Astra Linux - уязвимость в php-pear

In ArchiveTar version 1.4.11, the Tar.php script allows write operations involving directory traversal, due to insufficient checking of symbolic links. This issue is related to CVE-2020-28948...

MiracleLinux 7 : php-pear-1.9.4-23.el7 (AXSA:2022-4004:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4004:01 advisory. ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename...

MiracleLinux 8 : php:7.4 (AXSA:2022-3857:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3857:01 advisory. ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename...

SUSE-SU-2025:21192-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation bsc1254431. - CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't...

EUVD-2019-0782

Malware in sbrugna...

EUVD-2021-1814

Malware in sbrugna...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: php-pear (UTSA-2025-003054)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-003054 advisory. ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Tenable has extracted the preceding description block...

EUVD-2022-3679

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-6338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library...

Alibaba Cloud Linux 3 : 0161: php:7.4 (ALINUX3-SA-2022:0161)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0161 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-28948: ArchiveTar through 1.4.10...

Linux Distros Unpatched Vulnerability : CVE-2021-32610

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ArchiveTar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. CVE-2021-32610 Note...

Linux Distros Unpatched Vulnerability : CVE-2018-1000888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with...

CentOS 7 : php-pear (RHSA-2022:7340)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7340 advisory. - ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. CVE-2020-28948 - ArchiveTar through...

RHEL 8 : php-pear (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949 - ArchiveTar through...

Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...

GHSA-M9FV-WHQ2-6WMC Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...

Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...

GHSA-98H9-727M-44QV Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...