CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

Extract 安全漏洞

Extract is a Go library open-sourced by codeclysm. It is used to extract archives in zip, tar.gz or tar.bz2 format. A security vulnerability exists in Extract versions prior to 4.0.0, which stems from a maliciously constructed archive file that allows an attacker to create symbolic links outside ...

USN-5179-2 busybox vulnerability

USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially...

USN-5179-2: BusyBox vulnerability

USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially...