Lucene search
+L

275 matches found

nessus
nessus
added 2025/08/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-46416

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account e.g., nixbld or...

2.9CVSS5.9AI score0.00157EPSS
Exploits0References3
nessus
nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-46415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28....

3.2CVSS5.9AI score0.00118EPSS
Exploits0References3
nessus
nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-27851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability that can lead to local privilege escalation has been found in 'guix-daemon'. It affects multi-user setups in which 'guix-daemon' runs...

5.5CVSS5.5AI score0.00334EPSS
Exploits0References2
nessus
nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-52993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld ...

5.6CVSS5.4AI score0.00115EPSS
Exploits0References3
nessus
nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-52867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for...

8.1CVSS6.1AI score0.00228EPSS
Exploits0References2
nessus
nessus
added 2025/08/18 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2025-52991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users...

3.2CVSS5.4AI score0.00144EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2025/07/02 12:0 a.m.16 views

The vulnerability of the guix-daemon package manager in Nix, Lix, and Guix allows a hacker to increase their privileges.

The vulnerability of the guix-daemon package manager in Nix, Lix, and Guix is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

2.9CVSS5.5AI score0.00157EPSS
Exploits0References6Affected Software3
bdu_fstec
bdu_fstec
added 2025/07/02 12:0 a.m.11 views

The vulnerability of the Nix, Lix, and Guix package managers lies in their lack of access control mechanisms, allowing attackers to gain read and write access to data.

The vulnerability of the Nix, Lix, and Guix package managers is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain read and write access to data...

3.2CVSS5.5AI score0.00144EPSS
Exploits0References6Affected Software3
bdu_fstec
bdu_fstec
added 2025/07/02 12:0 a.m.7 views

The vulnerability of the Nix, Lix, and Guix package managers lies in the improper assignment of permissions to critical resources, allowing attackers to gain read and write access to data.

The vulnerability of the Nix, Lix, and Guix package managers is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability can allow an attacker to gain access to read and modify data...

3.2CVSS5.5AI score0.00144EPSS
Exploits0References6Affected Software3
bdu_fstec
bdu_fstec
added 2025/07/02 12:0 a.m.9 views

The vulnerability of the unlinkat() function in package managers Nix, Lix, and Guix allows attackers to increase their privileges.

The vulnerability of the unlinkat function in Nix, Lix, and Guix is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to increase their privileges...

3.2CVSS5.5AI score0.00118EPSS
Exploits0References6Affected Software3
redhatcve
redhatcve
added 2025/06/29 12:6 a.m.9 views

CVE-2025-52993

A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld or guixbuild. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before...

5.6CVSS6.6AI score0.00115EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/06/29 12:6 a.m.11 views

CVE-2025-52991

The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data...

3.2CVSS6.4AI score0.00144EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/06/29 12:6 a.m.9 views

CVE-2025-52992

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...

3.2CVSS6.5AI score0.00144EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/06/29 12:6 a.m.9 views

CVE-2025-46415

A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b...

3.2CVSS6.5AI score0.00118EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/06/29 12:5 a.m.8 views

CVE-2025-46416

The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account e.g., nixbld or guixbuild. This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before...

2.9CVSS6.4AI score0.00157EPSS
Exploits0References1
nvd
nvd
added 2025/06/27 2:15 p.m.9 views

CVE-2025-52993

A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld or guixbuild. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before...

5.6CVSS0.00115EPSS
Exploits0References6
osv
osv
added 2025/06/27 2:15 p.m.7 views

CVE-2025-52993

A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld or guixbuild. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before...

5.6CVSS7.2AI score0.00115EPSS
Exploits0References6
osv
osv
added 2025/06/27 2:15 p.m.4 views

DEBIAN-CVE-2025-52993

A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld or guixbuild. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before...

5.6CVSS5.5AI score0.00115EPSS
Exploits0References1
nvd
nvd
added 2025/06/27 2:15 p.m.6 views

CVE-2025-52992

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...

3.2CVSS0.00144EPSS
Exploits0References6
alpinelinux
alpinelinux
added 2025/06/27 2:15 p.m.4 views

CVE-2025-52991

The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data...

3.2CVSS7.2AI score0.00144EPSS
Exploits0References6
Rows per page
Query Builder