Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unzip vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2021-21689
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
471
VMScore
CVE-2021-30657
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..
Apple Mac Os X 10.15.7
Apple Mac Os X 10.15.6
Apple Macos
Apple Mac Os X
1 Metasploit module
3 Github repositories
801
VMScore
CVE-2021-39180
OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions before 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the tomc...
Frentix Openolat
356
VMScore
CVE-2021-33211
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives.
Element-it Http Commander 5.3.3
890
VMScore
CVE-2021-35064
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.
Kramerav Viaware
1 Github repository
668
VMScore
CVE-2021-31272
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
Serenityos Serenityos
578
VMScore
CVE-2020-28337
A directory traversal issue in the Utils/Unzip module in Microweber up to and including 1.1.20 allows an authenticated malicious user to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administra...
Microweber Microweber
668
VMScore
CVE-2019-17582
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows malicious users to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free repor...
Libzip Libzip 1.2.0
668
VMScore
CVE-2020-11536
An issue exists in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server.
Onlyoffice Document Server 5.5.0
605
VMScore
CVE-2014-8141
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and previous versions allows remote malicious users to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Unzip Project Unzip
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Server Eus 7.1
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.3
Redhat Enterprise Linux Server Eus 7.3
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Server Eus 7.5
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Tus 6.6
Redhat Enterprise Linux Server Eus 6.6
Redhat Enterprise Linux Server Tus 7.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »