Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
archive zip vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-7668
In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an malicious user to add or replace files system-wide.
Compression And Archive Extensions Tz Project Compression And Archive Extensions Tz Project
4.3
CVSSv2
CVE-2017-8846
The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote malicious users to cause a denial of service (use-after-free and application crash) via a crafted archive.
Long Range Zip Project Long Range Zip 0.631
Debian Debian Linux 9.0
6.8
CVSSv2
CVE-2017-8844
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote malicious users to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
Long Range Zip Project Long Range Zip 0.631
Debian Debian Linux 9.0
2.1
CVSSv2
CVE-2001-1269
Info-ZIP UnZip 5.42 and previous versions allows malicious users to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
Info-zip Unzip
5.8
CVSSv2
CVE-2018-1002201
zt-zip prior to 1.13 is vulnerable to directory traversal, allowing malicious users to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Jrebel Zt-zip
2.1
CVSSv2
CVE-2001-1268
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and previous versions allows malicious users to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
Info-zip Unzip
NA
CVE-2023-31102
Ppmd7.c in 7-Zip prior to 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
7-zip 7-zip
Netapp Oncommand Workflow Automation -
Netapp Active Iq Unified Manager -
NA
CVE-2022-47069
p7zip 16.02 exists to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp.
7-zip P7zip 16.02
5.8
CVSSv2
CVE-2021-20692
Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and previous versions allows an malicious user to create or overwrite files by leading a user to expand a malicious ZIP archives.
Eikisoft Archive Collectively Operation Utility
9.3
CVSSv2
CVE-2008-0888
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or...
Info-zip Unzip
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »