Lucene search
+L

277 matches found

OpenVAS
OpenVAS
added 2025/01/21 12:0 a.m.23 views

7-Zip Mark-of-the-Web Bypass Vulnerability (Jan 2025) - Windows

7zip is prone to a mark-of-the-web bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:7-zip:7-zip";...

7CVSS7.2AI score0.67071EPSS
Exploits8References4
Information Security Automation
Information Security Automation
added 2025/01/19 1:26 a.m.28 views

January Linux Patch Wednesday

JanuaryLinux Patch Wednesday. Out of 424 total vulnerabilities, 271 are in the Linux Kernel. None show signs of exploitation in the wild, but 9 have public exploits. RCE - Apache Tomcat CVE-2024-56337. Based on the description, the vulnerability affects "case-insensitive file systems" like Window...

9.8CVSS7.4AI score0.21985EPSS
Exploits21
Zero Day Initiative
Zero Day Initiative
added 2025/01/19 12:0 a.m.6 views

7-Zip Mark-of-the-Web Bypass Vulnerability

This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7CVSS7.1AI score0.67071EPSS
Exploits8
Redos
Redos
added 2025/01/14 12:0 a.m.11 views

ROS-20250114-12

A vulnerability in the implementation of the Zstandard compression method of the 7-Zip archiver is related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code provided that a user opens a specially generated archive. by a user opening a special...

7.8CVSS7.6AI score0.21985EPSS
Exploits1
HackRead
HackRead
added 2025/01/02 6:39 p.m.17 views

Fake 7-Zip Exploit Code Traced to AI-Generated Misinterpretation

A recent claim that a critical zero-day vulnerability existed in the popular open-source file archiver 7-Zip has been met with skepticism from the software's creator and other security researchers...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2024/11/27 12:0 a.m.14 views

7-Zip Qcow Handler Infinite Loop DoS Vulnerability - Windows

7zip is prone to a qcow handler infinite loop denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.9AI score0.01703EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/11/27 12:0 a.m.10 views

7-Zip Zstandard Decompression Integer Underflow Vulnerability - Windows

7zip is prone to a zstandard decompression integer underflow vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.8CVSS7.6AI score0.21985EPSS
Exploits1References1
Securelist
Securelist
added 2024/11/26 10:0 a.m.49 views

Analysis of Elpaco: a Mimic variant

Introduction In a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim's server after a successful brute force attack and then launch the ransomware. After that, the...

7.9AI score0.99512EPSS
Exploits75
Veracode
Veracode
added 2024/11/24 6:30 p.m.20 views

Remote Code Execution (RCE)

7-Zip is vulnerable to remote code execution RCE. The vulnerability is due to improper validation of user-supplied data in the Zstandard decompression implementation, causing an integer underflow that allows attackers to execute arbitrary code in the context of the current process...

7.8CVSS8.5AI score0.21985EPSS
Exploits1References5Affected Software4
NVD
NVD
added 2024/11/22 9:15 p.m.17 views

CVE-2024-11612

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on th...

6.5CVSS0.01703EPSS
Exploits0References1
OSV
OSV
added 2024/11/22 9:15 p.m.10 views

CVE-2024-11612

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on th...

6.5CVSS6.3AI score
Exploits0References1
NVD
NVD
added 2024/11/22 9:15 p.m.75 views

CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

7.8CVSS0.21985EPSS
Exploits1References2
OSV
OSV
added 2024/11/22 9:15 p.m.22 views

CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

7.8CVSS7.6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/22 8:22 p.m.57 views

CVE-2024-11477 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

7.8CVSS7.9AI score0.21985EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2024/11/22 8:22 p.m.36 views

CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

7.8CVSS8.3AI score0.21985EPSS
Exploits1
Cvelist
Cvelist
added 2024/11/22 8:22 p.m.52 views

CVE-2024-11477 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

7.8CVSS0.21985EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2024/11/22 8:22 p.m.48 views

CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

7.8CVSS7.7AI score0.21985EPSS
Exploits1
CVE
CVE
added 2024/11/22 8:22 p.m.242 views

CVE-2024-11477

CVE-2024-11477 affects 7-Zip via the Zstandard decompression path. The root cause is improper validation of input data in Zstandard decompression, allowing an integer underflow that can lead to arbitrary code execution in the process. Public writeups (ZDI-24346) describe the underlying flaw; mult...

7.8CVSS7.9AI score0.21985EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/11/22 8:22 p.m.120 views

CVE-2024-11612

CVE-2024-11612 describes a DoS in 7-Zip caused by a logic error during stream processing in CopyCoder, leading to an infinite loop. The vulnerability is exploitable remotely and requires interaction with the library, with attack vectors varying by implementation. Connected sources confirm the fla...

6.5CVSS6.3AI score0.01703EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/22 8:22 p.m.18 views

CVE-2024-11612 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on th...

6.5CVSS6.5AI score0.01703EPSS
Exploits0References1
Rows per page
Query Builder