6818 matches found
ALSA-2025:11042 Moderate: socat security update
The socat utility establishes bi-directional byte streams and transfers data between them. The utility can establish streams between a large set of channels, such as files, pipes, devices, and sockets. Security Fixes: socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 F...
CVE-2025-45582
A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...
CVE-2025-45582
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...
AZL-65082 CVE-2025-45582 affecting package tar 1.35-2
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...
CVE-2025-45582
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...
AZL-65538 CVE-2025-45582 affecting package tar 1.34-3
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...
CVE-2025-45582
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...
CBL Mariner 2.0 Security Update: ansible (CVE-2023-5115)
The version of ansible installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5115 advisory. - An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to...
CVE-2025-45582
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...
CVE-2025-45582
CVE-2025-45582 (GNU Tar) : GNU Tar up to 1.35 allows file overwrite via a two-step directory traversal attack. An attacker can craft two archives: first to place a ../ symlink to a sensitive directory, second to target a critical file by a relative path beginning with the symlink, causing the ext...
PT-2025-29264
Name of the Vulnerable Software and Affected Versions: GNU Tar versions through 1.35 Description: GNU Tar through version 1.35 is susceptible to a directory traversal vulnerability that allows for file overwrites within crafted TAR archives. The vulnerability requires a two-step process: first,...
CVE-2025-45582
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...
CVE-2025-45582
Removed by vendor...
CVE-2025-46835 Git GUI can create and overwrite files for which the user has write permission
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permissio...
CVE-2025-46835 Git GUI can create and overwrite files for which the user has write permission
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permissio...
CVE-2025-46835
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permissio...
CVE-2025-42971
A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file...
ROS-20250710-07
YAML LibYAML analysis and creation library vulnerability is related to insufficient validation of user data in the LoadFile method. user data in the LoadFile method. Exploitation of the vulnerability could allow an attacker, acting remotely, to overwrite arbitrary files on the system...
Chall-Manager 路径遍历漏洞
Chall-Manager is an open source project from CTFer.io open source. A path traversal vulnerability exists in versions prior to Chall-Manager 0.1.4, which originates from unzipping a zip file without checking the path of the file, which may lead to arbitrary file overwriting...
Ubuntu 22.04 LTS / 24.04 LTS : YAML-LibYAML vulnerability (USN-7632-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7632-1 advisory. It was discovered that YAML-LibYAML incorrectly handled certain file names. An attacker could possibly use this issue to overwrite arbitrary files...