Aria
by Aria
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8367 | Med | 0.31 | 4.8 | 0.00 | May 13, 2026 | aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication. | ||
| CVE-2008-0332 | 0.03 | — | 0.02 | Jan 17, 2008 | Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||
| CVE-2022-24237 | 0.02 | — | 0.25 | Mar 21, 2022 | The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. | |||
| CVE-2022-24235 | 0.00 | — | 0.01 | Mar 21, 2022 | A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | |||
| CVE-2022-24236 | 0.00 | — | 0.01 | Mar 21, 2022 | An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts. | |||
| CVE-2010-1512 | 0.00 | — | 0.03 | May 17, 2010 | Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | |||
| CVE-2009-3617 | 0.00 | — | 0.05 | Oct 20, 2009 | Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a… | |||
| CVE-2009-3575 | 0.00 | — | 0.06 | Oct 7, 2009 | Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | |||
| CVE-2006-1435 | 0.00 | — | 0.01 | Apr 3, 2006 | Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter). |
- risk 0.31cvss 4.8epss 0.00
aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
- CVE-2008-0332Jan 17, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
- CVE-2022-24237Mar 21, 2022risk 0.02cvss —epss 0.25
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.
- CVE-2022-24235Mar 21, 2022risk 0.00cvss —epss 0.01
A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.
- CVE-2022-24236Mar 21, 2022risk 0.00cvss —epss 0.01
An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts.
- CVE-2010-1512May 17, 2010risk 0.00cvss —epss 0.03
Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
- CVE-2009-3617Oct 20, 2009risk 0.00cvss —epss 0.05
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a…
- CVE-2009-3575Oct 7, 2009risk 0.00cvss —epss 0.06
Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
- CVE-2006-1435Apr 3, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter).