EUVD-2021-1620

Malware in sbrugna...

EUVD-2021-1684

Malware in sbrugna...

USN-7030-1: py7zr vulnerability

It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host...

Atlassian Confluence 7.19.23 < 7.19.25 / 8.5.x < 8.5.12 / 8.9.x < 8.9.4 (CONFSERVER-96100)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-96100 advisory. - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This...

Atlassian Confluence < 7.19.25 / 8.5.x < 8.5.12 / 8.9.x < 8.9.4 (CONFSERVER-96101)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-96101 advisory. - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error...

DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server

This High severity org.apache.commons:commons-compress Dependency vulnerability was introduced in versions 7.19.23, 8.5.10, 8.9.2 of Confluence Data Center and Server. This org.apache.commons:commons-compress Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2023-31102

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive...

Integer overflow

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive...

CVE-2023-31102

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive...

CVE-2023-31102

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive...

CVE-2023-31102

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive...

Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Apache Commons Compress

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID:CVE-2021-35516 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a...

Security Bulletin: Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-36090, CVE-2021-35517)

Summary Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2021-35515 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of...

7-Zip 16 DLL Hijacking

Microsoft Windows Environment Variable Expansion Issue Leads To Remote DLL Hijack Attack vector: 7-ZIP v.16 7-ZIP v.16 and possibly other softwares that utilizes the HTML Help System are prone to a remote DLL hijacking issue which leads to arbitrary code execution. PoC attached. because the OS...

Security Bulletin: Apache commons-compress security vulnerabilities in IBM Content Manager

Summary Apache commons-compress security vulnerabilities in IBM Content Navigator ICN toolkit affecting Administration Console for Content Platform Engine ACCE Vulnerability Details CVEID: CVE-2021-35516 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...

MGASA-2022-0009 Updated osgi-core/apache-commons-compress packages fix security vulnerability

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. CVE-2021-35515 When reading a specially crafted 7...

Updated osgi-core/apache-commons-compress packages fix security vulnerability

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. CVE-2021-35515 When reading a specially crafted 7...

Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow -CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090

Summary The embedded IBM Content Navigator component, that is shipped with IBM Business Automation Workflow is vulnerable to multiple vulnerabilities. Vulnerability Details CVEID: CVE-2021-35516 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory...

Security Bulletin: Apache Commons Compress Denial of Service Vulnerability Affects IBM Sterling Control Center (CVE-2021-35516)

Summary When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package...

Security Bulletin: Apache Commons Compress Denial of Service Vulnerability Affects IBM Sterling Control Center (CVE-2021-35515)

Summary When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. Vulnerability Details CVEID: CVE-2021-355...