366 matches found
SUSE-SU-2024:1975-1 Security update for unrar
This update for unrar fixes the following issues: - CVE-2024-33899: Fixed a denial of service via ANSI escape squences. bsc1225661...
Exploit for Link Following in Rarlab Unrar
A proof of concept for CVE-2022-30333 - a path traversal vulnera...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : libclamunrar vulnerabilities (USN-6569-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6569-1 advisory. it was discovered that libclamunrar incorrectly handled directories when extracting RAR archives. A remote attacker could...
CVE-2023-49102
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...
PT-2023-31056 · 7 Zip · 7Za
Name of the Vulnerable Software and Affected Versions: NZBGet version 21.1 Description: The issue allows authenticated remote code execution due to the unarchive programs 7za and unrar preserving executable file permissions. An attacker with Control capability can execute a file by setting the...
CVE-2023-49102
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...
CVE-2023-49102
NZBGet 21.1 is affected by an authenticated remote code execution vulnerability. The root cause is that the unarchive helpers 7za and unrar preserve executable permissions, allowing an attacker with Control privileges to execute a file by setting SevenZipCommand or UnrarCmd. This issue impacts pr...
The vulnerability of the UnRAR decompression tool lies in the improper handling of symbolic links before accessing the file, allowing attackers to gain access to confidential data.
The vulnerability of the UnRAR decompression tool is related to the incorrect handling of symbolic links before accessing the file. Exploiting this vulnerability can allow an attacker who operates remotely to gain access to confidential data...
RAR, UnRAR: Arbitrary File Overwrite
Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description Due to an error in the validation of symbolic links within archives, RAR and UnRAR can potentially write files to a directory which is outside of the intended unpack directory. Impact...
GLSA-202309-04 : RAR, UnRAR: Arbitrary File Overwrite
The remote host is affected by the vulnerability described in GLSA-202309-04 RAR, UnRAR: Arbitrary File Overwrite - RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys...
ROS-20230911-08
Vulnerability of UnRAR file unzipping tool is related to incorrect link resolution before accessing a file "Jump to link". before accessing the file "Follow link". Exploitation of the vulnerability could allow an attacker acting remotely to extract files outside the destination folder using file...
MGASA-2023-0258 Updated unrar packages fix security vulnerability
Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. CVE-2023-40477...
Updated unrar packages fix security vulnerability
Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. CVE-2023-40477...
Mageia: Security Advisory (MGASA-2023-0258)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-3542-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3542 : libunrar-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3542 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3542-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 3542-1] unrar-nonfree security update
Debian LTS Advisory DLA-3542-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 26, 2023 https://wiki.debian.org/LTS Package : unrar-nonfree Version : 1:5.6.6-1+deb10u4 CVE ID : CVE-2023-40477 A specific flaw within the processing of recovery volumes exists ...
DLA-3542-1 unrar-nonfree - security update
Bulletin has no description...
Debian dla-3534 : rar - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3534 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3534-1 [email protected] https://www.debian.org/lts/security/...
Debian dla-3535 : libunrar-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3535 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3535-1 [email protected] https://www.debian.org/lts/security/...