Lucene search
K

316 matches found

RedHat Linux
RedHat Linux
added 2025/07/07 11:25 a.m.8 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.2AI score0.00805EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2025/07/01 1:21 p.m.4 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.2AI score0.00805EPSS
Exploits2References10
Amazon
Amazon
added 2025/06/23 12:0 a.m.7 views

Important: python3.9

Issue Overview: Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...

9.4CVSS7.8AI score0.01227EPSS
Exploits14
SUSE CVE
SUSE CVE
added 2025/06/05 3:23 a.m.10 views

SUSE CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

8.2CVSS7.6AI score0.01149EPSS
Exploits7References22
SUSE CVE
SUSE CVE
added 2025/06/05 3:23 a.m.12 views

SUSE CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

8.2CVSS7.6AI score0.00805EPSS
Exploits2References23
OSV
OSV
added 2025/06/03 1:15 p.m.6 views

ALPINE-CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS8AI score0.01149EPSS
Exploits7References1
OSV
OSV
added 2025/06/03 1:15 p.m.9 views

AZL-62313 CVE-2025-4330 affecting package python3 for versions less than 3.9.19-14

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS7.1AI score0.00805EPSS
Exploits2References1
OSV
OSV
added 2025/06/03 1:15 p.m.4 views

UBUNTU-CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS7.2AI score0.00805EPSS
Exploits2References14
OSV
OSV
added 2025/06/03 1:15 p.m.2 views

UBUNTU-CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS7.3AI score0.01149EPSS
Exploits7References14
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.5 views

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that is caused by incorrect authorization validation on dashboard and chart imports. An attacker could use this vulnerability ...

5.4CVSS6.3AI score0.00866EPSS
Exploits0References3
OSV
OSV
added 2022/02/17 1:54 p.m.2 views

USN-5291-1 libarchive vulnerabilities

It was discovered that libarchive incorrectly handled symlinks. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly use this issue to change modes, times, ACLs, and flags on arbitrary files. CVE-2021-23177, CVE-2021-31566 It was...

7.8CVSS6.9AI score0.02845EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/12/24 12:0 a.m.9 views

PT-2020-12548 · Hyperledger · Hyperledger Indy Node

Name of the Vulnerable Software and Affected Versions: Hyperledger Indy Node versions prior to 1.12.4 Description: The issue is related to a lack of signature verification on a specific transaction, allowing an attacker to make unauthorized alterations to the ledger. A malicious DID with no...

8.7CVSS7.1AI score0.00933EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2015/04/01 12:0 a.m.284 views

CentOS 7 : kernel (CESA-2015:0726)

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

10CVSS6.5AI score0.09828EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/03/26 11:58 a.m.51 views

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

Updated kernel-rt packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

10CVSS6.6AI score0.09828EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/02/20 5:0 a.m.22 views

CVE-2004-1635

Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive...

5.9AI score0.01425EPSS
Exploits0References5
NVD
NVD
added 2004/10/24 4:0 a.m.18 views

CVE-2004-1635

Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive...

5CVSS5.9AI score0.01425EPSS
Exploits0References5
Rows per page
Query Builder