Suggestions search

Untriaged

Filter by:

With package: tests.fetchzip.hiddenDir

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-1364

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 3 weeks ago

JNC｜IAQS and I6 - Missing Authentication

IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities.

References

https://www.twcert.org.tw/tw/cp-132-10652-4cdca-1.html third-party-advisory
https://www.twcert.org.tw/en/cp-139-10653-117a1-2.html third-party-advisory

Affected products

IAQS

Matching in nixpkgs

pkgs.tests.fetchzip.hiddenDir

None

nixos-unstable ji683ijnf64v
- nixpkgs-unstable ji683ijnf64v
- nixos-unstable-small ji683ijnf64v

pkgs.python312Packages.aiobafi6

Library for communication with the Big Ass Fans i6 firmware

nixos-unstable aiobafi6-0.10.0
- nixpkgs-unstable aiobafi6-0.10.0
- nixos-unstable-small aiobafi6-0.10.0
nixos-25.11 aiobafi6-0.10.0
- nixpkgs-25.11-darwin aiobafi6-0.10.0

pkgs.python313Packages.aiobafi6

Library for communication with the Big Ass Fans i6 firmware

nixos-unstable aiobafi6-0.10.0
- nixpkgs-unstable aiobafi6-0.10.0
- nixos-unstable-small aiobafi6-0.10.0
nixos-25.11 aiobafi6-0.10.0
- nixpkgs-25.11-darwin aiobafi6-0.10.0

pkgs.tests.fetchgit.sparseCheckout

None

nixos-25.11 3kqsbiwprri6
- nixpkgs-25.11-darwin 3kqsbiwprri6

pkgs.tests.fetchpatch2.fileWithSpace

None

nixos-25.11 59i6vdvd05zl
- nixpkgs-25.11-darwin 59i6vdvd05zl

pkgs.tests.fetchurl.no-skipPostFetch

None

nixos-25.11 i0i6bfnqamff
- nixpkgs-25.11-darwin i0i6bfnqamff

pkgs.tests.fetchFromGitHub.dumb-http-signed-tag

None

nixos-25.11 lvi6xvc9xm2s
- nixpkgs-25.11-darwin lvi6xvc9xm2s

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Permalink CVE-2026-1363

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 3 weeks ago

JNC｜IAQS and I6 - Client-Side Enforcement of Server-Side Security

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end.