Recherche : [CVE-2022-30333]

CISA warns of Windows and UnRAR flaws exploited in the wild https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-and-unrar-flaws-exploited-in-the-wild/

12/08/2022 07:43:58

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation.

CVE-2022-30333 https://attackerkb.com/topics/RCa4EIZdbZ/cve-2022-30333/rapid7-analysis

19/07/2022 08:06:09

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

Unrar Path Traversal Vulnerability affects Zimbra Mail https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/

29/06/2022 21:15:52

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

Liens par page

Filtres