CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

PT-2023-31972 · Mleap +1 · Mleap +2

Name of the Vulnerable Software and Affected Versions: MLeap versions prior to 0.17.0 Description: The issue is related to a path traversal flaw, also known as Zip Slip, which allows arbitrary file creation and can lead to code execution. This occurs when the FileUtil.extract function enumerates...

ROS-20230911-08

Vulnerability of UnRAR file unzipping tool is related to incorrect link resolution before accessing a file "Jump to link". before accessing the file "Follow link". Exploitation of the vulnerability could allow an attacker acting remotely to extract files outside the destination folder using file...

FreeBSD : zeek -- potential DoS vulnerabilities (8eefa87f-31f1-496d-bf8e-2b465b6e4e8a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8eefa87f-31f1-496d-bf8e-2b465b6e4e8a advisory. - Tim Wojtulewicz of Corelight reports: File extraction limits were not correctly enforced for files...

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports: File extraction limits were not correctly enforced for files containing large amounts of missing bytes. Sessions are sometimes not cleaned up completely within Zeek during shutdown, potentially causing a crash when using the -B dpd flag for debug logging. A...

Path Traversal

ZIPFoundation is vulnerable to Path Traversal. The vulnerability is due to the package not validating if symlinks are pointing to paths outside the extraction directory. This allows an attacker to extract files in any arbitrary location and can also lead to code execution...

PT-2023-26800 · Unknown · Zipfoundation

Name of the Vulnerable Software and Affected Versions: ZIPFoundation version 0.9.16 Description: An issue in ZIPFoundation allows attackers to execute a path traversal via extracting a crafted zip file. Recommendations: For ZIPFoundation version 0.9.16, update to a version that fixes this issue, ...

CVE-2023-37646

An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal...

CVE-2023-37646

An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal...

Bitberry File Opener Path Traversal Vulnerability

Bitberry File Opener is a free file opening tool from Bitberry. The main purpose of this tool is to allow users to easily open, view, and work with a variety of different file types without having to install and run several different applications. A security vulnerability exists in Bitberry File...

CVE-2023-37646

An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal...

CVE-2023-37646

CVE-2023-37646 concerns Bitberry File Opener v23.0, where the CAB file extraction function is vulnerable to a directory traversal. The issue arises in the CAB extraction component and is described as allowing local attackers to achieve path traversal with high impact (confidentiality/integrity/av...

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

Arbitrary File Creation in AbstractUnArchiver

Summary Using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. Description When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the...

PT-2023-3808 · Sonicwall · Sonicwall Gms +1

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is due to improper limitation of a pathname to a restricted directory, allowing an authenticated remote attacker to traver...

GHSA-6987-XCCV-FHJP Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability

Jenkins Pipeline Utility Steps Plugin provides the untar and unzip Pipeline steps to extract archives into job workspaces. Pipeline Utility Steps Plugin 2.15.2 and earlier does not validate or limit file paths of files contained within these archives. This allows attackers able to provide crafted...

Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability

Jenkins Pipeline Utility Steps Plugin provides the untar and unzip Pipeline steps to extract archives into job workspaces. Pipeline Utility Steps Plugin 2.15.2 and earlier does not validate or limit file paths of files contained within these archives. This allows attackers able to provide crafted...

CVE-2023-1137 CVE-2023-1137

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation...

SUSE CVE-2018-1656

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...