258 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-9913
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via vectors related to the...
Linux Distros Unpatched Vulnerability : CVE-2015-7696
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly execute arbitrary code via...
Linux Distros Unpatched Vulnerability : CVE-2018-18384
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size...
Linux Distros Unpatched Vulnerability : CVE-2014-8139
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file ...
Linux Distros Unpatched Vulnerability : CVE-2014-8140
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the testcompreb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip fil...
CBL Mariner 2.0 Security Update: unzip (CVE-2015-7696)
The version of unzip installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2015-7696 advisory. - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service heap-based buffer over-read and...
CBL Mariner 2.0 Security Update: zip (CVE-2018-13410)
The version of zip installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2018-13410 advisory. - Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of...
RHEL 5 : unzip (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - unzip: Heap-based buffer overflow in fileio.c:UzpPassword function allows code execution CVE-2018-1000035...
RHEL 7 : unzip (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - unzip: Heap-based buffer overflow in fileio.c:UzpPassword function allows code execution CVE-2018-1000035...
UnZip: Multiple Vulnerabilities
Background Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files. Description Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Oracle Linux 8 : unzip (ELSA-2020-1787)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-1787 advisory. - Related: CVE-2019-13232 - Fix CVE-2019-13232 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
Buffer overflow in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string
Buffer overflow in the charsettointern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. Notes: Brocade SANnav contains the affected open source routines, but these...
K80311892: InfoZIP vulnerability CVE-2019-13232
Security Advisory Description Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue. CVE-2019-13232 Impact Local users with administrative access to the BIG-IP Advanced Shell bash may be able...
SUSE CVE-2004-1010
Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname...
SUSE CVE-2014-8140
Heap-based buffer overflow in the testcompreb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command...
SUSE CVE-2014-9913
Buffer overflow in the listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via vectors related to the compression method...
SUSE CVE-2018-13410
Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service invalid free and application crash or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an...
SUSE CVE-2018-1000032
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution...
SUSE CVE-2018-1000031
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution...
SUSE CVE-2018-1000034
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory...