20 matches found
RHEL 6 / 7 : rh-maven33-plexus-archiver and rh-maven35-plexus-archiver (RHSA-2018:1837)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1837 advisory. The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications c...
K64709522: Multiple Zip Slip vulnerabilities
Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
at.bestsolution:maven-osgi-package-plugin (=0.0.1), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.1.1) +2070 more potentially affected by CVE-2018-1002200 via org.codehaus.plexus:plexus-archiver (>=1.0 <=3.5)
org.codehaus.plexus:plexus-archiver MAVEN version =1.0, =9.1.1, =1.0, =0.1-1, =0.7.8, =0.6.0, =0.6.0, =0.6.0, =1.4.14, =1.2.1, =0.9.0, =1.0.0, =ccbc95eb and more Source cves: CVE-2018-1002200 Source advisory: OSV:GHSA-HCXQ-X77Q-3469...
CVE-2018-1002200
A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or...
NewStart CGSL CORE 5.04 / MAIN 5.04 : plexus-archiver Vulnerability (NS-SA-2019-0041)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has plexus-archiver packages installed that are affected by a vulnerability: - A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file...
Updated plexus-archiver packages fix security vulnerability
A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or...
CVE-2018-1002200
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
CVE-2018-1002200
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
CVE-2018-1002200
CVE-2018-1002200 affects plexus-archiver prior to 3.6.0, which is vulnerable to a directory traversal (Zip-Slip) that allows an attacker extracting a crafted archive to write to arbitrary files. Impact observed in multiple advisories: arbitrary file write/overwrite by exploiting zip entry path tr...
CVE-2018-1002200
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
Important: plexus-archiver
Issue Overview: A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with...
Fedora Update for plexus-archiver FEDORA-2018-6c55e1f79c
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
plexus security update
CentOS Errata and Security Advisory CESA-2018:1836 An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Scientific Linux Security Update : plexus-archiver on SL7.x (noarch) (20180612)
Security Fixes : - plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file CVE-2018-1002200 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid110508; scriptversion"1.5"...
Debian DSA-4227-1 : plexus-archiver - security update
Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive. C Tenable Network Security, Inc. The descriptive text and...
Oracle Linux 7 : plexus-archiver (ELSA-2018-1836)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1836 advisory. 0:2.4.2-5 - Fix arbitrary file write vulnerability - Resolves: CVE-2018-1002200 Tenable has extracted the preceding description block directly from the Oracle...
Important: Red Hat Security Advisory: rh-maven33-plexus-archiver and rh-maven35-plexus-archiver security update
An update for rh-maven33-plexus-archiver and rh-maven35-plexus-archiver is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...
Important: Red Hat Security Advisory: plexus-archiver security update
An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
plexus-archiver security update
0:2.4.2-5 - Fix arbitrary file write vulnerability - Resolves: CVE-2018-1002200...
ZIP Slip Arbitrary File Overwrite Remote Code Execution (CVE-2018-1002200; CVE-2018-1002201; CVE-2018-1002203; CVE-2018-1002204; CVE-2018-1002205; CVE-2018-1002206; CVE-2018-1002207; CVE-2018-1261; CVE-2018-8008; CVE-2018-8009; CVE-2021-43555)
A file overwrite vulnerability exist in archive formats. To trigger this issue, an attacker may create a malicious archive that will exploit this vulnerability. Successful exploitation of this vulnerability would allow a remote attacker to overwrite arbitrary files on the vulnerable system and...