7 matches found
SUSE SLES15 Security Update : python311 (SUSE-SU-2025:02984-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02984-1 advisory. - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc1247249. Tenable has extracted the preceding...
SUSE-SU-2025:02767-1 Security update for python313
This update for python313 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc1247249. - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. -...
CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...
CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...
IBM WebSphere Application Server Path Traversal Vulnerability
IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A directory traversal vulnerability exists in IBM WAS using...
InfoZip UnZip heap buffer overflow vulnerability (CNVD-2018-03770)
UnZip is a utility for extracting compressed files also known as "zipfiles" in .zip format. A heap buffer overflow vulnerability exists in InfoZip UnZip 6.00 and prior versions in the handling of password-protected archive files. An attacker could exploit this vulnerability to cause a denial of...
Lhaplus Improper Authentication Vulnerability
Lhaplus is a set of file compression and decompression software. A security vulnerability exists in Lhaplus 1.73 and earlier versions that stems from the program's failure to properly handle ZIP64 archives. The vulnerability can be exploited by an attacker to obtain information from specially...