Filtered by vendor Nixos
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36476 | 1 Nixos | 1 Calamares-nixos-extensions | 2024-11-21 | N/A | 7.9 HIGH |
| calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves. | |||||
| CVE-2019-17365 | 1 Nixos | 1 Nix | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. | |||||
| CVE-2017-7412 | 1 Nixos | 1 Nixos | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands. | |||||
| CVE-2024-45593 | 1 Nixos | 1 Nix | 2024-09-20 | N/A | 8.8 HIGH |
| Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6. | |||||