{"url":"http://public2.vulnerablecode.io/api/packages/88424?format=json","purl":"pkg:deb/debian/arj@3.10.22-24?distro=trixie","type":"deb","namespace":"debian","name":"arj","version":"3.10.22-24","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.10.22-26","latest_non_vulnerable_version":"3.10.22-29","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58777?format=json","vulnerability_id":"VCID-4d97-px4k-v3cf","summary":"Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0557","reference_id":"","reference_type":"","scores":[{"value":"0.02096","scoring_system":"epss","scoring_elements":"0.84355","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435","reference_id":"774435","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435"},{"reference_url":"https://security.gentoo.org/glsa/201612-15","reference_id":"GLSA-201612-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88427?format=json","purl":"pkg:deb/debian/arj@3.10.22-13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88424?format=json","purl":"pkg:deb/debian/arj@3.10.22-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88422?format=json","purl":"pkg:deb/debian/arj@3.10.22-26?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-26%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88426?format=json","purl":"pkg:deb/debian/arj@3.10.22-28?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-28%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88425?format=json","purl":"pkg:deb/debian/arj@3.10.22-29?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-29%3Fdistro=trixie"}],"aliases":["CVE-2015-0557"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4d97-px4k-v3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58776?format=json","vulnerability_id":"VCID-c741-c27z-2ket","summary":"Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0556","reference_id":"","reference_type":"","scores":[{"value":"0.01551","scoring_system":"epss","scoring_elements":"0.81748","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434","reference_id":"774434","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434"},{"reference_url":"https://security.gentoo.org/glsa/201612-15","reference_id":"GLSA-201612-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88427?format=json","purl":"pkg:deb/debian/arj@3.10.22-13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88424?format=json","purl":"pkg:deb/debian/arj@3.10.22-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88422?format=json","purl":"pkg:deb/debian/arj@3.10.22-26?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-26%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88426?format=json","purl":"pkg:deb/debian/arj@3.10.22-28?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-28%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88425?format=json","purl":"pkg:deb/debian/arj@3.10.22-29?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-29%3Fdistro=trixie"}],"aliases":["CVE-2015-0556"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c741-c27z-2ket"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58775?format=json","vulnerability_id":"VCID-mcg3-5bfh-b7gn","summary":"Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1027.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1027.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1027","reference_id":"","reference_type":"","scores":[{"value":"0.06284","scoring_system":"epss","scoring_elements":"0.91092","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1027"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617356","reference_id":"1617356","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617356"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:007","reference_id":"RHSA-2005:007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:007"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88423?format=json","purl":"pkg:deb/debian/arj@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88424?format=json","purl":"pkg:deb/debian/arj@3.10.22-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88422?format=json","purl":"pkg:deb/debian/arj@3.10.22-26?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-26%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88426?format=json","purl":"pkg:deb/debian/arj@3.10.22-28?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-28%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88425?format=json","purl":"pkg:deb/debian/arj@3.10.22-29?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-29%3Fdistro=trixie"}],"aliases":["CVE-2004-1027"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mcg3-5bfh-b7gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58774?format=json","vulnerability_id":"VCID-u8v6-1vsn-mua5","summary":"Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0947.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0947.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0947","reference_id":"","reference_type":"","scores":[{"value":"0.0675","scoring_system":"epss","scoring_elements":"0.9145","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0947"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617328","reference_id":"1617328","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:007","reference_id":"RHSA-2005:007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:007"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88423?format=json","purl":"pkg:deb/debian/arj@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88424?format=json","purl":"pkg:deb/debian/arj@3.10.22-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88422?format=json","purl":"pkg:deb/debian/arj@3.10.22-26?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-26%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88426?format=json","purl":"pkg:deb/debian/arj@3.10.22-28?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-28%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88425?format=json","purl":"pkg:deb/debian/arj@3.10.22-29?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-29%3Fdistro=trixie"}],"aliases":["CVE-2004-0947"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8v6-1vsn-mua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58778?format=json","vulnerability_id":"VCID-weda-75ms-8bbb","summary":"Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2782","reference_id":"","reference_type":"","scores":[{"value":"0.05446","scoring_system":"epss","scoring_elements":"0.90342","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774015","reference_id":"774015","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774015"},{"reference_url":"https://security.gentoo.org/glsa/201612-15","reference_id":"GLSA-201612-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88427?format=json","purl":"pkg:deb/debian/arj@3.10.22-13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88424?format=json","purl":"pkg:deb/debian/arj@3.10.22-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88422?format=json","purl":"pkg:deb/debian/arj@3.10.22-26?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-26%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88426?format=json","purl":"pkg:deb/debian/arj@3.10.22-28?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-28%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88425?format=json","purl":"pkg:deb/debian/arj@3.10.22-29?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-29%3Fdistro=trixie"}],"aliases":["CVE-2015-2782"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-weda-75ms-8bbb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie"}