Lucene search

[email protected]CVE-2014-1975

HistoryMar 18, 2014 - 5:18 a.m.

CVE-2014-1975

2014-03-1805:18:18

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-1975

directory traversal

r-company unzipper

android

remote attackers

file overwrite

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.

Affected configurations

NVD

Node

r-companyunzipperRange≤1.0.1android

r-companyunzipperMatch1.0.0android

CPENameOperatorVersion
r-company:unzipperr-company unzipperle1.0.1
r-company:unzipperr-company unzippereq1.0.0

CPE	Name	Operator	Version
r-company:unzipper	r-company unzipper	le	1.0.1
r-company:unzipper	r-company unzipper	eq	1.0.0

References

jvn.jp/en/jp/JVN38227002/995495/index.html

jvn.jp/en/jp/JVN38227002/index.html

jvndb.jvn.jp/jvndb/JVNDB-2014-000031

www.securityfocus.com/bid/66250

play.google.com/store/apps/details?id=org.rhorita777.unzipper

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2014-1975

cvelist1 prion1 nvd1 seebug1 jvn1