Lucene search
K

11 matches found

Github Security Blog
Github Security Blog
added 2026/06/16 2:33 p.m.22 views

Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability

Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Formats.Tar. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability exists in the...

6.2CVSS5.6AI score0.00388EPSS
Exploits0References5Affected Software3
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-11762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an...

5.9CVSS6.6AI score0.05449EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/02 7:20 p.m.6 views

CVE-2025-48387 tar-fs has issue where extract can write outside the specified dir with a specific tarball

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...

8.7CVSS7.2AI score0.00474EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.2 views

SUSE CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

5.9CVSS6.1AI score0.05449EPSS
Exploits0References3
OSV
OSV
added 2018/10/17 3:49 p.m.4 views

GHSA-W6G3-V46Q-5P28 Moderate severity vulnerability that affects org.apache.tika:tika-core

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

5.9CVSS7.1AI score0.05449EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2018/10/17 3:49 p.m.34 views

Moderate severity vulnerability that affects org.apache.tika:tika-core

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

5.9CVSS2.4AI score0.05449EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2018/09/20 3:32 a.m.25 views

Arbitrary File Overwrite

Apache tika-app is vulnerable to arbitrary file overwrite. An input file that has an embedded file containing an absolute path such as C:/evil.dll will cause the application to overwrite the file when the extract directory tag --extract-dir= is not specified on the commandline...

5.9CVSS6.1AI score0.05449EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2018/09/19 2:29 p.m.36 views

CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

5.9CVSS5.5AI score0.05449EPSS
Exploits0References2
Prion
Prion
added 2018/09/19 2:29 p.m.22 views

Path traversal

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

5.8CVSS5.8AI score0.05449EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/09/19 2:29 p.m.2 views

DEBIAN-CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

5.9CVSS6.8AI score0.05449EPSS
Exploits0References1
OSV
OSV
added 2018/09/19 2:29 p.m.2 views

UBUNTU-CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

5.9CVSS6.6AI score0.05449EPSS
Exploits0References4
Rows per page
Query Builder