56 matches found
EUVD-2020-24405
Malware in sbrugna...
Chall-Manager 安全漏洞
Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from a failure to check the size of the contents when decompressing a zip file, which could lead to a zip bomb decompression...
CVE-2020-26082
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...
CVE-2024-36129 OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue...
CVE-2020-26082
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...
Input validation
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...
CVE-2020-26082
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...
Path traversal
A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...
Cisco Email Security Appliance Zip Content Filter Bypass (cisco-sa-esa-zip-bypass-gbU4gtTg)
According to its self-reported version, Cisco Email Security Appliance ESA is affected by a vulnerability in the zip decompression engine due to improper handling of password-protected zip files. An unauthenticated, remote attacker can exploit this with a crafted zip file to bypass content filter...
CVE-2020-4993
IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905...
The vulnerability of the software’s zip-file decompression mechanism in Cisco AsyncOS affects Cisco Email Security Appliance security systems. This vulnerability allows attackers to bypass the configured content filters on the device.
The vulnerability of the software’s zip-file decompression mechanism for Cisco Email Security Appliance devices is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to bypass the configured content filters on the device...
Cisco Email Security Appliance Zip Content Filter Bypass Vulnerability
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...
PT-2020-4621 · Cisco · Cisco Email Security Appliance +1
Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance affected versions not specified Description: The issue is related to the zip decompression engine of Cisco AsyncOS Software, which is used in Cisco Email Security Appliance. It is caused by improper handling of...
The vulnerability of the software’s zip-file decompression mechanism in Cisco AsyncOS affects Cisco Email Security Appliance security systems. This vulnerability allows a hacker to trigger a service failure.
The vulnerability of the software’s zip-file decompression mechanism for Cisco Email Security Appliance systems exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
CVE-2020-3134
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...
CVE-2020-3134
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...
Input validation
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...
CVE-2020-3134 Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...
Cisco Email Security Appliance zip decompression engine denial of service vulnerability
The Cisco Email Security Appliance ESA is an all-in-one appliance that defends against spam, advanced malware, phishing, and data loss.Cisco AsyncOS is the base operating system OS, device drivers, memory management, process scheduling, and a collection of all application and scanning software. A...
Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...