Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
archive zip vulnerabilities and exploits
(subscribe to this query)
517
VMScore
CVE-2018-1002202
zip4j prior to 1.3.3 is vulnerable to directory traversal, allowing malicious users to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Zip4j Project Zip4j
605
VMScore
CVE-2014-8141
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and previous versions allows remote malicious users to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Unzip Project Unzip
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Server Eus 7.1
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.3
Redhat Enterprise Linux Server Eus 7.3
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Server Eus 7.5
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Tus 6.6
Redhat Enterprise Linux Server Eus 6.6
Redhat Enterprise Linux Server Tus 7.7
231
VMScore
CVE-2004-1495
The Repair Archive command in WinRAR 3.40 allows remote malicious users to cause a denial of service (application crash) via a corrupt ZIP archive.
Rarlab Winrar 3.10
Rarlab Winrar 3.20
Rarlab Winrar 3.40
Rarlab Winrar 2.90
Rarlab Winrar 3.0.0
Rarlab Winrar 3.10 Beta3
Rarlab Winrar 3.10 Beta5
Rarlab Winrar 3.11
NA
CVE-2024-0450
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio....
NA
CVE-2023-22898
workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb).
Circl Pandora
605
VMScore
CVE-2014-8140
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and previous versions allows remote malicious users to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Unzip Project Unzip
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 6.6
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Server Eus 7.1
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.3
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Eus 7.3
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Server Eus 7.5
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Server Tus 6.6
Redhat Enterprise Linux Server Eus 6.6
Redhat Enterprise Linux Server Eus 7.7
570
VMScore
CVE-2019-7234
An issue exists in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can the...
Idreamsoft Icms 7.0.13
445
VMScore
CVE-2022-35410
mat2 (aka metadata anonymisation toolkit) prior to 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.
0xacab Mat2
Debian Debian Linux 10.0
Debian Debian Linux 11.0
454
VMScore
CVE-2022-27438
Caphyon Ltd Advanced Installer 19.3 and previous versions and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulner...
Caphyon Advanced Installer
Realdefense Mypasslock 1.9.6
Realdefense Mycleanpc 4.0.2
Realdefense Mycleanid 4.1.4
Prusa3d Prusaslicer 2.4.2
Plagiarismcheckerx Plagiarism Checker X 8.0.6
Vigem Vigembus Driver 1.16.116
Nefarius Scptoolkit 1.6.238.16010
Moonsoftware Password Agent 20.10.1
Getmailbird Mailbird 2.9.50.0
Krylack Burning Suite 1.20.05
Krylack Rar Password Recovery 3.70.69
Krylack Volume Serial Number Editor 2.02.34
Krylack Zip Password Recovery 3.70.69
Krylack Asterisks Password Decryptor 3.31.107
Krylack Archive Password Recovery 3.70.69
Jpsoft Take Command 28.2.18
Jki Vi Package Manager 21.1.2754
Honeygain Honeygain 0.10.7.0
Guzogo Guzogo 1.0.5.0
Gamecaster Gamecaster 4.0.2109.2802
Gainedge Better Explorer 2020.3.15.1304
1 Github repository
570
VMScore
CVE-2018-20227
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
Eclipse Rdf4j 2.4.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »