21 matches found
CLSA-2026-1780388996 Fix CVE(s): CVE-2026-46483
SECURITY UPDATE: OS command injection in tarVimuntar in runtime/autoload/tar.vim via crafted .tgz filename use shellescapetartail, 1 for :! commands - debian/patches/CVE-2026-46483.patch: OS command injection in tarVimuntar in runtime/autoload/tar.vim via crafted .tgz filename use...
Directory Traversal
Overview @budibase/types is a Budibase types Affected versions of this package are vulnerable to Directory Traversal via the fileUpload and the createTempFolder function. An attacker can delete arbitrary directories and write files to any location accessible by the Node.js process by uploading a...
CVE-2026-26058
Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the extractPackageTarball function. An attacker can write arbitrary files to unintended locations on the server by supplying a malicious tarball with crafted file paths and leveraging the X-Npmrc header to specify...
Symlink Validation Bypass
tar-fs is vulnerable to symlink validation bypass. The vulnerability is due to improper validation of symbolic links during tar extraction, which allows an attacker to overwrite arbitrary files if the destination directory is predictable with a crafted tarball...
tar-fs has issue where extract can write outside the specified dir with a specific tarball
...
SUSE CVE-2013-6888
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball...
OPENSUSE-SU-2020:1265-1 Security update for python3
This update for python3 fixes the following issues: - bsc1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. This update was imported from the SUSE:SLE-15:Update update project...
CVE-2013-7325
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...
DEBIAN-CVE-2013-7325
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...
Code injection
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...
CVE-2013-7325
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...
CVE-2013-7325
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...
CVE-2013-6888
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball...
DEBIAN-CVE-2013-6888
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball...
Code injection
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball...
CVE-2013-6888
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball...
CVE-2013-6888
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball...
CVE-2012-0211
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original .orig source tarball of a source package...
CVE-2011-4596
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted 1 tarball or 2 manifest...