BIT-LIBPYTHON-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

The vulnerability of the key_extract_l3l4 function in the net_openvswitch/flow.c module of the openvswitch component of Linux kernel allows a attacker to cause a service failure.

The vulnerability of the keyextractl3l4 function in the netopenvswitch/flow.c module of the openvswitch component in Linux kernels is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to cause service failures by sending specially crafted MPLS packets...

CVE-2025-8749

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots MiR Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request...

zip

This is a robust ZIP decoder with defenses against various types of malicious archive signatures, including dangerous compression ratios, spec deviations, and ambiguous UTF-8 filenames. The decoder is implemented in JavaScript and is designed to be used in a Node.js environment. It provides a ran...

The vulnerability of the smb_extract_folioq_to_rdma() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the smbextractfolioqtordma function in the Linux operating system is related to the violation of the buffer boundary. Exploiting this vulnerability can allow an attacker to cause a service failure...

OESA-2025-1767 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Improper Limitation of a Pathname to a Restricted...

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

SUSE CVE-2025-38179

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix maxsge overflow in smbextractfolioqtordma This fixes the following problem: 749.901015 T8673 run fstests cifs/001 at 2025-06-17 09:40:30 750.346409 T9870...

DEBIAN-CVE-2025-38179

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix maxsge overflow in smbextractfolioqtordma This fixes the following problem: 749.901015 T8673 run fstests cifs/001 at 2025-06-17 09:40:30 750.346409 T9870...

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the Extract method. An attacker can gain remote code execution by uploading specially crafted archive files containing path traversal sequences in filenames, resulting in files being written to arbitrary...

PT-2025-27954 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the version that includes the fix for the max sge overflow in smb extract folioq to rdma Description: A vulnerability has been resolved in the Linux kernel related to the max sge overflow in smb extract folioq t...

SUSE CVE-2025-4748

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...

UBUNTU-CVE-2025-4748

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...

EEF-CVE-2025-4748 Absolute path traversal in zip:unzip/1,2

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1,...

Erlang - Absolute Path in Zip Module

https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc reports: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program...

Exploit for External Control of File Name or Path in Microsoft

VIETNAMESE - Với file CVE-2025-24054.py và Exploit.librar...

DEBIAN-CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

ALPINE-CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...