CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. CVE-2023-22899 Note that Nessus relies...

5.9CVSS6.8AI score0.00261EPSS

Exploits1References3

Tenable Nessus•added 2025/03/05 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2022-24615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be...

5.5CVSS6AI score0.00266EPSS

Exploits0References3

RedHat Linux•added 2023/08/14 1:2 a.m.•34 views

Important: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS6.8AI score0.00759EPSS

Exploits6References102

RedHat Linux•added 2023/06/27 10:56 a.m.•2 views

zip4j: does not always check the MAC when decrypting a ZIP archive

A flaw was found in Zip4j. In this issue, it does not always check the MAC when decrypting a ZIP archive...

5.9CVSS7.3AI score0.00261EPSS

Exploits1References4

Tenable Nessus•added 2023/04/19 12:0 a.m.•36 views

Oracle Access Manager Multiple Vulnerabilities (Apr 2023 CPU)

The version of Oracle Access Manager installed on the remote host is missing a security patch from the April 2023 CPU Advisory. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Third Party Jython. T...

7.5CVSS7.3AI score0.00622EPSS

Exploits2References4

RedhatCVE•added 2023/04/07 6:59 p.m.•41 views

CVE-2023-22899

A flaw was found in Zip4j. In this issue, it does not always check the MAC when decrypting a ZIP archive...

5.9CVSS6AI score0.00261EPSS

Exploits1References3

F5 Networks•added 2023/02/21 6:46 p.m.•84 views

K64709522: Multiple Zip Slip vulnerabilities

Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

6.5CVSS5.9AI score0.17577EPSS

Exploits8

Veracode•added 2023/02/17 7:54 a.m.•32 views

Improper Signature Validation

Zip4j is vulnerable to Improper Signature Validation. The vulnerability is due to improper AES Message Authentication Code MAC validation when the MAC signature got corrupted in an encrypted ZIP archive. This flaw can result in an attacker modifying the archive without the library detecting the...

5.9CVSS6.1AI score0.00261EPSS

Exploits1References11Affected Software1

IBM Security Bulletins•added 2023/02/15 6:22 p.m.•38 views

Security Bulletin: IBM App Connect Enterprise is affected by a remote attacker due to the zip4j library [CVE-2023-22899]

Summary IBM App Connect Enterprise Transformation Advisor tool is affected by a remote attacker due to the zip4j library CVE-2023-22899. The resolving ifix includes zip4j v2.11.3. Vulnerability Details CVEID:CVE-2023-22899 DESCRIPTION: Zip4j could provide weaker than expected security, caused by...

5.9CVSS5.9AI score0.00261EPSS

Exploits1Affected Software1

OSV•added 2023/01/10 3:30 a.m.•0 views

GHSA-2PJ2-GCHF-WMW7 Zip4j Origin Validation Error

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. This issue has been fixed in version 2.11.3...

5.9CVSS7AI score0.00261EPSS

Exploits1References9

vulnersOsv•added 2023/01/10 3:30 a.m.•1 views

ai.grakn:grakn-test (>=0.13.0 <=0.15.0), ai.grakn:test-integration (>=0.16.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +989 more potentially affected by CVE-2023-22899 via net.lingala.zip4j:zip4j (>=1.2.3 <=2.11.2)

net.lingala.zip4j:zip4j MAVEN version =1.2.3, =0.13.0, =0.16.0, =1.1, =1.9.1, =1.5.1.beta, =1.5.1.beta, =1.5.1.beta, =1.5.1.beta, =2.1.1 - cn.dev8:http-client-com-api =1.4 - cn.dev8:http-client-starter =1.4 - cn.dev8:ktbase =1.4 - cn.dev8:ktflux =1.4 - cn.dev8:ktmvc =1.4 - cn.dev8:ktmyoql =1.4 an...

5.9CVSS6.7AI score0.00261EPSS

Exploits1

Github Security Blog•added 2023/01/10 3:30 a.m.•26 views

Zip4j Origin Validation Error

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. This issue has been fixed in version 2.11.3...

5.9CVSS6.1AI score0.00261EPSS

Exploits1References9Affected Software1

OSV•added 2023/01/10 2:15 a.m.•18 views

CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

5.9CVSS6.8AI score

Exploits0References6

OSV•added 2023/01/10 2:15 a.m.•0 views

DEBIAN-CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

5.9CVSS6.7AI score0.00261EPSS

Exploits1References1