Lucene search
K

267 matches found

ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-14164

A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...

7.5CVSS5.7AI score
Exploits0References6
OSV
OSV
added 6 days ago3 views

USN-8477-1 tar vulnerability

It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...

5.5CVSS5.8AI score0.0043EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 6 days ago4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.7AI score0.00643EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/06/23 4:4 p.m.36 views

CVE-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS0.00599EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in FontForge

Splinefont in FontForge, with a version number of 20230101, allows for command injection through crafted archives or compressed files...

6.5CVSS6.4AI score0.0187EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Vim

Vim is an open-source, command-line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin could allow overwriting of arbitrary files when opening specially crafted tar archives. The impact is limited because this exploit requires direct user interaction. However,...

4.1CVSS6.6AI score0.00242EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 3:47 p.m.11 views

CVE-2026-48092

A flaw was found in 7-Zip, a file archiver. This vulnerability, affecting 32-bit builds, involves a heap memory disclosure caused by an integer overflow in the SquashFS ReadBlock function. An attacker can exploit this by providing a specially crafted archive, which, when processed, allows the...

8.1CVSS5.5AI score0.00324EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.17 views

7-Zip >= 9.18 < 26.01 SquashFS Integer Overflow (GHSL-2026-115_GHSL-2026-122)

The version of 7-Zip installed on the remote Windows host is = 9.18 and prior to 26.01. It is, therefore, potentially affected by a vulnerability: - An integer overflow in the SquashFS fragment offset handling can lead to a crash when processing a crafted SquashFS archive. This vulnerability only...

8.1CVSS5.6AI score0.00324EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/04 4:20 p.m.10 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the getfilteredattrs function tarfile.datafilter component that computes a symlink's directory before stripping trailing slashes. An attacker can write files outside the intended extraction directory by crafting...

6.9CVSS6.2AI score0.00606EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016612)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016612 advisory. When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memor...

5.5CVSS6.4AI score0.0262EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/20 1:36 p.m.12 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.9AI score0.00643EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/05/20 11:57 a.m.15 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.9AI score0.00643EPSS
Exploits1References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в mat2

Before version 0.13.0, mat2 also known as the metadata anonymisation toolkit allowed ../ directory traversal during the ZIP archive cleaning process. This issue primarily affects mat2 web instances, where clients could obtain sensitive information through a crafted archive...

7.5CVSS7.1AI score0.01751EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/14 6:25 p.m.14 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient path sanitization in the osfs.ChrootOS component. An attacker can gain unauthorized access to unintended filesystem locations by supplying crafted paths containing directory traversal sequences...

8.6CVSS6.3AI score0.0031EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:31 a.m.33 views

EUVD-2026-29379

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...

4.6CVSS5.8AI score0.0015EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/07 7:21 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal. Go Vulnerability Report: The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the...

8.7CVSS6.3AI score0.0017EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/05/07 1:16 p.m.19 views

USN-8249-1: dpkg vulnerability

Yashashree Gund discovered that the dpkg dpkg-deb tool incorrectly handled certain zstd-compressed .deb archives. If a user or automated system were tricked into manipulating a specially crafted .deb archive, a remote attacker could possibly use this issue to cause dpkg-deb to stop responding,...

7.5CVSS5.8AI score0.00418EPSS
Exploits0
CVE
CVE
added 2026/05/04 5:33 p.m.9 views

CVE-2026-43616

Detect-It-Easy (pre-3.21) contains a path traversal vulnerability that allows writing arbitrary files via crafted archive entries (relative traversals or absolute paths). Insufficient path normalization during archive extraction can write outside the target directory and may enable persistent cod...

7.8CVSS6.3AI score0.00168EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/30 3:3 a.m.11 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS7.2AI score0.00643EPSS
Exploits1References8
Rows per page
Query Builder