CLSA-2026-1779271865 vim: Fix of 2 CVEs

CVE-2026-35177: fix path traversal in zip.vim — block .. components via simplify in zipWrite and zipExtract upstream vim 9.2.0280 + CVE-2025-53906 prereq combined...

CLSA-2026-1779271299 vim: Fix of 2 CVEs

CVE-2026-35177: fix path traversal in zip.vim — block .. components via simplify in zipWrite and zipExtract upstream vim 9.2.0280 + CVE-2025-53906 prereq combined...

SUSE CVE-2025-4748

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...

EEF-CVE-2025-4748 Absolute path traversal in zip:unzip/1,2

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1,...

CVE-2024-45436

CVE-2024-45436 affects Ollama prior to 0.1.47, where extractFromZipFile in model.go can write ZIP entries outside the parent directory (Zip Slip/path traversal). The connected exploit document confirms a practical path traversal/vector in Ollama and notes exploitation could lead to arbitrary file...

SUSE CVE-2015-6833

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. dot dot in a ZIP archive entry that is mishandled during an extractTo call...

DEBIAN-CVE-2018-16430

GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTORzipextractmethod in zipextractor.c...

php: Integer overflow leads to buffer overflow in virtual_file_ex

Integer overflow in the virtualfileex function in TSRM/tsrmvirtualcwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a crafted extract operation on a Z...

Fedora 13 : maniadrive-1.2-23.fc13 / php-5.3.4-1.fc13.1 / php-eaccelerator-0.9.6.1-3.fc13 (2010-19011)

Security Enhancements and Fixes in PHP 5.3.4 : - Fixed crash in zip extract method possible CWE-170. - Paths with NULL in them foo\0bar.txt are now considered as invalid CVE-2006-7243. - Fixed a possible double free in imap extension Identified by Mateusz Kocielski. CVE-2010-4150. - Fixed NULL...

PHP Zip Extract method denial of service vulnerability-vulnerability warning-the black bar safety net

Affected system: PHP PHP 5.3.3 PHP PHP 5.3.2 PHP PHP 5.3.1 PHP PHP 5.3 PHP PHP 5.2 - 5.3.2 Not affected system: PHP PHP 5.3.4 PHP PHP 5.2.15 Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 4 5 3 3 5 PHP is a widely-used General-purpose...

PHP 5.2.x < 5.2.15 Multiple Vulnerabilities

Binary data 801097.prm...

PHP 5.3 < 5.3.4 Multiple Vulnerabilities

Binary data 801074.prm...

PHP 5.3.x < 5.3.4 Multiple Vulnerabilities

Binary data 5732.prm...

January 21, 2021-KB4598296 (OS Build 17763.1728) Preview

January 21, 2021-KB4598296 OS Build 17763.1728 Preview Release Date: 1/21/2021 Version: OS Build17763.1728 Important:12/8/20 Adobe Flash Player went out of support on December 31, 2020. For more information, see Adobe Flash end of support on December 31, 2020. Adobe started blocking Flash content...