CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2015-0557 – Gentoo Linux Security Advisory 201612-15
https://notcve.org/view.php?id=CVE-2015-0557
06 Apr 2015 — Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. El archivador de código abierto ARJ 3.10.22 no elimina correctamente barras oblicuas de inicio de las rutas, lo que permite a atacantes remotos realizar ataques del recorrido del directorio absoluto y escribir a ficheros arbitrarios a través de múltiples barra oblic... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 3CVE-2015-0556 – Gentoo Linux Security Advisory 201612-15
https://notcve.org/view.php?id=CVE-2015-0556
06 Apr 2015 — Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. El archivador de código abierto ARJ 3.10.22 permite a atacantes remotos realizar ataques de salto de directorio a través de un ataque de enlace simbólico en un archivo ARJ. Jakub Wilk discovered that arj follows symlinks created during unpacking of an arj archive. A remote attacker could use this flaw to perform a directory traversal attack if a user or automated system wer... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2015-2782 – Gentoo Linux Security Advisory 201612-15
https://notcve.org/view.php?id=CVE-2015-2782
06 Apr 2015 — Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. Desbordamiento de buffer en el archivador de código abierto ARJ 3.10.22 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un archivo ARJ manipulado. Jakub Wilk discovered that arj follows symlinks created during unpacking of an arj archive. A remote attacker coul... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •