EUVD-2024-54706

Malicious code in bioql PyPI...

CVE-2024-52928

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites with previously granted permissions to add new permissions when the user clicks anywhere on the website...

CVE-2024-52928

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites with previously granted permissions to add new permissions when the user clicks anywhere on the website...

CVE-2024-50295 net: arc: fix the device for dma_map_single/dma_unmap_single

In the Linux kernel, the following vulnerability has been resolved: net: arc: fix the device for dmamapsingle/dmaunmapsingle The ndev-dev and pdev-dev aren't the same device, use ndev-dev.parent which has dmamask, ndev-dev.parent is just pdev-dev. Or it would cause the following issue: 39.933526...

CVE-2024-45489

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however because of misconfigured Firebase ACLs, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and...

Arc 安全漏洞

ARC is a software package for creating and maintaining file archives. A security vulnerability exists in versions prior to Arc v1.6.0 that stems from the use of temporary files with insecure permissions, where a local user on the system may be able to trigger arbitrary code execution with root...

PT-2024-14845 · Arc · Arc

Name of the Vulnerable Software and Affected Versions: Arc affected versions not specified Description: The issue concerns the use of a temporary file with unsafe privileges on Unix systems, including Linux and MacOS. A malicious local user may be able to tamper with this file, potentially...

PT-2023-9991 · Arc · Arc

Name of the Vulnerable Software and Affected Versions: ARC aka ARC2 through 2011-12-01 Description: The issue allows reflected XSS via the end point.php query parameter in an output=htmltab action. This can be exploited through the "/end point.php" API endpoint, specifically by manipulating the...

ARC SQL注入漏洞

ARC is a software package for creating and maintaining file archives. A security vulnerability exists in ARC version 2011-12-01 and earlier. An attacker can exploit this vulnerability to perform blind SQL injection via getTriplePatternSQL...

SUSE CVE-2005-2945

arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by 1 arc arc.c or 2 marc marc.c...

SUSE CVE-2005-2992

arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945...

DEBIAN-CVE-2015-9275

ARC 5.21q allows directory traversal via a full pathname in an archive file...

CVE-2005-2992

arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945...

DEBIAN-CVE-2005-2992

arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945...

CVE-2005-2992

arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945...