Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.13 views

RHEL 6 / 7 : rh-maven33-plexus-archiver and rh-maven35-plexus-archiver (RHSA-2018:1837)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1837 advisory. The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications c...

5.5CVSS7.2AI score0.13179EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.101 views

K64709522: Multiple Zip Slip vulnerabilities

Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

6.5CVSS5.9AI score0.15359EPSS
Exploits8
vulnersOsv
vulnersOsv
added 2022/05/13 1:35 a.m.7 views

at.bestsolution:maven-osgi-package-plugin (=0.0.1), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.1.1) +2070 more potentially affected by CVE-2018-1002200 via org.codehaus.plexus:plexus-archiver (>=1.0 <=3.5)

org.codehaus.plexus:plexus-archiver MAVEN version =1.0, =9.1.1, =1.0, =0.1-1, =0.7.8, =0.6.0, =0.6.0, =0.6.0, =1.4.14, =1.2.1, =0.9.0, =1.0.0, =ccbc95eb and more Source cves: CVE-2018-1002200 Source advisory: OSV:GHSA-HCXQ-X77Q-3469...

5.5CVSS6.4AI score0.13179EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2020/01/19 3:31 a.m.29 views

CVE-2018-1002200

A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or...

7.3CVSS2.4AI score0.13179EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.33 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : plexus-archiver Vulnerability (NS-SA-2019-0041)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has plexus-archiver packages installed that are affected by a vulnerability: - A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file...

5.5CVSS6.3AI score0.13179EPSS
Exploits1References2
Mageia
Mageia
added 2019/01/05 6:30 p.m.31 views

Updated plexus-archiver packages fix security vulnerability

A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or...

5.5CVSS2.2AI score0.13179EPSS
Exploits1References2
OSV
OSV
added 2018/07/25 5:29 p.m.23 views

CVE-2018-1002200

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS6.6AI score
Exploits0References8
UbuntuCve
UbuntuCve
added 2018/07/25 5:29 p.m.19 views

CVE-2018-1002200

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS6.5AI score0.13179EPSS
Exploits1References3
CVE
CVE
added 2018/07/25 5:0 p.m.124 views

CVE-2018-1002200

CVE-2018-1002200 affects plexus-archiver prior to 3.6.0, which is vulnerable to a directory traversal (Zip-Slip) that allows an attacker extracting a crafted archive to write to arbitrary files. Impact observed in multiple advisories: arbitrary file write/overwrite by exploiting zip entry path tr...

5.5CVSS5.5AI score0.13179EPSS
Exploits1References8Affected Software1
Debian CVE
Debian CVE
added 2018/07/25 5:0 p.m.20 views

CVE-2018-1002200

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS5.8AI score0.13179EPSS
Exploits1
Amazon
Amazon
added 2018/06/20 12:0 a.m.24 views

Important: plexus-archiver

Issue Overview: A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with...

5.5CVSS6.2AI score0.13179EPSS
Exploits1
OpenVAS
OpenVAS
added 2018/06/15 12:0 a.m.31 views

Fedora Update for plexus-archiver FEDORA-2018-6c55e1f79c

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6AI score0.13179EPSS
Exploits1References2
Cent OS
Cent OS
added 2018/06/14 3:10 p.m.135 views

plexus security update

CentOS Errata and Security Advisory CESA-2018:1836 An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

5.5CVSS6.8AI score0.13179EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2018/06/13 12:0 a.m.19 views

Debian DSA-4227-1 : plexus-archiver - security update

Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive. C Tenable Network Security, Inc. The descriptive text and...

5.5CVSS6.2AI score0.13179EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2018/06/13 12:0 a.m.32 views

Scientific Linux Security Update : plexus-archiver on SL7.x (noarch) (20180612)

Security Fixes : - plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file CVE-2018-1002200 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid110508; scriptversion"1.5"...

5.5CVSS7AI score0.13179EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/06/13 12:0 a.m.21 views

Oracle Linux 7 : plexus-archiver (ELSA-2018-1836)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1836 advisory. 0:2.4.2-5 - Fix arbitrary file write vulnerability - Resolves: CVE-2018-1002200 Tenable has extracted the preceding description block directly from the Oracle...

5.5CVSS6.5AI score0.13179EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2018/06/12 3:8 p.m.70 views

Important: Red Hat Security Advisory: rh-maven33-plexus-archiver and rh-maven35-plexus-archiver security update

An update for rh-maven33-plexus-archiver and rh-maven35-plexus-archiver is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

5.5CVSS6.8AI score0.13179EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2018/06/12 2:49 p.m.69 views

Important: Red Hat Security Advisory: plexus-archiver security update

An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

5.5CVSS6.8AI score0.13179EPSS
Exploits1References3
Oracle linux
Oracle linux
added 2018/06/12 12:0 a.m.28 views

plexus-archiver security update

0:2.4.2-5 - Fix arbitrary file write vulnerability - Resolves: CVE-2018-1002200...

5.5CVSS2.5AI score0.13179EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2018/06/06 12:0 a.m.57 views

ZIP Slip Arbitrary File Overwrite Remote Code Execution (CVE-2018-1002200; CVE-2018-1002201; CVE-2018-1002203; CVE-2018-1002204; CVE-2018-1002205; CVE-2018-1002206; CVE-2018-1002207; CVE-2018-1261; CVE-2018-8008; CVE-2018-8009; CVE-2021-43555)

A file overwrite vulnerability exist in archive formats. To trigger this issue, an attacker may create a malicious archive that will exploit this vulnerability. Successful exploitation of this vulnerability would allow a remote attacker to overwrite arbitrary files on the vulnerable system and...

6.8CVSS4.4AI score0.37986EPSS
Exploits7
Rows per page
Query Builder