Lucene search
K

206 matches found

Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.40 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Django vulnerability (USN-4715-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4715-1 advisory. Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files...

5.3CVSS6.7AI score0.07605EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2020/10/15 7:42 p.m.34 views

CVE-2020-21674

Heap-based buffer overflow in archivestringappendfromwcs archivestring.c in libarchive-3.4.1dev allows remote attackers to cause a denial of service out-of-bounds write in heap memory resulting into a crash via a crafted archive file. NOTE: this only affects users who downloaded the development...

7.5CVSS6.9AI score0.02057EPSS
Exploits0References3
OSV
OSV
added 2020/10/15 3:15 p.m.18 views

CVE-2020-21674

Heap-based buffer overflow in archivestringappendfromwcs archivestring.c in libarchive-3.4.1dev allows remote attackers to cause a denial of service out-of-bounds write in heap memory resulting into a crash via a crafted archive file. NOTE: this only affects users who downloaded the development...

6.5CVSS7.4AI score
Exploits0References2
Prion
Prion
added 2020/10/15 3:15 p.m.20 views

Heap overflow

Heap-based buffer overflow in archivestringappendfromwcs archivestring.c in libarchive-3.4.1dev allows remote attackers to cause a denial of service out-of-bounds write in heap memory resulting into a crash via a crafted archive file. NOTE: this only affects users who downloaded the development...

4.3CVSS6.7AI score0.02057EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/10/15 3:15 p.m.30 views

CVE-2020-21674

Heap-based buffer overflow in archivestringappendfromwcs archivestring.c in libarchive-3.4.1dev allows remote attackers to cause a denial of service out-of-bounds write in heap memory resulting into a crash via a crafted archive file. NOTE: this only affects users who downloaded the development...

6.5CVSS7AI score0.02057EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/10/15 2:59 p.m.34 views

CVE-2020-21674

Heap-based buffer overflow in archivestringappendfromwcs archivestring.c in libarchive-3.4.1dev allows remote attackers to cause a denial of service out-of-bounds write in heap memory resulting into a crash via a crafted archive file. NOTE: this only affects users who downloaded the development...

6.8AI score0.02057EPSS
Exploits0References2
CNVD
CNVD
added 2020/03/09 12:0 a.m.1 views

Multiple ESET products ESET AV parsing engine input validation error vulnerability

ESET Smart Security Premium and others are products of ESET Slovakia.Smart Security Premium is a suite of antivirus programs.Internet Security is a suite of antivirus programs for Internet security.NOD32 Antivirus is a suite of antivirus programs.ESET AV The parsing engine is one of the parsing...

9.8CVSS6.8AI score0.01648EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/02/27 12:0 a.m.6 views

The vulnerability of the __zzipFetchFetchDiskTrailer function in the ZZIPlib library allows a hacker to trigger a service failure.

The vulnerability of the zzipfetchdisktrailer function in the ZZIPlib compression library is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures by using a specially created zip file...

7.1CVSS6.2AI score0.02285EPSS
Exploits1References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2019/12/17 12:0 a.m.5 views

The vulnerability of the archive_wstring.AppendFrom_MBS function in the OpenLDAP package allows a hacker to read the memory contents of the system.

The vulnerability of the archivewstringappendfrommbs function in the archivestring.c file of the OpenLDAP package involves reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to read memory contents using a specially created archive file...

5.5CVSS6.8AI score0.00661EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2019/10/29 6:34 a.m.32 views

Arbitrary Code Execution

libarchive.so is vulnerable to arbitrary code execution. A use-after-free bug exists in the function archivereadformatrarreaddata in archivereadsupportformatrar.c as it does not properly handle archive files, allowing an attacker to execute arbtirary code in certain ARCHIVEFAILED situation by...

7.5CVSS3.4AI score0.0404EPSS
Exploits0References15Affected Software2
Prion
Prion
added 2019/08/13 8:15 p.m.18 views

Stack overflow

Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code...

6.8CVSS7.8AI score0.0162EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.5 views

The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems arises from an operation that goes beyond buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems arises from operations that go beyond the buffer limits in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created ARF or WRF fil...

7.8CVSS7.9AI score0.01713EPSS
Exploits0References3Affected Software3
exploitpack
exploitpack
added 2019/02/22 12:0 a.m.9 views

WinRAR 5.61 - Path Traversal

WinRAR 5.61 - Path Traversal !/usr/bin/env python3 import os import re import zlib import binascii The archive filename you want rarfilename = "test.rar" The evil file you want to run evilfilename = "calc.exe" The decompression path you want, such shown below targetfilename =...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/22 12:0 a.m.80 views

WinRAR 5.61 - Path Traversal

!/usr/bin/env python3 import os import re import zlib import binascii The archive filename you want rarfilename = "test.rar" The evil file you want to run evilfilename = "calc.exe" The decompression path you want, such shown below targetfilename = r"C:\C:C:../AppData\Roaming\Microsoft\Windows\Sta...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2019/02/11 5:0 p.m.33 views

CVE-2019-7731

MyWebSQL 3.7 has a remote code execution RCE vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file...

9.8AI score0.04221EPSS
Exploits1References1
Prion
Prion
added 2019/01/07 6:29 p.m.14 views

Directory traversal

ARC 5.21q allows directory traversal via a full pathname in an archive file...

5CVSS6.9AI score0.02378EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2019/01/07 6:29 p.m.16 views

CVE-2015-9275

ARC 5.21q allows directory traversal via a full pathname in an archive file...

5.3CVSS5.1AI score0.02378EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2019/01/07 6:29 p.m.21 views

CVE-2015-9275

ARC 5.21q allows directory traversal via a full pathname in an archive file...

5.3CVSS6.1AI score0.02378EPSS
Exploits1References3
OSV
OSV
added 2019/01/07 6:29 p.m.4 views

CVE-2015-9275

ARC 5.21q allows directory traversal via a full pathname in an archive file...

5.3CVSS6.6AI score
Exploits0References8
OSV
OSV
added 2019/01/07 6:29 p.m.1 views

DEBIAN-CVE-2015-9275

ARC 5.21q allows directory traversal via a full pathname in an archive file...

5.3CVSS6.9AI score0.02378EPSS
Exploits1References1
Rows per page
Query Builder