Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-49102: NZBGet - Download

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE
Open in Source
#vulnerability#android#mac#windows#linux#git#rce#auth

Latest stable release****Version: 21.1****Release Date: 3 June 2021****Release Notes

Stable releases are recommended for new users and for users not having much time for possible error handling.

Latest testing release****Version: 21.2-r2333****Release Date: 1 October 2021****Release Notes

Testing releases are recommended for experienced users familiar with NZBGet.

Windows

nzbget-21.1-bin-windows-setup.exe

nzbget-21.2-testing-r2333-bin-windows-setup.exe

Windows XP and later, 32 or 64 Bit.

Manual: Installation on Windows.

MacOS

nzbget-21.1-bin-macos.zip

nzbget-21.2-testing-r2333-bin-macos.zip

MacOS 10.7 Lion and later, 64 Bit.

Manual: Installation on Mac.

Linux

nzbget-21.1-bin-linux.run

nzbget-21.2-testing-r2333-bin-linux.run

Linux kernel 2.6 and later, x86 (32 or 64 Bit), ARM (32 or 64 Bit), MIPS, PowerPC.

Manual: Installation on Linux.

FreeBSD

nzbget-21.1-bin-freebsd.run

nzbget-21.2-testing-r2333-bin-freebsd.run

FreeBSD 9.1 and later, x86 (64 Bit).

Manual: Installation on FreeBSD.

Android****Daemon

nzbget-21.1-bin-android.run

nzbget-21.2-testing-r2333-bin-android.run

Android 5.0 and later, x86 (32 Bit), ARM (32 or 64 Bit).

Use installer and frontend app to install the daemon automatically. See manual below for details.

Installer and frontend app

nzbget-android-2.0-testing-r36-bin.apk

Android 5.0 and later, x86 (32 Bit), ARM (32 or 64 Bit).

Manual: Installation on Android.

Other POSIX systems

Check the package repository of your OS. If you can’t find NZBGet there or if you want a newer version please install from source code.

Manuals: Installation on POSIX, Cross-compiling.

Source code

nzbget-21.1-src.tar.gz

nzbget-21.2-testing-r2333-src.tar.gz

Source code includes configure and make files for POSIX and project files for MS Visual Studio.

Latest development sources

The latest development sources are available in GitHub repository.

Development code may contain serious bugs and is therefore not recommended for average users.

Manual: Build the latest development version.

Old releases

Older versions can be obtained from the GitHub project releases page.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE