cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2022-1271,https://securityvulnerability.io/vulnerability/CVE-2022-1271,,"An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.",Gnu,"Gzip, Xz-utils",8.8,HIGH,0.0697299987077713,false,false,false,false,,false,false,2022-08-31T15:33:00.000Z,0 CVE-2009-2624,https://securityvulnerability.io/vulnerability/CVE-2009-2624,,"The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.",Gnu,Gzip,,,0.08487000316381454,false,false,false,false,,false,false,2010-01-29T18:00:00.000Z,0 CVE-2010-0001,https://securityvulnerability.io/vulnerability/CVE-2010-0001,,"Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.",Gnu,Gzip,,,0.047529999166727066,false,false,false,false,,false,false,2010-01-29T18:00:00.000Z,0 CVE-2005-0758,https://securityvulnerability.io/vulnerability/CVE-2005-0758,,"zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.",Gnu,Gzip,,,0.0009500000160187483,false,false,false,false,,false,false,2005-05-13T04:00:00.000Z,0 CVE-2005-1228,https://securityvulnerability.io/vulnerability/CVE-2005-1228,,Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.,Gnu,Gzip,,,0.02434000000357628,false,false,false,false,,false,false,2005-05-02T04:00:00.000Z,0 CVE-2005-0988,https://securityvulnerability.io/vulnerability/CVE-2005-0988,,"Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.",Gnu,Gzip,,,0.013799999840557575,false,false,false,false,,false,false,2005-05-02T04:00:00.000Z,0 CVE-2004-0970,https://securityvulnerability.io/vulnerability/CVE-2004-0970,,"The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.",Gnu,Gzip,,,0.0004199999966658652,false,false,false,false,,false,false,2005-02-09T05:00:00.000Z,0 CVE-2004-0603,https://securityvulnerability.io/vulnerability/CVE-2004-0603,,"gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.",Gnu,Gzip,,,0.0033199999015778303,false,false,false,false,,false,false,2004-12-06T05:00:00.000Z,0 CVE-2003-0367,https://securityvulnerability.io/vulnerability/CVE-2003-0367,,znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.,Gnu,Gzip,,,0.0004199999966658652,false,false,false,false,,false,false,2003-07-02T04:00:00.000Z,0 CVE-2001-1228,https://securityvulnerability.io/vulnerability/CVE-2001-1228,,"Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.",Gnu,Gzip,,,0.011669999919831753,false,false,false,false,,false,false,2001-11-18T05:00:00.000Z,0