Lucene search
K

47 matches found

Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.8 views

PT-2026-25310

Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description A flaw exists in the RAR5 archive decompression logic within the archive read data processing path of the libarchive library. Processing a specially crafted RAR5 archive can cause the...

7.8CVSS6.3AI score0.00693EPSS
Exploits0References86
RedhatCVE
RedhatCVE
added 2025/12/11 12:3 a.m.5 views

CVE-2025-63365

SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents...

7.1CVSS6.9AI score0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/19 12:0 a.m.2 views

CVE-2025-63371

Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents...

6.5AI score0.0063EPSS
Exploits0References2
CVE
CVE
added 2025/11/19 12:0 a.m.11 views

CVE-2025-63371

CVE-2025-63371 affects OneCommander 3.102.0.0. The vulnerability stems from the ZIP file processing component during extraction, enabling potential directory traversal via ZIP archive contents. Public documents consistently describe the flaw, but do not provide a confirmed fix version or remediat...

7.5CVSS6.5AI score0.0063EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/10/21 8:15 p.m.6 views

Protection Mechanism Failure

picklescan is vulnerable to Protection Mechanism Failure. The vulnerability is due to improper error handling in the ZIP archive scanning component when processing files with a bad Cyclic Redundancy Check CRC, which allows an attacker to craft a malicious ZIP archive that halts the scan and...

9.8CVSS6.9AI score0.01428EPSS
Exploits1References7Affected Software1
GithubExploit
GithubExploit
added 2025/08/27 6:47 p.m.225 views

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 PoC Educational Use Only Details about this C...

8.8CVSS7.5AI score0.80906EPSS
Exploits35
Positive Technologies
Positive Technologies
added 2025/04/05 12:0 a.m.6 views

PT-2025-22954 · Git +1 · Kimageformats

Name of the Vulnerable Software and Affected Versions: KArchive affected versions not specified Description: The software experiences a global-buffer-overflow read issue during archive processing. The crash state indicates the issue occurs within the QByteArray::QByteArray, KZip::openArchive, and...

6.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/09 12:0 a.m.17 views

Debian dsa-5806 : libarchive-dev - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5806 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5806-1 [email protected] https://www.debian.org/security/...

7.3CVSS7.9AI score0.03154EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/25 12:0 a.m.5 views

PT-2024-1945 · Withsecure · Withsecure Server Security +7

Name of the Vulnerable Software and Affected Versions: WithSecure Client Security version 15 WithSecure Server Security version 15 WithSecure Email and Server Security version 15 WithSecure Elements Endpoint Protection versions 17 and later WithSecure Client Security for Mac version 15 WithSecure...

10CVSS7.2AI score0.00713EPSS
Exploits0References7
CVE
CVE
added 2024/02/25 12:0 a.m.3432 views

CVE-2024-27359

The CVE-2024-27359 issue affects WithSecure products (Client Security 15; Server Security 15; Email and Server Security 15; Elements Endpoint Protection 17+; Client Security for Mac 15; Elements Endpoint Protection for Mac 17+; Linux Security 64 12.0 / Linux Protection 12.0; Atlant 1.0.35-1). Roo...

7.5CVSS6.8AI score0.00713EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.5 views

SUSE CVE-2011-1471

Integer signedness error in zipstream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service CPU consumption via a malformed archive file that triggers errors in zipfread function calls...

4.3CVSS6.6AI score0.13132EPSS
Exploits2References3
OSV
OSV
added 2022/08/10 8:15 p.m.2 views

UBUNTU-CVE-2022-30631

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...

7.5CVSS6.7AI score0.01615EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2021/11/16 12:0 a.m.7 views

The vulnerability of the Malware Remover tool lies in its improper handling of certain elements at the administrative level, allowing attackers to execute arbitrary commands and increase their privileges.

The vulnerability of the Malware Remover tool is related to improper elimination of certain elements at the operating level when processing TAR files in the file system. Exploiting this vulnerability allows an attacker to execute arbitrary commands and increase their privileges...

6.8CVSS6.9AI score0.01123EPSS
Exploits2References6Affected Software1
Redos
Redos
added 2021/09/08 12:0 a.m.9 views

ROS-2-2219

2.2219 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

9.8CVSS7.3AI score0.19431EPSS
Exploits3
Redos
Redos
added 2021/09/08 12:0 a.m.5 views

ROS-2-2237

2.2237 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

7.5CVSS6.5AI score0.95785EPSS
Exploits5
OSV
OSV
added 2021/08/09 10:43 p.m.8 views

OPENSUSE-SU-2021:1115-1 Security update for apache-commons-compress

This update for apache-commons-compress fixes the following issues: - Updated to 1.21 - CVE-2021-35515: Fixed an infinite loop when reading a specially crafted 7Z archive. bsc1188463 - CVE-2021-35516: Fixed an excessive memory allocation when reading a specially crafted 7Z archive. bsc1188464 -...

7.5CVSS7.5AI score0.13292EPSS
Exploits0References9
OSV
OSV
added 2021/07/13 8:15 a.m.1 views

DEBIAN-CVE-2021-35517

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package...

7.5CVSS6.2AI score0.10901EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/12/01 12:0 a.m.5 views

PT-2020-6791 · Fortinet · Fortios +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS affected versions not specified Fortinet FortiClient for Mac affected versions not specified Description: The issue is related to a flaw in the Fortinet antivirus scanner, affecting FortiOS and FortiClient for Mac, which occu...

7.5CVSS7AI score0.00303EPSS
Exploits0References7
CNVD
CNVD
added 2020/05/18 12:0 a.m.3 views

Schneider Electric EcoStruxure Operator Terminal Expert Path Traversal Vulnerability (CNVD-2020-37620)

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is mainly used for creating and editing touch applications. A path traversal vulnerability exists in the processing of ZIP files in Schneider...

5.5CVSS6.7AI score0.00883EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/11/04 12:0 a.m.6 views

The vulnerability of the Networking component of Oracle Java SE and Oracle Java SE Embedded software components allows attackers to cause partial service interruptions.

The vulnerability of Oracle Java SE and Oracle Java SE Embedded software’s Networking component is related to errors in JAR file processing. Exploiting this vulnerability can allow an attacker to cause partial service interruptions remotely...

4.3CVSS6.4AI score0.03284EPSS
Exploits0References12Affected Software6
Rows per page
Query Builder