Lucene search
K

25 matches found

OSV
OSV
added 2026/06/02 8:30 a.m.5 views

CLSA-2026-1780388996 Fix CVE(s): CVE-2026-46483

SECURITY UPDATE: OS command injection in tarVimuntar in runtime/autoload/tar.vim via crafted .tgz filename use shellescapetartail, 1 for :! commands - debian/patches/CVE-2026-46483.patch: OS command injection in tarVimuntar in runtime/autoload/tar.vim via crafted .tgz filename use...

7CVSS5.8AI score0.00552EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/04 6:4 a.m.11 views

Directory Traversal

Overview @budibase/types is a Budibase types Affected versions of this package are vulnerable to Directory Traversal via the fileUpload and the createTempFolder function. An attacker can delete arbitrary directories and write files to any location accessible by the Node.js process by uploading a...

8.7CVSS6.5AI score0.00554EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:59 p.m.3 views

CVE-2026-26058

Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...

6.1CVSS6AI score0.00237EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2025/11/19 8:30 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the extractPackageTarball function. An attacker can write arbitrary files to unintended locations on the server by supplying a malicious tarball with crafted file paths and leveraging the X-Npmrc header to specify...

9.8CVSS7.5AI score0.00499EPSS
Exploits1References2
Veracode
Veracode
added 2025/11/06 8:58 a.m.8 views

Symlink Validation Bypass

tar-fs is vulnerable to symlink validation bypass. The vulnerability is due to improper validation of symbolic links during tar extraction, which allows an attacker to overwrite arbitrary files if the destination directory is predictable with a crafted tarball...

8.7CVSS7.5AI score0.00516EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-7100

Malware in sbrugna...

8.8CVSS8.5AI score0.01797EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.4 views

tar-fs has issue where extract can write outside the specified dir with a specific tarball

...

8.7CVSS5.8AI score0.00474EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.2 views

SUSE CVE-2013-6888

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball...

7.5CVSS7.6AI score0.04094EPSS
Exploits0References4
OSV
OSV
added 2020/08/26 6:22 p.m.5 views

OPENSUSE-SU-2020:1265-1 Security update for python3

This update for python3 fixes the following issues: - bsc1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. This update was imported from the SUSE:SLE-15:Update update project...

7.5CVSS8.6AI score0.06304EPSS
Exploits0References3
OSV
OSV
added 2020/08/19 11:24 a.m.6 views

SUSE-SU-2020:2277-1 Security update for python3

This update for python3 fixes the following issues: - bsc1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball...

7.5CVSS7.7AI score0.06304EPSS
Exploits0References3
OSV
OSV
added 2019/12/03 11:15 p.m.2 views

DEBIAN-CVE-2013-7325

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...

8.8CVSS8.7AI score0.01797EPSS
Exploits0References1
NVD
NVD
added 2019/12/03 11:15 p.m.29 views

CVE-2013-7325

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...

8.8CVSS8.8AI score0.01797EPSS
Exploits0References3
Prion
Prion
added 2019/12/03 11:15 p.m.17 views

Code injection

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...

6.5CVSS7.9AI score0.01797EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2019/12/03 11:15 p.m.22 views

CVE-2013-7325

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...

8.8CVSS7.5AI score0.01797EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/12/03 10:23 p.m.29 views

CVE-2013-7325

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...

8.8AI score0.01797EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2019/12/03 10:23 p.m.22 views

CVE-2013-7325

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...

8.8CVSS8.8AI score0.01797EPSS
Exploits0
CNVD
CNVD
added 2019/08/08 12:0 a.m.2 views

Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A Web Portal Arbitrary File Read vulnerability exists in Cisco Enterprise NF...

6.8CVSS6.8AI score0.01892EPSS
Exploits0References1
OSV
OSV
added 2014/01/07 5:4 p.m.1 views

DEBIAN-CVE-2013-6888

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball...

7.5CVSS7.9AI score0.04094EPSS
Exploits0References1
OSV
OSV
added 2014/01/07 5:4 p.m.9 views

CVE-2013-6888

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball...

8.8AI score
Exploits0References8
Prion
Prion
added 2014/01/07 5:4 p.m.22 views

Code injection

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball...

7.5CVSS7.9AI score0.04094EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder