Lucene search
K

11 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 6:26 p.m.6 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...

7.5CVSS6.3AI score0.00864EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 10:25 p.m.11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.7.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.7.tgz Vulnerability Details CVEID:CVE-2026-26960 DESCRIPTION: node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink insid...

7.1CVSS6.1AI score0.00288EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.6 views

EulerOS Virtualization 2.12.0 : python-pip (EulerOS-SA-2026-1514)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests...

6.1CVSS7.1AI score0.02782EPSS
Exploits3References5
Github Security Blog
Github Security Blog
added 2026/02/18 12:57 a.m.11 views

Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...

7.1CVSS5.5AI score0.00288EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: pytorch (CVE-2024-5187)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5187 advisory. - A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows...

8.8CVSS6.3AI score0.01168EPSS
Exploits1References2
OSV
OSV
added 2025/12/05 1:12 p.m.4 views

OESA-2025-2794 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...

5.9CVSS8.2AI score0.00438EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-17369

Malware in sbrugna...

4.3CVSS3.9AI score0.01496EPSS
Exploits0References16
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-30961

Malicious code in bioql PyPI...

5.9CVSS6.3AI score0.00438EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/09/25 11:28 p.m.2 views

SUSE CVE-2025-8869

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

5.9CVSS6.9AI score0.00438EPSS
Exploits0References3
Veracode
Veracode
added 2025/06/05 11:3 a.m.8 views

Path Traversal

Python tarfile module is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during extraction with TarFile.extractall or TarFile.extract when using the filter="data" or filter="tar" parameter, which allows an attacker to craft a malicious tar archive that...

9.4CVSS5.9AI score0.01184EPSS
Exploits11References16Affected Software2
CNNVD
CNNVD
added 2022/01/26 12:0 a.m.4 views

SharpZipLib 路径遍历漏洞

SharpZipLib ziplib, formerly known as NZipLib is an open source C compression and decompression library from the ICSharpCode Icsharpcode team for the .NET platform, which supports decompression and compression of Zip, GZip, BZip2, Tar and other formats. A security vulnerability exists in...

9.8CVSS8.6AI score0.01959EPSS
Exploits1References4
Rows per page
Query Builder