EUVD-2015-4063

Malware in sbrugna...

SUSE CVE-2015-4035

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name...

CLSA-2022-1668547209 xz: Fix of CVE-2022-1271

CVE-2022-1271: Fix arbitrary file write vulnerability in xzgrep utility...

CLSA-2022-1668546739 xz: Fix of CVE-2022-1271

CVE-2022-1271: Fix arbitrary file write vulnerability in xzgrep utility...

ROS-20220516-02

A vulnerability in the gzip library is related to errors in file name processing. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files to the system using the command-line utilities zgrep and xzgrep command line utilities...

OESA-2022-1650 xz security update

XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils. The core of the XZ Utils compression code is based on LZMA SDK, but it has...

Updated gzip/xz packages fix security vulnerability

zgrep, xzgrep: arbitrary-file-write vulnerability. CVE-2022-1271...

USN-5378-2 xz-utils vulnerability

Cleemy Desu Wayo discovered that XZ Utils incorrectly handled certain filenames. If a user or automated system were tricked into performing xzgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files...

Tukaani XZ Utils xzgrep Argument Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tukaani XZ Utils. Interaction with this script is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of...

Remote Code Execution

Gzip is vulnerable to remote code execution. Insufficient validations when processing filenames with two or more newlines allow remote attackers to force zgrep or xzgrep to write arbitrary files on the system...

GNU Gzip 输入验证错误漏洞

GNU Gzip is a compression/decompression program from the GNU community. An input validation error vulnerability exists in GNU Gzip due to insufficient validation when handling filenames with two or more newlines. A remote attacker could force zgrep or xzgrep to write arbitrary files on the system...

xzgrep Code Execution Vulnerability

xzgrep is a set of regular expression tools for searching compressed files. A security vulnerability exists in the scripts/xzgrep.in file in xzgrep, which stems from the program failing to properly handle filenames with semicolons. A remote attacker can exploit this vulnerability to execute...

Code injection

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name...

CVE-2015-4035

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name...

CVE-2015-4035

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name...

CVE-2015-4035

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name...

CVE-2015-4035

CVE-2015-4035 affects the xzgrep utility. Technical details in connected sources show that the vulnerability lies in the scripts/xzgrep.in file within xzgrep, where filenames containing semicolons are not processed correctly. This allows a remote attacker to cause arbitrary code execution if a us...

CVE-2015-4035

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name...

xzgrep '/tmp/semi' Local Arbitrary Code Execution Vulnerability

xzgrep is a set of regular expression tools for searching compressed files. A security vulnerability exists in the xzgrep '/tmp/semi' processing, which allows a local attacker to execute arbitrary code in the context of the application...