5 matches found
CVE-2026-33056
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...
GLSA-202208-30 : GNU Binutils: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202208-30 GNU Binutils: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...
UBUNTU-CVE-2017-16355
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10, if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root...
UBUNTU-CVE-2017-12938
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file...
PHP 5.3.1 open_basedir bypass
hi, in php 5.3.1 security changelog, we can read, that safemode bypass in tempnam has been already fixed. But safemode in 5.3 line is deprecated. We can understand security fix for openbasedir bypass, but not for safemode in 5.3. Annoying is the fact, that exploit for bypass openbasedir or safemo...