Arc
by Arc
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-45489 | Cri | 0.64 | 9.8 | 0.01 | Sep 20, 2024 | Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to create or update a boost using another user's ID. This installs the boost in the… | ||
| CVE-2024-31850 | Hig | 0.63 | 8.6 | 0.03 | Apr 5, 2024 | A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. | ||
| CVE-2023-5938 | Hig | 0.52 | 8.0 | 0.01 | May 15, 2024 | Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to… | ||
| CVE-2023-50809 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2024 | In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake. This lack of validation leads to a stack buffer overflow. This can result in… | ||
| CVE-2023-5936 | Hig | 0.51 | 7.8 | 0.00 | May 15, 2024 | On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges. | ||
| CVE-2026-2378 | Hig | 0.48 | 7.4 | 0.00 | Mar 20, 2026 | ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content. | ||
| CVE-2025-14809 | Hig | 0.48 | 7.4 | 0.00 | Dec 19, 2025 | ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content. | ||
| CVE-2023-5935 | Hig | 0.48 | 7.4 | 0.00 | May 15, 2024 | When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or… | ||
| CVE-2026-47735 | hig | 0.39 | — | 0.00 | Jun 8, 2026 | ### Summary Arc's user-SQL validator (`internal/api/query.go:ValidateSQLRequest`) blocked only `read_parquet(` and `arc_partition_agg(` via regex denylist. The broader DuckDB I/O function family — `read_csv_auto`, `read_csv`, `read_json`, `read_json_auto`, `read_text`,… | ||
| CVE-2023-5937 | Low | 0.25 | 3.8 | 0.00 | May 15, 2024 | On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files. | ||
| CVE-2024-52928 | 0.00 | — | 0.00 | Jun 26, 2025 | Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website. | |||
| CVE-2012-5872 | 0.00 | — | 0.01 | Apr 25, 2023 | ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. | |||
| CVE-2021-45891 | 0.00 | — | 0.01 | Apr 5, 2022 | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side. | |||
| CVE-2021-45892 | 0.00 | — | 0.01 | Apr 5, 2022 | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format. | |||
| CVE-2021-45893 | 0.00 | — | 0.02 | Apr 5, 2022 | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier. | |||
| CVE-2021-45894 | 0.00 | — | 0.01 | Apr 5, 2022 | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information. | |||
| CVE-2015-9275 | 0.00 | — | 0.02 | Jan 7, 2019 | ARC 5.21q allows directory traversal via a full pathname in an archive file. | |||
| CVE-2005-2992 | 0.00 | — | 0.00 | Oct 13, 2005 | arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945. | |||
| CVE-2005-2945 | 0.00 | — | 0.00 | Sep 16, 2005 | arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c). |
- risk 0.64cvss 9.8epss 0.01
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to create or update a boost using another user's ID. This installs the boost in the…
- risk 0.63cvss 8.6epss 0.03
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.
- risk 0.52cvss 8.0epss 0.01
Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to…
- risk 0.51cvss 7.8epss 0.00
In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake. This lack of validation leads to a stack buffer overflow. This can result in…
- risk 0.51cvss 7.8epss 0.00
On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.
- risk 0.48cvss 7.4epss 0.00
ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.
- risk 0.48cvss 7.4epss 0.00
ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.
- risk 0.48cvss 7.4epss 0.00
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or…
- risk 0.39cvss —epss 0.00
### Summary Arc's user-SQL validator (`internal/api/query.go:ValidateSQLRequest`) blocked only `read_parquet(` and `arc_partition_agg(` via regex denylist. The broader DuckDB I/O function family — `read_csv_auto`, `read_csv`, `read_json`, `read_json_auto`, `read_text`,…
- risk 0.25cvss 3.8epss 0.00
On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files.
- CVE-2024-52928Jun 26, 2025risk 0.00cvss —epss 0.00
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
- CVE-2012-5872Apr 25, 2023risk 0.00cvss —epss 0.01
ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.
- CVE-2021-45891Apr 5, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.
- CVE-2021-45892Apr 5, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format.
- CVE-2021-45893Apr 5, 2022risk 0.00cvss —epss 0.02
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier.
- CVE-2021-45894Apr 5, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information.
- CVE-2015-9275Jan 7, 2019risk 0.00cvss —epss 0.02
ARC 5.21q allows directory traversal via a full pathname in an archive file.
- CVE-2005-2992Oct 13, 2005risk 0.00cvss —epss 0.00
arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.
- CVE-2005-2945Sep 16, 2005risk 0.00cvss —epss 0.00
arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).