Lucene search
K

366 matches found

OSV
OSV
added 2024/06/11 7:35 a.m.12 views

SUSE-SU-2024:1975-1 Security update for unrar

This update for unrar fixes the following issues: - CVE-2024-33899: Fixed a denial of service via ANSI escape squences. bsc1225661...

7.1CVSS6.8AI score0.00817EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2024/06/10 8:17 a.m.140 views

Exploit for Link Following in Rarlab Unrar

A proof of concept for CVE-2022-30333 - a path traversal vulnera...

7.5CVSS7.9AI score0.98975EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2024/01/08 12:0 a.m.64 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : libclamunrar vulnerabilities (USN-6569-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6569-1 advisory. it was discovered that libclamunrar incorrectly handled directories when extracting RAR archives. A remote attacker could...

7.8CVSS8.5AI score0.98975EPSS
Exploits13References3
ATTACKERKB
ATTACKERKB
added 2023/11/22 10:15 p.m.4 views

CVE-2023-49102

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...

8.8CVSS6.5AI score0.01501EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.5 views

PT-2023-31056 · 7 Zip · 7Za

Name of the Vulnerable Software and Affected Versions: NZBGet version 21.1 Description: The issue allows authenticated remote code execution due to the unarchive programs 7za and unrar preserving executable file permissions. An attacker with Control capability can execute a file by setting the...

8.8CVSS8AI score0.01501EPSS
Exploits1References6
OSV
OSV
added 2023/11/22 12:0 a.m.90 views

CVE-2023-49102

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...

8.8CVSS7.8AI score0.01501EPSS
Exploits1References4
CVE
CVE
added 2023/11/22 12:0 a.m.42 views

CVE-2023-49102

NZBGet 21.1 is affected by an authenticated remote code execution vulnerability. The root cause is that the unarchive helpers 7za and unrar preserve executable permissions, allowing an attacker with Control privileges to execute a file by setting SevenZipCommand or UnrarCmd. This issue impacts pr...

8.8CVSS8.9AI score0.01501EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.11 views

The vulnerability of the UnRAR decompression tool lies in the improper handling of symbolic links before accessing the file, allowing attackers to gain access to confidential data.

The vulnerability of the UnRAR decompression tool is related to the incorrect handling of symbolic links before accessing the file. Exploiting this vulnerability can allow an attacker who operates remotely to gain access to confidential data...

7.8CVSS6.8AI score0.00722EPSS
Exploits0References8Affected Software3
Gentoo Linux
Gentoo Linux
added 2023/09/17 12:0 a.m.45 views

RAR, UnRAR: Arbitrary File Overwrite

Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description Due to an error in the validation of symbolic links within archives, RAR and UnRAR can potentially write files to a directory which is outside of the intended unpack directory. Impact...

7.8CVSS7.9AI score0.98975EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2023/09/17 12:0 a.m.42 views

GLSA-202309-04 : RAR, UnRAR: Arbitrary File Overwrite

The remote host is affected by the vulnerability described in GLSA-202309-04 RAR, UnRAR: Arbitrary File Overwrite - RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys...

7.8CVSS8.5AI score0.98975EPSS
Exploits13References6
Redos
Redos
added 2023/09/12 12:0 a.m.18 views

ROS-20230911-08

Vulnerability of UnRAR file unzipping tool is related to incorrect link resolution before accessing a file "Jump to link". before accessing the file "Follow link". Exploitation of the vulnerability could allow an attacker acting remotely to extract files outside the destination folder using file...

7.5CVSS6.8AI score0.00722EPSS
Exploits0
OSV
OSV
added 2023/09/11 1:7 p.m.10 views

MGASA-2023-0258 Updated unrar packages fix security vulnerability

Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. CVE-2023-40477...

7.8CVSS8AI score0.1308EPSS
Exploits1References3
Mageia
Mageia
added 2023/09/11 1:7 p.m.48 views

Updated unrar packages fix security vulnerability

Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. CVE-2023-40477...

7.8CVSS7.7AI score0.1308EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/09/11 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2023-0258)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.1308EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/08/28 12:0 a.m.31 views

Debian: Security Advisory (DLA-3542-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.1308EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/08/27 12:0 a.m.31 views

Debian dla-3542 : libunrar-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3542 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3542-1 [email protected] https://www.debian.org/lts/security/...

7.8CVSS7.8AI score0.1308EPSS
Exploits1References4
Debian
Debian
added 2023/08/26 8:48 p.m.35 views

[SECURITY] [DLA 3542-1] unrar-nonfree security update

Debian LTS Advisory DLA-3542-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 26, 2023 https://wiki.debian.org/LTS Package : unrar-nonfree Version : 1:5.6.6-1+deb10u4 CVE ID : CVE-2023-40477 A specific flaw within the processing of recovery volumes exists ...

7.8CVSS7.3AI score0.1308EPSS
Exploits1
OSV
OSV
added 2023/08/26 12:0 a.m.42 views

DLA-3542-1 unrar-nonfree - security update

Bulletin has no description...

7.8CVSS7.8AI score0.1308EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/08/18 12:0 a.m.44 views

Debian dla-3534 : rar - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3534 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3534-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS7.8AI score0.98975EPSS
Exploits12References4
Tenable Nessus
Tenable Nessus
added 2023/08/18 12:0 a.m.25 views

Debian dla-3535 : libunrar-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3535 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3535-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS6.6AI score0.00722EPSS
Exploits0References4
Rows per page
Query Builder