CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. dot dot sequences in a filename...

5CVSS7.1AI score0.01938EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 5:58 a.m.•1 views

SUSE CVE-2010-2801

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the...

5.1CVSS8AI score0.04956EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 5:58 a.m.•1 views

SUSE CVE-2010-2800

The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service infinite loop via a malformed MSZIP archive in a .cab file during a 1 test or 2 extract action, related to the libmspack library...

4.3CVSS6.9AI score0.01203EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 5:21 a.m.•1 views

SUSE CVE-2015-2060

cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash...

5.3CVSS7AI score0.08747EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 4:22 a.m.•1 views

SUSE CVE-2018-18584

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write...

6.5CVSS9.8AI score0.05833EPSS

Exploits0References8

OpenVAS•added 2022/01/28 12:0 a.m.•16 views

Mageia: Security Advisory (MGASA-2015-0086)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.3AI score0.08747EPSS

Exploits1References5

OpenVAS•added 2022/01/28 12:0 a.m.•27 views

Mageia: Security Advisory (MGASA-2018-0455)

8.8CVSS6.7AI score0.05833EPSS

Exploits2References6

OpenVAS•added 2022/01/28 12:0 a.m.•14 views

Mageia: Security Advisory (MGASA-2015-0052)

5CVSS5.3AI score0.01102EPSS

Exploits1References4

Tenable Nessus•added 2021/02/22 12:0 a.m.•19 views

EulerOS 2.0 SP2 : libmspack (EulerOS-SA-2021-1318)

According to the version of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum...

6.5CVSS7.1AI score0.05833EPSS

Exploits0References2

Veracode•added 2020/12/06 3:47 a.m.•16 views

Directory Traversal

cabextract is vulnerable to directory traversal. Lack of proper checking for leading slashes when extracting files allows remote attackers to perform directory traversal attacks via a malformed UTF-8 characters that are changed to a UTF-8 encoded slash...

5.3CVSS5.5AI score0.08747EPSS

Exploits1References8Affected Software1