Lucene search
K

10 matches found

UbuntuCve
UbuntuCve
added 2026/04/09 3:16 p.m.6 views

CVE-2026-5439

A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value,...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 2:44 p.m.3 views

CVE-2026-5439 Memory Exhaustion via Forged ZIP Metadata

A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value,...

5.8AI score0.00426EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.9 views

SUSE CVE-2026-27819

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

7.2CVSS5.8AI score0.00739EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.5 views

PT-2026-24181

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Attackers are utilizing a technique involving malformed ZIP metadata, referred to as 'shadow archives', to circumvent antivirus AV and Endpoint Detection and Response EDR systems. This method allows...

7.5CVSS5.8AI score
Exploits0References31
Veracode
Veracode
added 2023/05/11 4:13 a.m.21 views

Denial Of Service (DoS)

github.com/sigstore/rekor is vulnerable to Denial Of Service DoS. The vulnerability exists because the archive metadata file size is not checked before the files are read to memory which can lead to out of memory conditions resulting in an application crash...

7.5CVSS7.2AI score0.0105EPSS
Exploits0References4Affected Software2
SUSE CVE
SUSE CVE
added 2023/05/10 1:56 a.m.3 views

SUSE CVE-2023-30551

Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory OOM conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of...

7.5CVSS6.9AI score0.0105EPSS
Exploits0References4
Prion
Prion
added 2023/05/08 4:15 p.m.13 views

Race condition

Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory OOM conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of...

5CVSS7.4AI score0.0105EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/03 12:0 a.m.4 views

PT-2023-22778

Name of the Vulnerable Software and Affected Versions Rekor versions prior to 1.1.1 Description Rekor is an open source software supply chain transparency log that may crash due to out of memory OOM conditions caused by reading archive metadata files into memory without checking their sizes first...

7.5CVSS7.1AI score0.0105EPSS
Exploits0References16
Packet Storm
Packet Storm
added 2009/10/28 12:0 a.m.35 views

Safari Archive Metadata Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3...

5.1CVSS0.7AI score0.58105EPSS
Exploits8
Exploit DB
Exploit DB
added 2006/02/22 12:0 a.m.31 views

Apple Mac OSX Safari Browser - 'Safe File' Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

7.4AI score
Exploits0
Rows per page
Query Builder