Lucene search
K

48 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : tar-fs vulnerabilities (USN-8367-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8367-1 advisory. It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this iss...

8.7CVSS6AI score0.02186EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016617)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016617 advisory. When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even f...

5.5CVSS6.4AI score0.02511EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/18 8:49 p.m.14 views

EUVD-2026-30810

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

8.6CVSS5.8AI score0.00896EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 10:5 a.m.4 views

SUSE-SU-2026:20959-1 Security update for tar

This update for tar fixes the following issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives bsc1246399...

4.1CVSS6.7AI score0.00433EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/13 2:23 p.m.5 views

SUSE CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2.5CVSS5.8AI score0.00164EPSS
Exploits0References18
ATTACKERKB
ATTACKERKB
added 2026/03/12 5:59 p.m.9 views

CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2CVSS5.8AI score0.00164EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: atril (UTSA-2026-005403)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005403 advisory. Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate acce...

9.6CVSS6AI score0.02359EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-23530

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 clawdbot versions prior to 2026.1.24-3 Description The software contains a denial of service issue in the extractArchive function within src/infra/archive.ts. Attackers can provide maliciously crafted ZIP a...

6.7CVSS5.8AI score0.00319EPSS
Exploits0References9
Redos
Redos
added 2026/01/29 12:0 a.m.7 views

ROS-20260129-73-0016

A vulnerability in the tarfile module of the Python Programming Language Interpreter CPython relates to the execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using specially crafted tar...

7.5CVSS6AI score0.00611EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/12/19 12:0 a.m.4 views

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2025-2568)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.1CVSS6.7AI score0.00731EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2025/11/12 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2025-2432)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.1CVSS7.1AI score0.00731EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.10 views

Amazon Linux 2 : python (ALAS-2025-2961)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2961 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References4
OSV
OSV
added 2025/08/11 1:52 p.m.3 views

BIT-LIBPYTHON-2024-6232 Regular-expression DoS when parsing TarFile headers

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

7.5CVSS7AI score0.02203EPSS
Exploits2References14
RedhatCVE
RedhatCVE
added 2025/07/13 12:39 a.m.13 views

CVE-2025-45582

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...

5.6CVSS6.2AI score0.00433EPSS
Exploits1References6
OSV
OSV
added 2025/07/11 5:15 p.m.4 views

CVE-2025-45582

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

4.1CVSS6.5AI score0.00433EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/11 12:0 a.m.4 views

GNU Tar 安全漏洞

GNU Tar is a set of tools for creating tar-formatted files from the American GNU community. GNU Tar suffers from a directory traversal vulnerability that originates in a specially crafted TAR archive, which can be exploited by an attacker to access locations outside of restricted directories and...

4.1CVSS6.8AI score0.00433EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/07/11 12:0 a.m.55 views

CVE-2025-45582

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

4.1CVSS0.00433EPSS
Exploits1References5
CVE
CVE
added 2025/07/11 12:0 a.m.98 views

CVE-2025-45582

CVE-2025-45582 (GNU Tar) : GNU Tar up to 1.35 allows file overwrite via a two-step directory traversal attack. An attacker can craft two archives: first to place a ../ symlink to a sensitive directory, second to target a critical file by a relative path beginning with the symlink, causing the ext...

4.1CVSS6.1AI score0.00433EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 2025/07/01 10:5 p.m.11 views

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...

5.3CVSS7.1AI score0.00637EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2025/06/30 12:0 a.m.4 views

EulerOS 2.0 SP13 : libarchive (EulerOS-SA-2025-1705)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or...

7.8CVSS5.8AI score0.00337EPSS
Exploits1References2
Rows per page
Query Builder