157 matches found
SUSE SLED15: libpython3_13-1_0 / python313 / python313-base / python313-curses / etc (SUSE-SU-2025:02767-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02767-1 advisory. - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc1247249. -...
Exploit for Link Following in 7-Zip
CVE-2025-55188-7z-exploit --- 7-Zip Symlink Arbitrary File...
The vulnerability of the WinRAR file archiver, related to incorrect restrictions on the path name of the restricted directory, allows a hacker to execute arbitrary code.
The vulnerability of the WinRAR file archiver is related to incorrect restrictions on the path name of the restricted directory. Exploiting this vulnerability allows an attacker to execute arbitrary code during the extraction of a specially crafted file...
Security Bulletin: Multiple security vulnerabilities discovered in RedHat UBI as shipped with IBM Security Verify Directory Server Container
Summary Multiple security vulnerabilities have been addressed in the RedHat UBI container that is shipped with the IBM Security Verify Directory Server Container. Vulnerability Details CVEID:CVE-2024-12718 DESCRIPTION: Allows modifying some file metadata e.g. last modified with filter="data" or...
CVE-2025-50468
OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...
CVE-2025-55188
7-Zip (7z) before 25.01 is vulnerable to arbitrary file write via improper handling of symbolic links during extraction. The issue is triggered when extracting crafted archives with vulnerable 7-Zip, potentially allowing a symlink to cause overwriting of arbitrary files on the target system. Conn...
CVE-2025-55188
7-Zip before 25.01 does not always properly handle symbolic links during extraction...
PSF-2025-11
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...
tar-fs has issue where extract can write outside the specified dir with a specific tarball
...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
CVE-2025-24071PoC CVE-2025-24071: NTLM Hash Leak via RAR/ZIP...
Path Traversal
Python tarfile module is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during extraction with TarFile.extractall or TarFile.extract when using the filter="data" or filter="tar" parameter, which allows an attacker to craft a malicious tar archive that...
CVE-2024-12718
CVE-2024-12718: The tarfile extraction filter bypass allows modification of metadata or arbitrary file writes outside the extraction directory when using TarFile.extractall()/extract() with filter="data" or "tar" in Python 3.12+ (default filter may assign data in 3.14+). Affected components are P...
CVE-2025-48387
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...
CVE-2023-5245
FileUtil.extract enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the savedmodel format and an exported tensorflow model, the apply function invokes th...
CVE-2020-28397
A vulnerability has been identified in SIMATIC Drive Controller family All versions V2 V2.5 V2.5 V21.9, TIM 1531 IRC incl. SIPLUS NET variants Version V2.1. Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program...
CVE-2019-8931
Redbrick Shift through 3.4.3 allows an attacker to extract emails of services such as Gmail, Outlook, etc. used in the application...
Security Bulletin: CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory.
Summary ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant. Vulnerability Details...
CVE-2025-32471
CVE-2025-32471 concerns SICK device password handling where passwords are not adequately salted, enabling potential password extraction. Connected sources reference SICK Flexi Compact and related controllers (e.g., FLX0-GPNT100, FLX3-CPUC200) as affected. The CVE description and Red Hat/NVD entri...
CVE-2025-46652
CVE-2025-46652 affects IZArc up to version 4.5, describing a Mark-of-the-Web bypass where extraction from an archive bearing MotW does not propagate the MotW to the extracted files. This is explicitly documented across multiple sources as a Mark-of-the-Web propagation issue, with an accompanying ...
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.
...