rpm package
opensuse/aria2&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/aria2&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-3500 | — | < 1.36.0-1.2 | 1.36.0-1.2 | Jan 2, 2019 | aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | ||
| CVE-2009-3617 | — | < 1.29.0-1.1 | 1.29.0-1.1 | Oct 20, 2009 | Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a down |
- CVE-2019-3500Jan 2, 2019affected < 1.36.0-1.2fixed 1.36.0-1.2
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.
- CVE-2009-3617Oct 20, 2009affected < 1.29.0-1.1fixed 1.29.0-1.1
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a down