Aggregates CVE and security vulnerability intelligence across all powerarchiver-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk xxe and vendor risk buffer overflow and related security problems, affecting vendor surface file processing and vendor surface automated decompression scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-28684 | The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack). | [email protected] | 4.3 | 0.23% | 2021-06-21 | 2024-11-21 |
| CVE-2014-2319 | The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack. | [email protected] | 5.0 | 0.14% | 2014-03-14 | 2026-05-06 |
| CVE-2005-3061 | Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive. | [email protected] | 7.5 | 3.85% | 2005-09-27 | 2026-04-16 |