5 matches found
PT-2025-44433
Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The keras.utils.get file API in Keras is susceptible to a path traversal issue when the extract=True option is used with tar archives. The utility employs Python’s tarfile.extractall function...
CVE-2021-35958
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.getfile is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.getfile is not intended for untrusted archives...
Exim 缓冲区错误漏洞
Opera Software Opera is a Norwegian web browser from Opera Software that supports multi-window browsing, customizable user interfaces, etc. Exim is an open source messaging agent MTA that runs on Unix systems and is responsible for routing, forwarding, and delivering mail. Exim suffers from a...
The vulnerability of the unarj library, which provides data archiving, allows attackers to re-record any files they choose.
The vulnerability of the -x command line option for extracting the unarj library, which handles data archiving, is related to deficiencies in path name restrictions. Exploiting this vulnerability allows a malicious actor to overwrite arbitrary files using an arj archive with file names containing...
PT-2004-1119 · Unarj · Unarj
Name of the Vulnerable Software and Affected Versions: unarj affected versions not specified Description: The issue is related to a directory traversal vulnerability in the -x extract command line option. This vulnerability allows remote attackers to overwrite arbitrary files by using an arj...