9 matches found
EUVD-2024-42296
Malicious code in bioql PyPI...
CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
PT-2024-34646 · Nix · Nix
Name of the Vulnerable Software and Affected Versions: Nix versions prior to 2.18.9 Nix versions prior to 2.19.7 Nix versions prior to 2.20.9 Nix versions prior to 2.21.5 Nix versions prior to 2.22.4 Nix versions prior to 2.23.4 Nix versions prior to 2.24.10 Description: The issue concerns the Ni...
CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
DEBIAN-CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
UBUNTU-CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174
CVE-2024-47174 affects Nix’s fetchurl/builtin:fetchurl in versions 1.11 through before 2.18.8 and 2.24.8, where TLS certificates were not verified on HTTPS, risking leakage of full URLs and credentials (e.g., from netrc) under MITM. TOFU-style hash misupdates could also be abused. Affected compon...
Nix 授权问题漏洞
Nix is a powerful package manager from the Nix open source. It is used for making packages. An authorization issue vulnerability exists in Nix from version 1.11 until version 2.24.8, which stems from the fact that nix/fetchurl.nix does not validate TLS certificates on HTTPS requests, resulting in...