Vulnerabilities > Rarlab > Winrar
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-38831 | Insufficient Verification of Data Authenticity vulnerability in Rarlab Winrar RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. | 7.8 |
| 2019-02-13 | CVE-2018-20253 | Out-of-bounds Write vulnerability in Rarlab Winrar In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. | 6.8 |
| 2019-02-05 | CVE-2018-20252 | Out-of-bounds Write vulnerability in Rarlab Winrar In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. | 6.8 |
| 2019-02-05 | CVE-2018-20251 | Path Traversal vulnerability in Rarlab Winrar In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. | 4.3 |
| 2019-02-05 | CVE-2018-20250 | Path Traversal vulnerability in Rarlab Winrar In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). | 7.8 |
| 2015-12-30 | CVE-2015-5663 | Permissions, Privileges, and Access Controls vulnerability in Rarlab Winrar 5.30 The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user. | 3.7 |
| 2009-09-01 | CVE-2008-7144 | Remote Security vulnerability in WinRar Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. | 10.0 |
| 2006-07-28 | CVE-2006-3912 | Buffer Errors vulnerability in Rarlab Winrar 3.60Beta8 Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact. | 2.1 |
| 2006-07-25 | CVE-2006-3845 | Buffer Overflow vulnerability in RARLAB WinRAR LHA Filename Handling Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive. | 9.3 |
| 2005-12-31 | CVE-2005-4620 | Buffer Overflow vulnerability in RARLAB WinRAR Command Line Processing Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. | 4.6 |