Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unrar vulnerabilities and exploits
(subscribe to this query)
581
VMScore
CVE-2022-30333
RARLAB UnRAR prior to 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Rarlab Unrar
2 Metasploit modules
4 Github repositories
1 Article
570
VMScore
CVE-2017-14122
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
445
VMScore
CVE-2017-14120
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
445
VMScore
CVE-2017-12938
UnRAR prior to 5.5.7 allows remote malicious users to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
Rarlab Unrar
435
VMScore
CVE-2007-3725
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) prior to 0.91 allows user-assisted remote malicious users to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
Clam Anti-virus Clamav 0.51
Clam Anti-virus Clamav 0.52
Clam Anti-virus Clamav 0.21
Clam Anti-virus Clamav 0.22
Clam Anti-virus Clamav 0.60p
Clam Anti-virus Clamav 0.65
Clam Anti-virus Clamav 0.73
Clam Anti-virus Clamav 0.74
Clam Anti-virus Clamav 0.80 Rc4
Clam Anti-virus Clamav 0.81
Clam Anti-virus Clamav 0.85.1
Clam Anti-virus Clamav 0.86
Clam Anti-virus Clamav 0.88.1
Clam Anti-virus Clamav 0.88.3
Clam Anti-virus Clamav 0.90 Rc2
Clam Anti-virus Clamav 0.90 Rc3
Clam Anti-virus Clamav 0.15
Clam Anti-virus Clamav 0.20
Clam Anti-virus Clamav 0.23
Clam Anti-virus Clamav 0.24
Clam Anti-virus Clamav 0.67
Clam Anti-virus Clamav 0.68
1 EDB exploit
384
VMScore
CVE-2017-14121
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
384
VMScore
CVE-2017-11189
unrarlib.c in unrar-free 0.0.1 might allow remote malicious users to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application. NOTE: one of the several test cases in the ...
Rarzilla Unrar-free 0.0.1
383
VMScore
CVE-2018-0202
clamscan in ClamAV prior to 0.99.4 contains a vulnerability that could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Porta...
Clamav Clamav
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 7.0
1 Github repository
383
VMScore
CVE-2018-1000085
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR...
Clamav Clamav 0.99.3
Debian Debian Linux 7.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
383
VMScore
CVE-2017-11423
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote malicious users to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
Libmspack Project Libmspack 0.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »