91 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the extraction process of tar archives due to improper validation of archive entry paths. An attacker can overwrite arbitrary files on the filesystem by supplying a crafted tar.gz file containing directory travers...
CVE-2025-44018
A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2025-44018
A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2025-44018
CVE-2025-44018 affects the GL.iNet GL-AXT1800 OTA Update mechanism (firmware 4.7.0). A specially crafted .tar enables a firmware downgrade, which a motivated attacker could trigger via a man‑in‑the‑middle scenario. Cisco Talos documents the vulnerable version (GL-AXT1800 4.7.0) and assigns CVSS v...
EUVD-2025-198804
A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
EUVD-2016-10677
Malware in sbrugna...
EUVD-2015-8780
Malware in sbrugna...
EUVD-2015-8788
Malware in sbrugna...
EUVD-2015-8789
Malware in sbrugna...
EUVD-2021-20321
Malware in sbrugna...
EUVD-2021-20320
Malware in sbrugna...
EUVD-2024-54315
Malicious code in bioql PyPI...
EUVD-2025-0022
Malicious code in bioql PyPI...
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.
...
CVE-2020-5738
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/uploadvpntar interface...
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
An Improper Link Resolution Before File Access "Link Following" and Improper Limitation of a Pathname to a Restricted Directory "Path Traversal". This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intend...
keras Path Traversal vulnerability
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...
GHSA-CJGQ-5QMW-RCJ6 keras Path Traversal vulnerability
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...
CVE-2024-55459
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...
CVE-2024-55459
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...