VYPR

Arc

by Nozominetworks

CVEs (2)

  • CVE-2023-5938HigMay 15, 2024
    risk 0.52cvss 8.0epss 0.01

    Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to…

  • CVE-2023-5935HigMay 15, 2024
    risk 0.48cvss 7.4epss 0.00

    When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or…