Lucene search
K

52 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in php-pear

In ArchiveTar version 1.4.11, the Tar.php script allows write operations involving directory traversal, due to insufficient checking of symbolic links. This issue is related to CVE-2020-28948...

7.5CVSS7.6AI score0.70595EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : php-pear-1.9.4-23.el7 (AXSA:2022-4004:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4004:01 advisory. ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename...

7.8CVSS7.5AI score0.84554EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.1 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: php-pear (UTSA-2025-003055)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-003055 advisory. Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948...

7.8CVSS7.5AI score0.70595EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.5 views

TencentOS Server 2: php-pear (TSSA-2022:0284)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0284 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

7.8CVSS7.7AI score0.84554EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.11 views

TencentOS Server 3: php:7.4 (TSSA-2022:0161)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0161 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.8CVSS7.6AI score0.84554EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2020-28948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. CVE-2020-28948 Note that Nessus relies on the...

7.8CVSS7.2AI score0.47493EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2024/09/04 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-6981-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.84554EPSS
Exploits5References4
OSV
OSV
added 2024/09/03 3:12 p.m.4 views

USN-6981-2 drupal7 vulnerabilities

USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7.4AI score0.84554EPSS
Exploits5References4
Ubuntu
Ubuntu
added 2024/08/27 4:57 p.m.32 views

USN-6981-1: Drupal vulnerabilities

It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2020-13671 It was discovered that Drupal incorrectly sanitized archived filenames. A remote attacker could possibly use this issue to overwrite...

8.8CVSS8.1AI score0.84554EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.14 views

RHEL 8 : php-pear (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 Note that Nessus has not tested for...

8.8CVSS7.5AI score0.18286EPSS
Exploits5References1
OSV
OSV
added 2024/05/15 9:2 p.m.36 views

GHSA-J66P-FVP2-FXHJ Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

7.8CVSS8.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/15 9:2 p.m.28 views

Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

7.8CVSS7.8AI score0.84554EPSS
Exploits5References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 8:50 p.m.29 views

Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

7.8CVSS7.8AI score0.84554EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2024/05/15 8:50 p.m.32 views

GHSA-GXXJ-G9V8-W28P Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

7.8CVSS8.1AI score
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.30 views

K58581302: Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949

Security Advisory Description CVE-2020-28948 ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. CVE-2020-28949 ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack...

7.8CVSS7.6AI score0.84554EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2022/11/17 12:0 a.m.28 views

Rocky Linux 8 : php:7.4 (RLSA-2022:6542)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6542 advisory. - ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to...

7.8CVSS7.6AI score0.84554EPSS
Exploits5References7
Oracle linux
Oracle linux
added 2022/11/03 12:0 a.m.35 views

php-pear security update

1:1.9.4-23 - update ArchiveTar to 1.4.14 CVE-2020-36193 CVE-2020-28948 CVE-2020-28949...

7.8CVSS1.2AI score0.84554EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2022/11/02 4:38 p.m.36 views

Moderate: Red Hat Security Advisory: php-pear security update

An update for php-pear is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.8CVSS7.3AI score0.84554EPSS
Exploits5References4
Check Point Advisories
Check Point Advisories
added 2022/10/18 12:0 a.m.3 views

PEAR Archive Tar Insecure Deserialization Code Execution (CVE-2020-28948)

An insecure deserialization vulnerability exists in the PEAR ArchiveTar module. The vulnerability is due to improper validation of file names inside TAR files. A remote attacker can exploit this vulnerability by sending malicious TAR files to the applications which are using PEAR ArchiveTar modul...

6.8CVSS3.8AI score0.47493EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2022/09/15 8:54 a.m.62 views

Moderate: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7.3AI score0.84554EPSS
Exploits5References4
Rows per page
Query Builder