15 matches found
VulnCheck KEV: CVE-2024-13365
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...
CVE-2026-33481
Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...
CVE-2026-33481
Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...
CVE-2026-33481
Technical details about CVE-2026-33481 are not publicly provided in the connected documents. Monitor for updates; no affected products, versions, vectors, or remediation details are specified in the supplied materials.
EUVD-2026-9078
malcontent: Nested archive extraction failure can drop content from scan inputs...
CVE-2026-28407
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...
EUVD-2026-4947
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...
CVE-2021-33602
A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive LZW decompression method, and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service o...
EUVD-2008-6863
Malware in sbrugna...
CVE-2025-10156
CVE-2025-10156 concerns the ZIP archive scanning component of mmaitre314 picklescan. The issue is an improper handling of exceptional conditions: crafting a ZIP with a file having a bad CRC can cause the scanner to halt analysis of contents, leading to a file marked as safe being loaded and the e...
CVE-2021-33599
A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service infinite loop and freezes AV engine scanner. The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the...
Stack overflow
When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used...
Design/Logic Flaw
Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, wh...
CVE-2008-6903
CVE-2008-6903 affects Sophos Anti-Virus products (Windows, NT/9x, OS X, Linux, UNIX, and associated Sophos EM Library/small business solutions). When CAB archive scanning is enabled, processing a crafted CAB file can trigger a denial of service in the scanner via a fuzzed archive, resulting in a ...
CVE-2006-5645
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service infinite loop via a malformed RAR archive with an Archive Header section with...