Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: pantheon.pantheon-agent-polkit

Found 4 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-4897
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 days, 11 hours ago
Polkit: polkit: denial of service via unbounded input processing through standard input

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

References

Affected products

rhcos
polkit

Matching in nixpkgs

pkgs.polkit

Toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes

Untriaged
Permalink CVE-2025-7519
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

References

Affected products

rhcos
polkit
  • =<126

Matching in nixpkgs

pkgs.polkit

Toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes

  • nixos-unstable -

pkgs.cmd-polkit

Easily create polkit authentication agents by using commands

  • nixos-unstable -

pkgs.polkit_gnome

Dbus session bus service that is used to bring up authentication dialogs

  • nixos-unstable -
Untriaged
Permalink CVE-2025-4432
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months, 1 week ago
Ring: some aes functions may panic when overflow checking is enabled in ring

A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received.

References

Affected products

gjs
ring
  • <0.17.12
rust
polkit
firefox
snpguest
rpm-ostree
thunderbird
python-maturin
kata-containers
python3.12-maturin
rhtas/tuffer-rhel9
rhtas/tuftool-rhel9
firefox:flatpak/firefox
trustee-guest-components
thunderbird:flatpak/thunderbird
rhtpa/rhtpa-trustification-service-rhel9

Matching in nixpkgs

pkgs.gjs

JavaScript bindings for GNOME

  • nixos-unstable -

pkgs.irust

Cross Platform Rust Repl

  • nixos-unstable -

pkgs.mrustc

Mutabah's Rust Compiler

  • nixos-unstable -

pkgs.polkit

Toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes

  • nixos-unstable -

pkgs.rustup

Rust toolchain installer

  • nixos-unstable -

pkgs.rustus

TUS protocol implementation in Rust

  • nixos-unstable -

pkgs.rustcat

Port listener and reverse shell

  • nixos-unstable -

pkgs.rustfmt

Tool for formatting Rust code according to style guidelines

  • nixos-unstable -

pkgs.rustdesk

Virtual / remote desktop infrastructure for everyone! Open source TeamViewer / Citrix alternative

  • nixos-unstable -

pkgs.rustical

Yet another calendar server aiming to be simple, fast and passwordless

  • nixos-unstable -

pkgs.rustscan

Faster Nmap Scanning with Rust

  • nixos-unstable -

pkgs.rustycli

Access the rust playground right in terminal

  • nixos-unstable -

pkgs.snpguest

CLI tool for interacting with SEV-SNP guest environment

  • nixos-unstable -

pkgs.svd2rust

Generate Rust register maps (`struct`s) from SVD files

  • nixos-unstable -

pkgs.hath-rust

Unofficial Hentai@Home client written in Rust

  • nixos-unstable -

pkgs.rust-motd

Beautiful, useful MOTD generation with zero runtime dependencies

  • nixos-unstable -

pkgs.rustdress

Self-hosted Lightning Address Server

  • nixos-unstable -

pkgs.rusti-cal

Minimal command line calendar, similar to cal

  • nixos-unstable -

pkgs.rustic-rs

Fast, encrypted, deduplicated backups powered by pure Rust

  • nixos-unstable -

pkgs.rustlings

Explore the Rust programming language and learn more about it while doing exercises

  • nixos-unstable -

pkgs.rusty-man

Command-line viewer for documentation generated by rustdoc

  • nixos-unstable -

pkgs.rusty-psn

Simple tool to grab updates for PS3 games, directly from Sony's servers using their updates API

  • nixos-unstable -

pkgs.rustywind

CLI for organizing Tailwind CSS classes

  • nixos-unstable -

pkgs.xulrunner

Web browser built from Firefox source tree

pkgs.cmd-polkit

Easily create polkit authentication agents by using commands

  • nixos-unstable -

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

  • nixos-unstable -

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

  • nixos-unstable -

pkgs.rustfinity

CLI for Rustfinity challenges solving

  • nixos-unstable -

pkgs.rustpython

Python 3 interpreter in written Rust

  • nixos-unstable -

pkgs.rusty-bash

Bash written with Rust, a.k.a. sushi shell

  • nixos-unstable -

pkgs.rustypaste

Minimal file upload/pastebin service

  • nixos-unstable -

pkgs.slowlorust

Lightweight slowloris (HTTP DoS) tool

  • nixos-unstable -

pkgs.trustymail

Tool to scan domains and return data based on trustworthy email best practices

  • nixos-unstable -

pkgs.uncrustify

Source code beautifier for C, C++, C#, ObjectiveC, D, Java, Pawn and VALA

  • nixos-unstable -

pkgs.ff2mpv-rust

Native messaging host for ff2mpv written in Rust

  • nixos-unstable -

pkgs.rust-script

Run Rust files and expressions as scripts without any setup or compilation step

  • nixos-unstable -

pkgs.rustmission

TUI for the Transmission daemon

  • nixos-unstable -

pkgs.polkit_gnome

Dbus session bus service that is used to bring up authentication dialogs

  • nixos-unstable -

pkgs.rust-bindgen

Automatically generates Rust FFI bindings to C (and some C++) libraries

  • nixos-unstable -

pkgs.rust-petname

Generate human readable random names

  • nixos-unstable -

pkgs.rustc-wasm32

Safe, concurrent, practical language (wrapper script)

  • nixos-unstable -

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

  • nixos-unstable -

pkgs.i3status-rust

Very resource-friendly and feature-rich replacement for i3status

  • nixos-unstable -

pkgs.rust-cbindgen

Project for generating C bindings from Rust code

  • nixos-unstable -

pkgs.rust-parallel

Rust shell tool to run commands in parallel with a similar interface to GNU parallel

  • nixos-unstable -

pkgs.rustls-libssl

Partial reimplementation of the OpenSSL 3 libssl ABI using rustls

  • nixos-unstable -

pkgs.rusty-psn-gui

Simple tool to grab updates for PS3 games, directly from Sony's servers using their updates API

  • nixos-unstable -

pkgs.starlark-rust

Rust implementation of the Starlark language

  • nixos-unstable -

pkgs.svd2rust-form

Library for splitting apart a large file with multiple modules into the idiomatic rust directory structure

  • nixos-unstable -

pkgs.aw-server-rust

High-performance implementation of the ActivityWatch server, written in Rust

  • nixos-unstable -

pkgs.doh-proxy-rust

Fast, mature, secure DoH server proxy written in Rust

  • nixos-unstable -

pkgs.faust2jackrust

The faust2jackrust script, part of faust functional programming language for realtime audio signal processing

  • nixos-unstable -

pkgs.rusty-diceware

Commandline diceware, with or without dice, written in Rustlang

  • nixos-unstable -

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

  • nixos-unstable -

pkgs.rust-audit-info

Command-line tool to extract the dependency trees embedded in binaries by cargo-auditable

  • nixos-unstable -

pkgs.rust-streamdeck

ibusb based driver for Elgato StreamDeck devices

  • nixos-unstable -

pkgs.rustdesk-flutter

Virtual / remote desktop infrastructure for everyone! Open source TeamViewer / Citrix alternative

  • nixos-unstable -

pkgs.lomiri.trust-store

Common implementation of a trust store to be used by trusted helpers

  • nixos-unstable -

pkgs.piping-server-rust

Infinitely transfer between every device over pure HTTP with pipes or browsers

  • nixos-unstable -

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

  • nixos-unstable -

pkgs.luaPackages.rustaceanvim

🦀 Supercharge your Rust experience in Neovim! A heavily modified fork of rust-tools.nvim

Package maintainers

Untriaged
Permalink CVE-2025-3416
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months, 1 week ago
Openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

References

Affected products

gjs
polkit
firefox
mozjs60
openssl
rpm-ostree
389-ds-base
rust-bootupd
rust-openssl
  • <0.10.72
mingw-openssl
kata-containers
keylime-agent-rust
rhtas/tuffer-rhel9
rhtas/tuftool-rhel9
389-ds:1.4/389-ds-base
firefox:flatpak/firefox
python3.12-cryptography
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base
rhtpa/rhtpa-trustification-service-rhel9

Matching in nixpkgs

pkgs.gjs

JavaScript bindings for GNOME

  • nixos-unstable -

pkgs.polkit

Toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes

  • nixos-unstable -

pkgs.openssl

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.xulrunner

Web browser built from Firefox source tree

pkgs.cmd-polkit

Easily create polkit authentication agents by using commands

  • nixos-unstable -

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

  • nixos-unstable -

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

  • nixos-unstable -

pkgs.openssl_1_1

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.openssl_3_0

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.openssl_3_5

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

  • nixos-unstable -

pkgs.polkit_gnome

Dbus session bus service that is used to bring up authentication dialogs

  • nixos-unstable -

pkgs.tpm2-openssl

OpenSSL Provider for TPM2 integration

  • nixos-unstable -

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

  • nixos-unstable -

pkgs.openssl_legacy

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

  • nixos-unstable -

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

  • nixos-unstable -

Package maintainers