79 matches found
CVE-2025-68143 mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2242)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows arbitrary filesystem writes outside the extraction directory during extraction with filter='data'. You are affected by this vulnerability ...
EUVD-2018-0085
Malware in sbrugna...
EUVD-2015-1205
Malware in sbrugna...
EUVD-2019-6111
Malware in sbrugna...
Copier's safe template has arbitrary filesystem read/write access
Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case. - Files are written in the destination directory according to...
CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...
CVE-2025-51056
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews' custom function in '/apivedo/colorwayspreview', ultimately resulting in remote code execution RCE...
CVE-2025-51056
CVE-2025-51056 describes an Unrestricted File Upload in Bottinelli Informatical Vedo Suite 2024.17, exploitable via the insecure uploadPreviews() function at /api_vedo/colorways_preview. The vulnerability allows remote authenticated attackers to write to arbitrary filesystem paths and can lead to...
BIT-PYTHON-MIN-2025-4517 Arbitrary writes via tarfile realpath overflow
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...
SUSE-SU-2025:02074-1 Security update for python313
This update for python313 fixes the following issues: Update to version 3.13.5. Security issues fixed: - CVE-2025-4517: arbitrary filesystem writes outside the extraction directory during extraction with filter='data' bsc1244032 - CVE-2025-4516: use-after-free in the unicode-escape decoder when...
USN-7583-1: Python vulnerabilities
It was discovered that Python incorrectly handled tar archive extraction with the filtering option. An attacker could possibly use this issue to modify files in arbitrary filesystem locations and cause data loss...
CVE-2025-4517
A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...
CVE-2025-4517
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...
ALPINE-CVE-2025-4517
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...
CVE-2025-4517
CVE-2025-4517 concerns the tarfile module: when extracting untrusted tar archives using TarFile.extractall() or TarFile.extract() with filter set to "data" (or "tar"), it allows arbitrary filesystem writes outside the extraction directory. The description and connected advisories confirm this is ...
CVE-2025-4517 Arbitrary writes via tarfile realpath overflow
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...
CVE-2025-4517
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...
CVE-2018-1002150
Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1...
Linux Distros Unpatched Vulnerability : CVE-2018-16874
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Go before 1.10.6 and 1.11.x before 1.11.3, the go get command is vulnerable to directory traversal when executed with the import path of a malicious Go packa...