CVE-2025-64390

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...

SUSE CVE-2026-27819

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

CVE-2026-27819

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

EUVD-2026-8753

Vikunja has Path Traversal in CLI Restore...

CVE-2026-27819

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

CVE-2026-27819

Vikunja prior to 2.0.0 contains a path traversal vulnerability in the CLI restore path. The restore.go logic in go-vikunja/vikunja uses the ZIP entry’s Name directly in os.OpenFile calls without validating paths, allowing a malicious ZIP to escape the intended extraction directory and overwrite a...

MiracleLinux 3 : bzip2-1.0.3-4AXS3 (AXSA:2008-274:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-274:01 advisory. bzip2 compresses files using the Burrows-Wheeler block sorting text compression algorithm, and Huffman coding. Compression is generally considerably better th...

EUVD-2011-1476

Malware in sbrugna...

EUVD-2009-0051

Malware in sbrugna...

EUVD-2006-5665

Malware in sbrugna...

XWiki Platform Resource Management Error Vulnerability

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating web collaboration applications. A resource management error vulnerability exists in XWiki Platform that originates from allowing an attacker to distribute malformed TAR files by manipulating file modification times...

SUSE CVE-2006-5680

The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service CPU consumption via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop tha...

Updated golang packages fix security vulnerabilities

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method CVE-2021-27918. net/http in Go before 1.15.12 and 1.16.x before 1.16....

golang: archive/zip: malformed archive may cause panic or memory exhaustion

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files...

USN-4692-1 tar vulnerabilities

Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu...

php: DoS (excessive CPU consumption) by processing certain Zip archive files

Integer signedness error in zipstream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service CPU consumption via a malformed archive file that triggers errors in zipfread function calls...

Integer overflow

Integer signedness error in zipstream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service CPU consumption via a malformed archive file that triggers errors in zipfread function calls...

CVE-2011-1471

Integer signedness error in zipstream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service CPU consumption via a malformed archive file that triggers errors in zipfread function calls...

Code injection

The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service infinite loop via a malformed MSZIP archive in a .cab file during a 1 test or 2 extract action, related to the libmspack library...

SuSE9 Security Update : gnome-vfs2,gnome-vfs2-doc (YOU Patch Number 10010)

This update fixes the following security problems : - The VFS scripts contained in GNOME are vulnerable to attacks on temporary files as well as command execution via shell meta-characters. These bugs can be exploited by accessing a malformated archive file. CVE-2004-0494 - Insufficient checks wh...