47 matches found
PT-2026-25310
Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description A flaw exists in the RAR5 archive decompression logic within the archive read data processing path of the libarchive library. Processing a specially crafted RAR5 archive can cause the...
CVE-2025-63365
SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents...
CVE-2025-63371
Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents...
CVE-2025-63371
CVE-2025-63371 affects OneCommander 3.102.0.0. The vulnerability stems from the ZIP file processing component during extraction, enabling potential directory traversal via ZIP archive contents. Public documents consistently describe the flaw, but do not provide a confirmed fix version or remediat...
Protection Mechanism Failure
picklescan is vulnerable to Protection Mechanism Failure. The vulnerability is due to improper error handling in the ZIP archive scanning component when processing files with a bad Cyclic Redundancy Check CRC, which allows an attacker to craft a malicious ZIP archive that halts the scan and...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 PoC Educational Use Only Details about this C...
PT-2025-22954 · Git +1 · Kimageformats
Name of the Vulnerable Software and Affected Versions: KArchive affected versions not specified Description: The software experiences a global-buffer-overflow read issue during archive processing. The crash state indicates the issue occurs within the QByteArray::QByteArray, KZip::openArchive, and...
Debian dsa-5806 : libarchive-dev - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5806 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5806-1 [email protected] https://www.debian.org/security/...
PT-2024-1945 · Withsecure · Withsecure Server Security +7
Name of the Vulnerable Software and Affected Versions: WithSecure Client Security version 15 WithSecure Server Security version 15 WithSecure Email and Server Security version 15 WithSecure Elements Endpoint Protection versions 17 and later WithSecure Client Security for Mac version 15 WithSecure...
CVE-2024-27359
The CVE-2024-27359 issue affects WithSecure products (Client Security 15; Server Security 15; Email and Server Security 15; Elements Endpoint Protection 17+; Client Security for Mac 15; Elements Endpoint Protection for Mac 17+; Linux Security 64 12.0 / Linux Protection 12.0; Atlant 1.0.35-1). Roo...
SUSE CVE-2011-1471
Integer signedness error in zipstream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service CPU consumption via a malformed archive file that triggers errors in zipfread function calls...
UBUNTU-CVE-2022-30631
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
The vulnerability of the Malware Remover tool lies in its improper handling of certain elements at the administrative level, allowing attackers to execute arbitrary commands and increase their privileges.
The vulnerability of the Malware Remover tool is related to improper elimination of certain elements at the operating level when processing TAR files in the file system. Exploiting this vulnerability allows an attacker to execute arbitrary commands and increase their privileges...
ROS-2-2219
2.2219 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-2237
2.2237 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
OPENSUSE-SU-2021:1115-1 Security update for apache-commons-compress
This update for apache-commons-compress fixes the following issues: - Updated to 1.21 - CVE-2021-35515: Fixed an infinite loop when reading a specially crafted 7Z archive. bsc1188463 - CVE-2021-35516: Fixed an excessive memory allocation when reading a specially crafted 7Z archive. bsc1188464 -...
DEBIAN-CVE-2021-35517
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package...
PT-2020-6791 · Fortinet · Fortios +1
Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS affected versions not specified Fortinet FortiClient for Mac affected versions not specified Description: The issue is related to a flaw in the Fortinet antivirus scanner, affecting FortiOS and FortiClient for Mac, which occu...
Schneider Electric EcoStruxure Operator Terminal Expert Path Traversal Vulnerability (CNVD-2020-37620)
Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is mainly used for creating and editing touch applications. A path traversal vulnerability exists in the processing of ZIP files in Schneider...
The vulnerability of the Networking component of Oracle Java SE and Oracle Java SE Embedded software components allows attackers to cause partial service interruptions.
The vulnerability of Oracle Java SE and Oracle Java SE Embedded software’s Networking component is related to errors in JAR file processing. Exploiting this vulnerability can allow an attacker to cause partial service interruptions remotely...