Lucene search
+L

12 matches found

Cvelist
Cvelist
added 2026/06/10 12:39 p.m.42 views

CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS0.00215EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25863

Name of the Vulnerable Software and Affected Versions Romeo versions prior to 0.2.2 Description Romeo, a Go code coverage tool, contains a path traversal flaw in the sanitizeArchivePath function located in webserver/api/v1/decoder.go lines 80-88. This is due to a missing trailing path separator i...

8.3CVSS6.5AI score0.00434EPSS
Exploits1References11
OSV
OSV
added 2026/03/11 5:6 p.m.4 views

SUSE-SU-2026:0872-1 Security update for busybox

This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. - CVE-2023-42365: use-after-free in the awk.c copyvar function...

7.2CVSS6.2AI score0.02793EPSS
Exploits6References17
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

SUSE SLES15 / openSUSE 15 Security Update : busybox (SUSE-SU-2026:0758-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0758-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. ...

7CVSS6.2AI score0.00682EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0759-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0759-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization...

7CVSS6.2AI score0.00682EPSS
Exploits2References7
OSV
OSV
added 2025/10/21 12:0 p.m.6 views

RUSTSEC-2025-0110 astral-tokio-tar Vulnerable to PAX Header Desynchronization

Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrect...

8.1CVSS7AI score0.00677EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-6363

Malware in sbrugna...

7.5CVSS8.1AI score0.04707EPSS
Exploits1References21
OSV
OSV
added 2024/11/27 9:47 a.m.10 views

CLSA-2024-1732700855 python3.9: Fix of CVE-2024-8088

CVE-2024-8088: Fix infinite loop vulnerability in zipfile.Path when iterating over zip archive entries...

8.7CVSS6.8AI score0.01275EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/08/25 2:41 a.m.6 views

SUSE CVE-2024-8088

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

5.3CVSS6.9AI score0.01275EPSS
Exploits0References25
CNNVD
CNNVD
added 2022/11/03 12:0 a.m.7 views

Apache UIMA 路径遍历漏洞

Apache UIMA is a component-based software architecture from the Apache Foundation. A path traversal vulnerability exists in Apache UIMA 3.3.0 and earlier, which stems from relative path traversal and can be exploited to create files outside of a specified destination directory using carefully...

7.5CVSS6.8AI score0.01556EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/07/17 1:18 p.m.18 views

CVE-2017-1000026

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries...

7.5CVSS7.2AI score0.019EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/07/13 8:0 p.m.23 views

CVE-2017-1000026

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries...

7.4AI score0.019EPSS
Exploits0References1
Rows per page
Query Builder