CVE-2021-20170

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password...

CVE-2020-26082

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

CVE-2022-30322

A flaw was found in go-getter. Several vulnerabilities were identified in the way go-getter processes HTTP responses, response headers, and password-protected ZIP files. This flaw allows an attacker to bypass certain configuration settings and may lead to a denial of service. Mitigation The fix...

GO-2022-0586 Resource exhaustion in github.com/hashicorp/go-getter and related modules

Malicious HTTP responses can cause a number of misbehaviors, including overwriting local files, resource exhaustion, and panics. Protocol switching, endless redirect, and configuration bypass are possible through abuse of custom HTTP response header processing. Arbitrary host access is possible...

DEBIAN-CVE-2022-30323

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0...

CVE-2022-30323

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0...

CVE-2022-30323

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0...

PT-2022-20065 · Hashicorp +1 · Go-Getter +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.5.11 and earlier HashiCorp go-getter versions 2.0.2 and earlier Description: The issue concerns the unsafe download handling in HashiCorp go-getter. Malicious HTTP responses can cause various misbehaviors,...

Cisco Email Security Appliance Zip Content Filter Bypass Vulnerability

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

PT-2020-4621 · Cisco · Cisco Email Security Appliance +1

Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance affected versions not specified Description: The issue is related to the zip decompression engine of Cisco AsyncOS Software, which is used in Cisco Email Security Appliance. It is caused by improper handling of...

Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks

By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted.These campaigns make use of existing email threads from compromised accounts to greatly increase...

The return of the BOM

There's nothing new in Brazilian cybercriminals trying out new ways to stay under the radar. It's just that this time around the bad guys have started using a method that was reported in the wild years ago. Russian gangs used this technique to distribute malware capable of modifying the hosts fil...

MGASA-2018-0422 Updated unzip packages fix security vulnerabilities

Updated unzip packages fix security vulnerabilities Heap-based out-of-bounds write CVE-2018-1000031. Heap/BSS-based buffer overflow Bypass of CVE-2015-1315 CVE-2018-1000032. Heap out-of-bounds access in efscanforstream CVE-2018-1000033. Multiple vulnerabilities in the LZMA compression algorithm...

InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple buffer overflow vulnerabilities product: InfoZip UnZip vulnerable version: UnZip = 6.00 / UnZip = 6.1c22 fixed version: 6.10c23 CVE number:...

AZL-6938 CVE-2015-7696 affecting package unzip for versions less than 6.0-19

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value...

DEBIAN-CVE-2015-7696

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value...

CVE-2015-7696

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value...

UBUNTU-CVE-2015-7696

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value...