Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache commons compress vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2024-25710
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 up to and including 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.
Apache Commons Compress
5
CVSSv2
CVE-2012-2098
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress prior to 1.4.1 allows remote malicious users to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Apache Commons Compress
2 Github repositories
5.5
CVSSv3
CVE-2023-42503
Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 prior to 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can...
Apache Commons Compress
5.5
CVSSv3
CVE-2024-26308
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 prior to 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
Apache Commons Compress
1 Github repository
5.5
CVSSv3
CVE-2018-11771
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can le...
Apache Commons Compress
Oracle Weblogic Server 14.1.1.0.0
5.5
CVSSv3
CVE-2018-1324
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services t...
Apache Commons Compress
Oracle Mysql Cluster
Oracle Weblogic Server 14.1.1.0.0
1 Github repository
7.5
CVSSv3
CVE-2019-12402
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Co...
Apache Commons Compress
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Oracle Banking Payments
Oracle Banking Platform 2.6.2
Oracle Banking Platform 2.7.0
Oracle Banking Platform 2.8.0
Oracle Banking Platform 2.9.0
Oracle Communications Element Manager
Oracle Communications Ip Service Activator 7.3.0
Oracle Communications Ip Service Activator 7.4.0
Oracle Communications Session Report Manager
7.5
CVSSv3
CVE-2021-35515
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
Apache Commons Compress
Netapp Active Iq Unified Manager -
Netapp Oncommand Insight -
Oracle Banking Digital Experience
Oracle Banking Digital Experience 19.1
Oracle Banking Digital Experience 20.1
Oracle Banking Digital Experience 21.1
Oracle Banking Enterprise Default Management 2.7.0
Oracle Banking Party Management 2.7.0
Oracle Banking Payments 14.5
Oracle Banking Trade Finance 14.5
Oracle Banking Treasury Management 14.5
7.5
CVSSv3
CVE-2021-35516
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz pa...
Apache Commons Compress
Netapp Active Iq Unified Manager -
Netapp Oncommand Insight -
Oracle Banking Digital Experience
Oracle Banking Digital Experience 19.1
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Banking Digital Experience 21.1
Oracle Banking Enterprise Default Management 2.7.0
Oracle Banking Party Management 2.7.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
7.5
CVSSv3
CVE-2021-35517
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar pack...
Apache Commons Compress
Netapp Active Iq Unified Manager -
Netapp Oncommand Insight -
Oracle Banking Apis
Oracle Banking Apis 19.1
Oracle Banking Apis 19.2
Oracle Banking Apis 20.1
Oracle Banking Apis 21.1
Oracle Banking Digital Experience
Oracle Banking Digital Experience 19.1
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-0998
CVE-2025-26779
unknown
CVE-2025-1094
CVE-2025-1336
enituretechnology
unauthorized
CVE-2024-57970
s2member pro
oliver pos – a woocommerce point of sale (pos)
CVE-2024-40591
race condition
deserialization
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »
Vulmon