Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` NixOS module
Vulnerability Description
captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.
CVSS Information
N/A
Vulnerability Type
带着不必要的权限执行
Vulnerability Title
Nixpkgs 安全漏洞
Vulnerability Description
Nixpkgs是NixOS开源的一个 100000 多个软件包的集合。可以使用 Nix 包管理器安装。 Nixpkgs 25.05及之前版本存在安全漏洞,该漏洞源于任何系统用户均可运行具有CAP_NET_RAW能力的任意命令,可能导致绑定特权端口或欺骗本地流量。
CVSS Information
N/A
Vulnerability Type
N/A