425 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-58052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an...
SUSE-SU-2026:2833-1 Security update for clamav
This update for clamav fixes the following issues - CVE-2026-20213: PE file format parser could allow an unauthenticated, remote attacker to cause a denial of service bsc1270107. - CVE-2026-20214: FSG file format parser could allow an unauthenticated, remote attacker to cause a denial of service...
MGASA-2026-0238 Updated 7zip packages fix a security vulnerability
7-Zip has a heap buffer overflow via NTFS compressed stream buffer under-allocation. CVE-2026-48095...
Updated 7zip packages fix a security vulnerability
7-Zip has a heap buffer overflow via NTFS compressed stream buffer under-allocation. CVE-2026-48095...
Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes
Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to...
CVE-2026-14966
BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...
CVE-2026-14966
BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...
CVE-2026-14966
BBOT’s unarchive module is affected by a symlink guard bypass when handling certain archives. Specifically, zip and 7z archives with a DOS-attribute prefix in their listing (as produced by legacy p7zip) can bypass the extraction guard, allowing an attacker-controlled symlink to be written into th...
USN-8517-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2026-20213, CVE-2026-20214, CVE-2026-20217 It was discovered that ClamAV incorrectly handled certain 7z archive files...
[SECURITY] Fedora 43 Update: 7zip-26.02-1.fc43
7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...
CVE-2026-20215
A flaw was found in ClamAV's 7z file format parser. An unauthenticated, remote attacker could exploit this vulnerability by submitting a specially crafted 7z file for scanning. This improper handling of 7z files can lead to memory corruption, allowing the attacker to cause a Denial of Service DoS...
SUSE CVE-2026-20215
A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...
[SECURITY] Fedora 44 Update: 7zip-26.02-1.fc44
7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...
7-Zip <= 26.02 Mark-of-the-Web Bypass (CVE-2026-58052)
The version of 7-Zip installed on the remote Windows host is 26.02 or earlier. It is, therefore, affected by a vulnerability: - 7-Zip for Windows fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier...
Cisco Secure Endpoint Multiple ClamAV DoS (cisco-sa-clamav-88cFYyxR)
According to its self-reported version, Cisco Secure Endpoint is affected by multiple vulnerabilities. - A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory...
UBUNTU-CVE-2026-20215
A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...
Linux Distros Unpatched Vulnerability : CVE-2026-20215
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded...
DEBIAN-CVE-2026-20215
A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...
CVE-2026-20215
A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...
CVE-2026-20215
A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...