Pear Archive_Tar 安全漏洞

Pear ArchiveTar is a PHP-based software developed by the PEAR team that allows for creating and extracting tar packages. Prior to version 3.08, Pear ArchiveTar had a security vulnerability. This vulnerability stemmed from the makespecialfile function, which passed the linkname of the tar header t...

perl: Fix of CVE-2018-12015

CVE-2018-12015: Archive::Tar path traversal — remove existing block-device or out-of-CWD symlink targets before overwriting during extraction...

Path Traversal

dbt-common is vulnerable to Path traversal. The vulnerability is due to the use of os.path.commonprefix for validating extraction paths, where commonprefix compares paths character‑by‑character rather than by path components, and an attacker can exploit this by providing a malicious tarball that...

OESA-2026-1280 python-wheel security update

A built-package format for Python. A wheel is a ZIP-format archive with a specially formatted filename and the .whl extension. It is designed to contain all the files for a PEP 376 compatible install in a way that is very close to the on-disk format. Security Fixes: wheel is a command line tool f...

EUVD-2021-2087

Malware in sbrugna...

EUVD-2022-49170

Malicious code in bioql PyPI...

CVE-2021-42556

Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file...

Linux Distros Unpatched Vulnerability : CVE-2024-54132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in...

GHSA-75MX-HW5Q-PVX3 python-libarchive directory traversal

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

Siemens COMOS XXE Injection Vulnerability (CNVD-2024-47911)

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. Siemens COMOS suffers from an XXE injection vulnerability that can be exploited by an...

AZL-50635 CVE-2024-5187 affecting package pytorch for versions less than 2.2.2-3

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

CVE-2023-5245

FileUtil.extract enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the savedmodel format and an exported tensorflow model, the apply function invokes th...

nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite

The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted...

CVE-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

Fedora Update for chmsee FEDORA-2008-8425

Check for the Version of chmsee OpenVAS Vulnerability Test Fedora Update for chmsee FEDORA-2008-8425 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...