277 matches found
OPENSUSE-SU-2026:10942-1 7zip-26.01-1.1 on GA media
These are all security issues fixed in the 7zip-26.01-1.1 package on the GA media of openSUSE Tumbleweed...
Linux Distros Unpatched Vulnerability : CVE-2026-48101
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - 7zip - None p7zip - None Ubuntu Linux - Unknown description CVE-2026-48101 Note that Nessus relies on the presence of the package as reported by...
CVE-2026-44604
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
UBUNTU-CVE-2026-44604
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
CVE-2026-44604
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
EUVD-2026-32726
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
CVE-2026-44604
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
PT-2026-44197
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
Astra Linux - уязвимость в p7zip
Ppmd7.c in 7-ZIP before 23.00 allows for integer underflow and invalid read operations due to a crafted 7Z archive...
Astra Linux - уязвимость в p7zip-rar
7-Zip is a file archiver with a high compression ratio. Writing zeros outside the heap buffer in the RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to version 25.0.0. Version 25.0.0 contains a fix for this issue...
Astra Linux - уязвимость в p7zip
7-ZIP ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected 7-ZIP installations. Interaction with this product is required to exploit this vulnerability, but the attack vectors may vary depending ...
Astra Linux - уязвимость в p7zip
7-Zip 22.01 does not report an error for certain invalid xz files that involve stream flags and reserved bits. Some later versions are unaffected...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the 7zip file upload process. An attacker can exhaust server memory resources by uploading a specially crafted 7zip archive containing excessive folder declarations. Remediation Upgrade...
Mattermost doesn't validate 7zip archive structure before processing
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...
CVE-2026-6340
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...
CVE-2026-6340 Memory Exhaustion via Malicious 7zip File Upload
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...
CVE-2026-6340
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...
CVE-2026-6340
Mattermost is affected by CVE-2026-6340 due to failure to validate 7zip archive structure before processing. Affected versions are Mattermost 11.5.x up to 11.5.1, 11.4.x up to 11.4.3, and 10.11.x up to 10.11.13. The flaw can be exploited by an authenticated user uploading a specially crafted 7zip...
CVE-2026-6340 Memory Exhaustion via Malicious 7zip File Upload
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...
EUVD-2026-30744
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...