Nixpkgs security tracker

Untriaged

Permalink CVE-2021-47863

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 4 weeks ago

MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path

MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges on Windows systems.

References

ExploitDB-49694 exploit
MacPaw Encrypto Official Homepage product
VulnCheck Advisory: MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path third-party-advisory

Affected products

Encrypto

==1.0.1

Matching in nixpkgs

pkgs.opencryptoki

PKCS#11 implementation for Linux

nixos-unstable 3.25.0
- nixpkgs-unstable 3.25.0
- nixos-unstable-small 3.25.0
nixos-25.11 3.25.0
- nixpkgs-25.11-darwin 3.25.0

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.opencryptoki