cbcvebase.

Debian Sabnzbdplus vulnerabilities

3 known vulnerabilities affecting debian/sabnzbdplus.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-34237P2HIGHCVSS 8.1fixed in sabnzbdplus 4.0.2+dfsg-1 (forky)2023
CVE-2023-34237 [HIGH] CVE-2023-34237: sabnzbdplus - SABnzbd is an open source automated Usenet download tool. A design flaw was disc... SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploit
debian
CVE-2020-13124P2HIGHCVSS 8.8fixed in sabnzbdplus 3.1.1+dfsg-1 (bookworm)2020
CVE-2020-13124 [HIGH] CVE-2020-13124: sabnzbdplus - SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web c... SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system. Scope: local bookworm: resolved (fixed in 3.1.1+dfsg-1) bullseye: resolved (fixed in 3.1.1+dfsg-1) forky: resolved (fixed in 3.1.1+dfsg-1) sid: resolved
debian
CVE-2021-29488P4MEDIUMCVSS 4.3fixed in sabnzbdplus 3.2.1+dfsg-1 (bookworm)2021
CVE-2021-29488 [MEDIUM] CVE-2021-29488: sabnzbdplus - SABnzbd is an open source binary newsreader. A vulnerability was discovered in S... SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permi
debian
Debian Sabnzbdplus vulnerabilities | cvebase