Lucene search
K

25 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 7:58 p.m.6 views

vim: command injection when decompressing .tgz archives

A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...

7CVSS6AI score0.00552EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 7:58 p.m.9 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

8.2CVSS7.2AI score0.00552EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 10:38 a.m.12 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

8.2CVSS6.4AI score0.00552EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 7:52 a.m.7 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

8.2CVSS7.2AI score0.00552EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 4:27 p.m.5 views

EUVD-2026-39479

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:33 p.m.6 views

CVE-2026-54314

n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public...

6.3CVSS5.9AI score0.00375EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.33 views

CVE-2026-45390

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

0.00373EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8415-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8415-1 advisory. It was discovered that Vim incorrectly handled marked filenames in the...

7CVSS6.1AI score0.00552EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 5:28 p.m.11 views

USN-8415-1 vim vulnerabilities

It was discovered that Vim incorrectly handled marked filenames in the netrw plugin. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-43961 It was discovered that Vim incorrectly handled filenames when decompressing certain archives. An attacker could possibly use thi...

7CVSS5.8AI score0.00552EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/06/09 5:28 p.m.18 views

USN-8415-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled marked filenames in the netrw plugin. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-43961 It was discovered that Vim incorrectly handled filenames when decompressing certain archives. An attacker could possibly use thi...

7CVSS5.8AI score0.00552EPSS
Exploits0
OSV
OSV
added 2026/05/29 1:33 p.m.15 views

OESA-2026-2474 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

7CVSS5.9AI score0.00552EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:47 p.m.8 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element during the archive decompression for PUT /containers/id/archive API requests. An attacker can execute arbitrary code on the host with daemon privileges by uploading a compressed archive containing a...

7.5CVSS6.2AI score0.00153EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:47 p.m.8 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element during the archive decompression for PUT /containers/id/archive API requests. An attacker can execute arbitrary code on the host with daemon privileges by uploading a compressed archive containing a...

7.5CVSS6.2AI score0.00153EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/15 3:16 p.m.10 views

CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

7CVSS5.9AI score0.00552EPSS
Exploits0References5
CVE
CVE
added 2026/05/15 2:57 p.m.40 views

CVE-2026-46483

Summary (CVE-2026-46483): Vim for Unix-like systems is vulnerable prior to version 9.2.0479 due to a command injection in tar#Vimuntar() within runtime/autoload/tar.vim when decompressing .tgz archives. The function constructs shell commands using shellescape(tartail) without the {special} flag, ...

7CVSS5.9AI score0.00552EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

PraisonAI 路径遍历漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a path traversal vulnerability. This vulnerability occurred because the recipe CLI did not validate paths when decompressing.praison archives, potentially...

9.4CVSS5.9AI score0.00379EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/06 9:32 a.m.2 views

libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

7.5CVSS5.9AI score0.00693EPSS
Exploits0References5
CVE
CVE
added 2026/03/26 4:21 p.m.13 views

CVE-2026-3114

Mattermost CVE-2026-3114 affects versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, and 10.11.x

6.5CVSS5.8AI score0.00343EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/03/13 11:45 a.m.3 views

CVE-2026-4111

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

7.5CVSS5.3AI score0.00693EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-4779

Malware in sbrugna...

4CVSS6.4AI score0.02908EPSS
Exploits0References10
Rows per page
Query Builder