27 matches found
CVE-2026-50574
yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...
CVE-2026-50574
CVE-2026-50574 affects yt-dlp when using aria2c as an external downloader for fragmented manifests (e.g., HLS/DASH). Insufficiently sanitized input passed to aria2c allows attacker-controlled options in the aria2c input file, enabling arbitrary file writes. On Windows, this can cause immediate ar...
CVE-2026-50574 yt-dlp: Arbitrary code execution via manifest downloads with aria2c
yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...
Python Library yt-dlp < 2026.6.9 Multiple Vulnerabilities
The detected version of the yt-dlp Python package is prior to 2026.6.9. It is, therefore, affected by multiple vulnerabilities: - A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via insufficient sanitization of input passed to the aria2c external...
CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
Linux Distros Unpatched Vulnerability : CVE-2026-8367
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for ...
EUVD-2026-30042
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
DEBIAN-CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
UBUNTU-CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-8367 aria2c Improper Certificate Validation
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
aria2c 信任管理问题漏洞
aria2c is a lightweight multi-protocol command-line download tool developed by aria2. Aria2c has a trust management vulnerability that stems from accepting server certificates with incorrect extension key purposes. This vulnerability could allow attackers to reuse certificates issued for differen...
PT-2026-40700
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
SUSE CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
The vulnerability of the aria2c download utility’s aria2 component, which allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the aria2c download utility’s aria2 component relates to the disclosure of information through registration files. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
Default credentials
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...