EUVD-2017-6293

Malware in sbrugna...

GHSA-2M9H-R57G-45PJ Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability

Summary A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. Details This vulnerability stems from a GitHub Actions workflow artifact name...

Rocky Linux 8 : file-roller (RLSA-2020:4820)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4820 advisory. - An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possib...

MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`

MITM can enable Zip-Slip...

Huawei EulerOS: Security Advisory for file-roller (EulerOS-SA-2021-1783)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4733-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

DEBIAN-CVE-2017-14120

unrar 0.0.1 aka unrar-free or unrar-gpl suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../filename are unpacked into the upper directory...