9 matches found
CVE-2026-11940
CVE-2026-11940 concerns tarfile.extractall() in Python’s tarfile handling where a crafted archive can bypass the filter for data/tar and cause a symlink outside the destination directory to be created by abusing a hardlink referencing a deeper symlink. The extraction fallback validates the symlin...
CVE-2026-28914
A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks...
CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation
OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...
CVE-2026-32044
OpenClaw is affected in versions prior to 2026.3.2 by an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks used for other formats. An attacker can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causin...
Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass (cisco-sa-wsa-archive-bypass-Scx2e8zF)
According to its self-reported version, Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass is affected by a vulnerability. - A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an...
SUSE CVE-2024-45436
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...
Apple macOS Monterey 安全漏洞
Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey that originates from an archive that may be able to bypass Gatekeeper...
PT-2020-20581 · Avira · Antivirus For Endpoint +7
Name of the Vulnerable Software and Affected Versions: Avira AV Engine versions prior to 8.3.54.138 Antivirus for Endpoint versions prior to 8.3.54.138 Antivirus for Small Business versions prior to 8.3.54.138 Exchange Security Gateway versions prior to 8.3.54.138 Internet Security Suite for...
CVE-2015-6783
The FindStartOffsetOfFileInZipFile function in crazylinkerzip.cpp in crazylinker aka Crazy Linker in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP...