Lucene search
+L

83 matches found

RedHat Linux
RedHat Linux
added 2023/10/26 10:5 a.m.57 views

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS7.2AI score0.0207EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.16 views

Ubuntu 18.04 ESM : Plexus Archiver vulnerability (USN-4832-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4832-1 advisory. It was discovered that Plexus Archiver incorrectly handled directory traversal during extraction. An attacker could possibly use this for a Zip-Slip attack. Tenab...

5.5CVSS6.4AI score0.13179EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/10/06 1:45 a.m.6 views

SUSE CVE-2023-37460

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

8.1CVSS8.3AI score0.0207EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/10/05 11:24 a.m.34 views

CVE-2023-37460

A flaw was found in the Plexus Archiver. While using AbstractUnArchiver for extracting, an archive might lead to arbitrary file creation and possible remote code execution RCE. Extracting an archive with an entry in the destination directory as a symbolic link whose target does not exist will...

8.1CVSS7.9AI score0.0207EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2023/07/31 7:0 a.m.3 views

Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver

...

9.8CVSS8.3AI score0.0207EPSS
Exploits1
OSV
OSV
added 2023/07/25 8:15 p.m.6 views

AZL-34813 CVE-2023-37460 affecting package javapackages-bootstrap for versions less than 1.5.0-4

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

9.8CVSS7.5AI score0.0207EPSS
Exploits1References1
OSV
OSV
added 2023/07/25 8:15 p.m.11 views

AZL-27645 CVE-2023-37460 affecting package javapackages-bootstrap for versions less than 1.5.0-4

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

9.8CVSS7.5AI score0.0207EPSS
Exploits1References1
OSV
OSV
added 2023/07/25 8:15 p.m.3 views

UBUNTU-CVE-2023-37460

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

9.8CVSS7.4AI score0.0207EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/07/25 7:41 p.m.19 views

CVE-2023-37460 Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

8.1CVSS9.8AI score0.0207EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/07/25 7:41 p.m.21 views

CVE-2023-37460 Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

8.1CVSS10AI score0.0207EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2023/07/25 5:20 p.m.5 views

at.bestsolution:maven-osgi-package-plugin (=0.0.1), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.1.1) +3296 more potentially affected by CVE-2023-37460 via org.codehaus.plexus:plexus-archiver (>=1.0 <=4.7.1)

org.codehaus.plexus:plexus-archiver MAVEN version =1.0, =9.1.1, =1.0, =0.1-1, =1.0.0, =1.0.0, =0.7.6, =0.6.0, =0.6.0, =0.6.0, =0.8.0 and more Source cves: CVE-2023-37460 Source advisory: OSV:GHSA-WH3P-FPHP-9H2M...

9.8CVSS7.2AI score0.0207EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.102 views

K64709522: Multiple Zip Slip vulnerabilities

Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

6.5CVSS5.9AI score0.15359EPSS
Exploits8
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.12 views

Ubuntu: Security Advisory (USN-4832-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.5AI score0.13179EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/05/13 1:35 a.m.7 views

at.bestsolution:maven-osgi-package-plugin (=0.0.1), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.1.1) +2070 more potentially affected by CVE-2018-1002200 via org.codehaus.plexus:plexus-archiver (>=1.0 <=3.5)

org.codehaus.plexus:plexus-archiver MAVEN version =1.0, =9.1.1, =1.0, =0.1-1, =0.7.8, =0.6.0, =0.6.0, =0.6.0, =1.4.14, =1.2.1, =0.9.0, =1.0.0, =ccbc95eb and more Source cves: CVE-2018-1002200 Source advisory: OSV:GHSA-HCXQ-X77Q-3469...

5.5CVSS6.4AI score0.13179EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/05/13 1:35 a.m.23 views

Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS5.8AI score0.13179EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2022/05/13 1:35 a.m.23 views

GHSA-HCXQ-X77Q-3469 Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS5.5AI score0.13179EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2019-0005)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.5AI score0.13179EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.19 views

Mageia: Security Advisory (MGASA-2014-0056)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.6AI score0.12608EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2021/03/15 10:16 p.m.39 views

USN-4832-1: Plexus Archiver vulnerability

It was discovered that Plexus Archiver incorrectly handled directory traversal during extraction. An attacker could possibly use this for a Zip-Slip attack...

5.5CVSS6.3AI score0.13179EPSS
Exploits1
OSV
OSV
added 2021/03/15 10:16 p.m.3 views

USN-4832-1 plexus-archiver vulnerability

It was discovered that Plexus Archiver incorrectly handled directory traversal during extraction. An attacker could possibly use this for a Zip-Slip attack...

5.5CVSS6.4AI score0.13179EPSS
Exploits1References2
Rows per page
Query Builder