Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.4 views

EulerOS Virtualization 2.12.0 : libarchive (EulerOS-SA-2026-1492)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when...

7.8CVSS6.7AI score0.00341EPSS
Exploits3References6
OSV
OSV
added 2025/03/03 3:15 p.m.6 views

AZL-57492 CVE-2024-45780 affecting package grub2 for versions less than 2.06-25

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap...

6.7CVSS5.9AI score0.00262EPSS
Exploits0References1
Redos
Redos
added 2023/07/06 12:0 a.m.6 views

ROS-2-2179

2.2179 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

5.5CVSS8.2AI score0.0262EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/11/15 3:6 p.m.3 views

containers/storage: DoS via malicious image

A deadlock vulnerability was found in github.com/containers/storage. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar...

7.1CVSS7.2AI score0.01587EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2022/05/18 12:0 a.m.4 views

The vulnerability in Node.js’s Node-tar module for processing tar archives stems from a flaw in the pathname limitation of the directory handling mechanism. This allows attackers to create, overwrite arbitrary files, and execute arbitrary code.

The vulnerability of the Node.js module for processing tar archives with the Node-tar package is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability allows an attacker to create, overwrite arbitrary files, and execute arbitrary code using a specially...

8.6CVSS7.2AI score0.0185EPSS
Exploits0References10Affected Software9
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.5 views

The vulnerability of the Node.js module for processing tar archives using Node-tar lies in the shortcomings of the pathname limitation, which allows attackers to compromise the integrity of the data and cause service failures.

The vulnerability of the Node.js module for processing tar archives using Node-tar is related to incorrect filtering of the '/' character sequence. Exploiting this vulnerability can allow an attacker to compromise data integrity and cause service failures...

8.1CVSS6.7AI score0.15014EPSS
Exploits1References8Affected Software4
Redos
Redos
added 2021/12/24 12:0 a.m.4 views

ROS-2-2128

2.2128 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

5.5CVSS6.5AI score0.0262EPSS
Exploits0
Redos
Redos
added 2021/09/08 12:0 a.m.2 views

ROS-2-2252

2.2252 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

8.8CVSS6.4AI score0.0262EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.3 views

ROS-2-2211

2.2211 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

7.8CVSS6.5AI score0.0262EPSS
Exploits0
Redos
Redos
added 2021/09/08 12:0 a.m.10 views

ROS-2-2187

2.2187 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

6.1CVSS7.3AI score0.0262EPSS
Exploits0
Redos
Redos
added 2021/09/08 12:0 a.m.2 views

ROS-2-2150

2.2150 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

5.5CVSS7.3AI score0.0262EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.3 views

ROS-2-2148

2.2148 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

9.8CVSS7.3AI score0.03636EPSS
Exploits7
Redos
Redos
added 2021/09/08 12:0 a.m.8 views

ROS-2-2137

2.2137 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

6.1CVSS7.3AI score0.0262EPSS
Exploits0
CNVD
CNVD
added 2016/12/12 12:0 a.m.5 views

GNOME Structured File Library Denial of Service Vulnerability

The GNOME Structured File Library libgsf is an I/O library for working with different structured file formats. A denial of service vulnerability exists in the 'tardirectoryforfile' function of the gsf-infile-tar.c file in the GNOME Structured File Library prior to version 1.14.41. An attacker can...

5.5CVSS6.7AI score0.0133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2016/12/06 12:0 a.m.2 views

PT-2016-7862 · Gnome +2 · Gnome Structured File Library +2

Name of the Vulnerable Software and Affected Versions: GNOME Structured File Library versions prior to 1.14.41 Description: The issue is related to an error within the tar directory for file function in the gsf-infile-tar.c file, which can be exploited to trigger a Null pointer dereference, causi...

8.4CVSS5.6AI score0.0133EPSS
Exploits0References44
securityvulns
securityvulns
added 2007/12/06 12:0 a.m.30 views

[Full-disclosure] Avast! AntiVirus TAR Processing Remote Heap Corruption

Avast! AntiVirus TAR Processing Remote Heap Corruption Sowhat of Nevis Labs http://www.nevisnetworks.com http://secway.org/advisory/AD20071206.txt BID: 26702 Vendor: ALWIL Software Affected: Avast! Home/Professional 4.7.1098 This vulnerability has been confirmed on Avast! Professional 4.7.1043...

0.6AI score
Exploits0
OSV
OSV
added 2007/07/14 12:30 a.m.1 views

DEBIAN-CVE-2007-3641

archivereadsupportformattar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted 1 PA...

9.3CVSS7.6AI score0.07432EPSS
Exploits0References1
Rows per page
Query Builder