79 matches found
CVE-2025-32438 Local privilege escalation in make-initrd-ng
make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled the default a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 a...
CVE-2025-32438
CVE-2025-32438 affects make-initrd-ng used on NixOS. A local user can escalate privileges by exploiting shutdown behavior when systemd.shutdownRamfs.enable is on (default). A program created by a low-privilege user can be executed by root during system shutdown, enabling total impact on confident...
PT-2025-16395 · Nixos · Nixos
Name of the Vulnerable Software and Affected Versions: NixOS versions prior to 24.11 and 25.05 Description: The issue is a local privilege escalation affecting all NixOS users, where a local user can create a program to be executed by root during shutdown when systemd.shutdownRamfs.enable is...
CVE-2024-43378
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitio...
CVE-2024-45049
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...
CVE-2024-43378
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitio...
CVE-2024-43378 calamares-nixos-extensions LUKS keyfile exposure regression on legacy BIOS systems
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitio...
CVE-2024-43378 calamares-nixos-extensions LUKS keyfile exposure regression on legacy BIOS systems
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitio...
CVE-2024-43378
CVE-2024-43378 concerns calamares-nixos-extensions prior to version 0.3.17, where the installer’s legacy BIOS flow could leave the LUKS keyfile in plaintext in /crypto_keyfile.bin or in a CPIO archive attached to the NixOS initrd for partitions containing / or /boot. Red Hat and CVE records summa...
CVE-2024-43378 calamares-nixos-extensions LUKS keyfile exposure regression on legacy BIOS systems
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitio...
PT-2024-30540 · Unknown · Calamares-Nixos-Extensions
Name of the Vulnerable Software and Affected Versions: calamares-nixos-extensions versions prior to 0.3.17 Description: The issue affects users who installed NixOS through the graphical installer using manual disk partitioning, where the system boots via legacy BIOS, some disk partitions are...
CVE-2024-32657
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
CVE-2024-32657
CVE-2024-32657 affects Hydra, the CI service for Nix-based projects. The vulnerability arises from a feature that lets Nix builds specify files served to clients, with HTML build artifacts being exploitable in the browser context and capable of triggering arbitrary code execution when viewed. Imp...
NixOS Hydra 安全漏洞
NixOS Hydra is a continuous integration service based on the Nix project. A security vulnerability exists in NixOS Hydra 8b4857959357862d3e25c9783c85c6fdf129741c and prior versions, which stems from the presence of a cross-site scripting XSS vulnerability. The vulnerability can be exploited by an...
CVE-2023-36476
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted /boot, on either non-UEFI systems or with a LU...
Code injection
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted /boot, on either non-UEFI systems or with a LU...
CVE-2023-36476 `calamares-nixos-extensions` LUKS keyfile exposure
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted /boot, on either non-UEFI systems or with a LU...