Vulnerabilities (CVE)

Filtered by vendor Nzbget Subscribe
Filtered by product Nzbget
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-49102 1 Nzbget 1 Nzbget 2024-08-02 N/A 8.8 HIGH
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2008-2266 2 Nzbget, Uudeview 2 Nzbget, Uudeview 2024-02-28 4.4 MEDIUM N/A
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.