14 matches found
Keras 安全漏洞
Keras is a multi-backend deep learning framework open-sourced by Keras. A security vulnerability exists in Keras that stems from a specially crafted .keras model archive that could trigger arbitrary code execution...
SUSE SLES15 Security Update : libarchive (SUSE-SU-2022:0944-2)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0944-2 advisory. - CVE-2021-36976: Fixed an invalid memory access that could cause data corruption bsc1188572. Non-security updates: - Updated...
CVE-2022-48285
A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from...
Directory traversal
An Archive Extraction AKA "Zip Slip vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal...
CVE-2021-37196
A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions = V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS unpacks specially crafted archi...
Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Spectrum Protect Plus (CVE-2019-12402).
Summary A denial of service vulnerability in Apache Commons Compress affects IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an error in the internal file name encoding algorithm. By choosi...
CVE-2019-16680
A path traversal vulnerability was discovered in the file-roller Archive Manager for GNOME in the way file paths with special characters are sanitized. Archives containing the sequence of characters "../" in a file path may be vulnerable to this flaw. A remote attacker could exploit this flaw by...
EulerOS 2.0 SP5 : libarchive (EulerOS-SA-2019-1973)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An error in the lhareadfileheader1 function archivereadsupportformatlha.c in libarchive 3.2.2 allows remote attackers to trigger an...
CVE-2018-1000879
libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards release v3.3.0 onwards contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archiveacl.c, archiveaclfromtextl that can result in Crash/DoS. This attack appear to be exploitable via the vict...
Directory traversal
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary...
CVE-2017-5601
An error in the lhareadfileheader1 function archivereadsupportformatlha.c in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive...
Out-of-bounds
An error in the lhareadfileheader1 function archivereadsupportformatlha.c in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive...
GLSA-201701-03 : libarchive: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201701-03 libarchive: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a...
CVE-2016-7162
A path traversal flaw was found in file-roller. If a user were tricked into opening a specially crafted archive and clicking on a symbolic link, file deletion could occur...