Lucene search
K

56 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2020-24405

Malware in sbrugna...

6.5CVSS6.5AI score0.01087EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.3 views

Chall-Manager 安全漏洞

Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from a failure to check the size of the contents when decompressing a zip file, which could lead to a zip bomb decompression...

9.8CVSS6.3AI score0.00461EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.5 views

CVE-2020-26082

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

5.8CVSS7AI score0.00623EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/05 5:26 p.m.17 views

CVE-2024-36129 OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue...

8.2CVSS6.7AI score0.00994EPSS
Exploits1References4
NVD
NVD
added 2023/08/04 9:15 p.m.19 views

CVE-2020-26082

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

5.8CVSS5.7AI score0.00623EPSS
Exploits0References1
Prion
Prion
added 2023/08/04 9:15 p.m.17 views

Input validation

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

5CVSS5.3AI score0.00623EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/04 8:49 p.m.2 views

CVE-2020-26082

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

5.8CVSS7.2AI score0.00623EPSS
Exploits0References1
Prion
Prion
added 2022/12/11 8:15 a.m.23 views

Path traversal

A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...

5.8CVSS7AI score0.00722EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/05/21 12:0 a.m.34 views

Cisco Email Security Appliance Zip Content Filter Bypass (cisco-sa-esa-zip-bypass-gbU4gtTg)

According to its self-reported version, Cisco Email Security Appliance ESA is affected by a vulnerability in the zip decompression engine due to improper handling of password-protected zip files. An unauthenticated, remote attacker can exploit this with a crafted zip file to bypass content filter...

5.8CVSS5.9AI score0.00623EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/05/04 12:0 a.m.3 views

CVE-2020-4993

IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905...

4.9CVSS5.1AI score0.01258EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/17 12:0 a.m.6 views

The vulnerability of the software’s zip-file decompression mechanism in Cisco AsyncOS affects Cisco Email Security Appliance security systems. This vulnerability allows attackers to bypass the configured content filters on the device.

The vulnerability of the software’s zip-file decompression mechanism for Cisco Email Security Appliance devices is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to bypass the configured content filters on the device...

5.8CVSS5.9AI score0.00623EPSS
Exploits0References2Affected Software1
Cisco
Cisco
added 2020/11/04 4:0 p.m.36 views

Cisco Email Security Appliance Zip Content Filter Bypass Vulnerability

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

5.8CVSS1.5AI score0.00623EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/11/04 12:0 a.m.3 views

PT-2020-4621 · Cisco · Cisco Email Security Appliance +1

Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance affected versions not specified Description: The issue is related to the zip decompression engine of Cisco AsyncOS Software, which is used in Cisco Email Security Appliance. It is caused by improper handling of...

5.8CVSS5.1AI score0.00623EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.4 views

The vulnerability of the software’s zip-file decompression mechanism in Cisco AsyncOS affects Cisco Email Security Appliance security systems. This vulnerability allows a hacker to trigger a service failure.

The vulnerability of the software’s zip-file decompression mechanism for Cisco Email Security Appliance systems exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

6.5CVSS6.5AI score0.01087EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/01/26 5:15 a.m.3 views

CVE-2020-3134

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

6.5CVSS6.7AI score0.01087EPSS
Exploits0References1
NVD
NVD
added 2020/01/26 5:15 a.m.14 views

CVE-2020-3134

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

6.5CVSS6.5AI score0.01087EPSS
Exploits0References1
Prion
Prion
added 2020/01/26 5:15 a.m.17 views

Input validation

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

6.4CVSS6.5AI score0.01087EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2020/01/26 4:31 a.m.9 views

CVE-2020-3134 Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

6.5CVSS7.1AI score0.01087EPSS
Exploits0References1
CNVD
CNVD
added 2020/01/23 12:0 a.m.1 views

Cisco Email Security Appliance zip decompression engine denial of service vulnerability

The Cisco Email Security Appliance ESA is an all-in-one appliance that defends against spam, advanced malware, phishing, and data loss.Cisco AsyncOS is the base operating system OS, device drivers, memory management, process scheduling, and a collection of all application and scanning software. A...

6.5CVSS6.7AI score0.01087EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/22 4:0 p.m.27 views

Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

6.5CVSS1.6AI score0.01087EPSS
Exploits0References1
Rows per page
Query Builder