SUSE CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...

Security update for pcmanfm (moderate)

openSUSE Security Update: Security update for pcmanfm Announcement ID: openSUSE-SU-2022:10001-1 Rating: moderate References: 1039140 Cross-References: CVE-2017-8934 CVSS scores: CVE-2017-8934 NVD : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 A...

Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption

Source: https://code.google.com/p/google-security-research/issues/detail?id=550 The attached file crashes in CmdExtract::UnstoreFile because the signed int64 DestUnpSize is truncated to an unsigned 32bit integer. Perhaps CmdExtract::ExtractCurrentFile should sanity check Arc.FileHead.UnpSize earl...

Multiple Zoo archivers DoS

Endless loop on archive content parsing...

SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal

SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal The StuffIt and ZipMagic Family of products is designed to meet any level of compression needs; from basic expansion to advanced archive manipulation, to automating routine compression tasks, and even building compression into a...

Directory traversal vulnerabilities in several archivers processing .tar

Subject Directory traversal vulnerabilities in several archivers processing .tar files Author Florian "sticky bit" Schafferhans [email protected] http://www.computer-security.de/ Date 17. December 2002 Affected GNU cpio 2.5 http://www.gnu.org/ tested on Linux 2.2.19 Winzip Computing WinZip...