Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : NLTK vulnerabilities (USN-8302-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8302-1 advisory. It was discovered that NLTK incorrectly validated file paths when opening files...

Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass Vulnerability

A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...

Cisco Secure Web Appliance 安全漏洞

Cisco Secure Web Appliance is an application developed by the American company Cisco. It is used to protect websites. There is a security vulnerability in Cisco Secure Web Appliance, which stems from the dynamic vector and stream engine’s improper handling of certain archive files. This...

Malcontent security vulnerabilities

Malcontent is a supply chain attack detection tool developed by Chainguard. Versions of Malcontent prior to 1.20.3 contained a security vulnerability. This vulnerability stemmed from the possibility of creating symbolic links outside of the expected extraction directories when scanning specially...

Untrusted Search Path

Overview @pnpm/fetching.binary-fetcher is a fetcher for binary archives Affected versions of this package are vulnerable to Untrusted Search Path via the extractZipToTarget function and the use of unvalidated prefix values. An attacker can overwrite arbitrary files on the file system by supplying...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the maxDictSize parameter when processing large RAR files. An attacker can cause the application to crash or become unresponsive by supplying a specially crafted RAR archive that triggers...

rardecode 安全漏洞

rardecode is a golang package for reading RAR files by the individual developer Nicholas Waples. A security vulnerability exists in rardecode 2.1.1 and earlier versions, which stems from an unrestricted dictionary size, which allows an attacker to supply a specially crafted RAR file resulting in ...

EUVD-2017-11432

Malware in sbrugna...

EUVD-2018-2056

Malware in sbrugna...

EUVD-2005-2671

Malware in sbrugna...

EUVD-2024-17976

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-9275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ARC 5.21q allows directory traversal via a full pathname in an archive file. CVE-2015-9275 Note that Nessus relies on the presence of the package as reported by...

[SECURITY] Fedora 41 Update: perl-PAR-Packer-1.063-6.fc41

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

CVE-2025-8088

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET...

[SECURITY] Fedora 42 Update: perl-PAR-Packer-1.064-2.fc42

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-24071 - Windows File Explorer Spoofing Vulnerability...

CVE-2022-30262

The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...

CVE-2024-55909 IBM Concert Software denial of service

IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption...

MAL-2025-191943 Malicious code in zmaker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f4ac88a121488df2fdfa1cb5409f3443f658a30d679f20acc41dd2c656bd3b8 Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the LoadArchiveFiles function in archive.go. An attacker can cause a stack overflow by submitting a JSON Schema with excessive nested references. Workaround This vulnerability can be mitigated by ensuring that...