2024/03/11 10:15 p.m.0 views

UBUNTU-CVE-2024-27297

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

6.3CVSS5.8AI score0.00062EPSS
Exploits1References8
UbuntuCve
UbuntuCveadded 2024/03/11 10:15 p.m.20 views

CVE-2024-27297

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

6.3CVSS6.4AI score0.00062EPSS
Exploits1References7
OSV
OSVadded 2024/03/11 9:24 p.m.17 views

CVE-2024-27297 Nix Corruption of fixed-output derivations

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

6.3CVSS6.2AI score0.00062EPSS
Exploits1References6
Cvelist
Cvelistadded 2024/03/11 9:24 p.m.15 views

CVE-2024-27297 Nix Corruption of fixed-output derivations

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

6.3CVSS6.4AI score0.00062EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2024/03/11 9:24 p.m.20 views

CVE-2024-27297

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

6.3CVSS6.2AI score0.00062EPSS
Exploits1
Vulnrichment
Vulnrichmentadded 2024/03/11 9:24 p.m.17 views

CVE-2024-27297 Nix Corruption of fixed-output derivations

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

6.3CVSS6.5AI score0.00062EPSS
Exploits1References3
CVE
CVEadded 2024/03/11 9:24 p.m.99 views

CVE-2024-27297

CVE-2024-27297 affects Nix: fixed-output derivations on Linux can have their output modified by another process via Unix domain sockets in the abstract namespace, after Nix has registered the path as valid in the store. Affected Nix versions have been addressed in 2.3.18, 2.18.2, 2.19.4, and 2.20...

6.3CVSS6.1AI score0.00062EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinuxadded 2024/03/11 9:24 p.m.27 views

CVE-2024-27297

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

6.3CVSS6.2AI score0.00062EPSS
Exploits1
CNNVD
CNNVDadded 2024/03/11 12:0 a.m.4 views

Nix Security Vulnerabilities

Nix is a powerful package manager from Nix open source. It is used for making packages. A security vulnerability exists in Nix 2.20.3 and earlier versions, which stems from the fact that a fixed-output derivation on Linux can send a file descriptor from Nix storage to another program running on t...

6.3CVSS6.7AI score0.00062EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2024/03/07 12:0 a.m.3 views

PT-2024-2626

Name of the Vulnerable Software and Affected Versions Nix versions prior to 2.3.18 Nix versions prior to 2.18.2 Nix versions prior to 2.19.4 Nix versions prior to 2.20.5 Description The issue is related to errors in synchronization when using a shared resource in the Nix package manager for Unix...

9CVSS6.7AI score0.00449EPSS
Exploits1References27
Packet Storm
Packet Stormadded 2024/01/24 12:0 a.m.299 views

Saltstack Minion Payload Deployer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Saltstack Minion Payload Deployer', 'Description' = %q This exploit module uses saltstack salt to deploy a payload and run it on all targets whic...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/01/24 12:0 a.m.306 views

Saltstack Minion Payload Deployer Exploit

This Metasploit exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. This module requires Metasploit: https://metasploit.com/download Current source:...

7.4AI score
Exploits0
Rows per page
Query Builder