Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: lxqt.lxqt-archiver

Found 5 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-2039
created 1 month, 3 weeks ago
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, which listens on port 8018. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-28597.

References

Affected products

Archiver
  • ==15.10

Matching in nixpkgs

pkgs.archiver

Easily create & extract archives, and compress & decompress files of various formats

Package maintainers

Untriaged
Permalink CVE-2026-2036
created 1 month, 3 weeks ago
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability

GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27936.

References

Affected products

Archiver
  • ==15.10

Matching in nixpkgs

pkgs.archiver

Easily create & extract archives, and compress & decompress files of various formats

Package maintainers

Untriaged
Permalink CVE-2026-2038
created 1 month, 3 weeks ago
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability

GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-27934.

References

Affected products

Archiver
  • ==15.10

Matching in nixpkgs

pkgs.archiver

Easily create & extract archives, and compress & decompress files of various formats

Package maintainers

Untriaged
Permalink CVE-2026-2037
created 1 month, 3 weeks ago
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability

GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27935.

References

Affected products

Archiver
  • ==15.10

Matching in nixpkgs

pkgs.archiver

Easily create & extract archives, and compress & decompress files of various formats

Package maintainers

Published
Permalink CVE-2024-0406
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 2 months, 3 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 1 year, 3 months ago
  • @LeSuisse accepted 1 year, 2 months ago
  • @fricklerhandwerk ignored
    6 packages
    • xarchiver
    • fsarchiver
    • wayback-machine-archiver
    • CuboCore.corearchiver
    • python311Packages.nskeyedunarchiver
    • python312Packages.nskeyedunarchiver
    3 months ago
  • @fricklerhandwerk deleted
    4 maintainers
    • @dan4ik605743
    • @kalbasit
    • @romildo
    • @jchv
    3 months ago maintainer.delete
  • @fricklerhandwerk published on GitHub 2 months, 3 weeks ago
Mholt/archiver: path traversal vulnerability

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

References

Affected products

mholt
  • ==4
archiver
  • *
  • *
openshift4/oc-mirror-plugin-rhel8
openshift4/oc-mirror-plugin-rhel9
  • *
advanced-cluster-security/rhacs-main-rhel8
advanced-cluster-security/rhacs-roxctl-rhel8
advanced-cluster-security/rhacs-scanner-rhel8

Matching in nixpkgs

pkgs.archiver

Easily create & extract archives, and compress & decompress files of various formats

Ignored packages (6)

pkgs.xarchiver

GTK frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)

Package maintainers

Ignored maintainers (3)