Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.8 views

Atlassian Confluence 7.19.x < 8.5.10 / 8.6.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.5.1 / 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101930)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101930 advisory. - tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...

8.7CVSS6.3AI score0.00516EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/24 6:57 p.m.3 views

Symlink Following

Overview org.webjars.npm:tar-fs is a filesystem bindings for tar-stream. Affected versions of this package are vulnerable to Symlink Following via the symlink validation process in the inCwd function. An attacker can write files outside the intended extraction directory by crafting a malicious...

8.7CVSS6.9AI score0.00516EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/24 6:57 p.m.2 views

Symlink Following

Overview tar-fs is a filesystem bindings for tar-stream. Affected versions of this package are vulnerable to Symlink Following via the symlink validation process in the inCwd function. An attacker can write files outside the intended extraction directory by crafting a malicious tarball that...

8.7CVSS7AI score0.00516EPSS
Exploits0References3
OSV
OSV
added 2025/09/24 6:15 p.m.1 views

DEBIAN-CVE-2025-59343

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...

8.7CVSS4.5AI score0.00516EPSS
Exploits0References1
OSV
OSV
added 2025/09/24 5:43 p.m.4 views

CVE-2025-59343 tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...

8.7CVSS6.4AI score0.00516EPSS
Exploits0References5
CVE
CVE
added 2025/09/24 5:43 p.m.52 views

CVE-2025-59343

CVE-2025-59343 affects tar-fs, which provides filesystem bindings for tar-stream. Reported in the initial document, versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to a symlink validation bypass when the destination directory is predictable with a specific tarball. The issue is patched ...

8.7CVSS6.5AI score0.00516EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/02 10:4 p.m.18 views

CVE-2025-48387

A flaw was found in tar-fs. This vulnerability allows files to be written outside the intended extraction directory via specially crafted tar archives. The issue arises from insufficient path validation during tarball extraction, potentially enabling path traversal attacks that can overwrite...

8.7CVSS7.3AI score0.00474EPSS
Exploits0References5
OSV
OSV
added 2025/06/02 8:15 p.m.2 views

DEBIAN-CVE-2025-48387

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...

8.7CVSS5.1AI score0.00474EPSS
Exploits0References1
NVD
NVD
added 2025/06/02 8:15 p.m.13 views

CVE-2025-48387

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...

8.7CVSS0.00474EPSS
Exploits0References4
Snyk
Snyk
added 2025/06/02 7:43 p.m.3 views

Improper Link Resolution Before File Access ('Link Following')

Overview org.webjars.npm:tar-fs is a filesystem bindings for tar-stream. Affected versions of this package are vulnerable to Improper Link Resolution Before File Access 'Link Following' through the exports.extract function. An attacker can manipulate the path of extracted files to write outside t...

8.7CVSS7.7AI score0.00474EPSS
Exploits0References3
CVE
CVE
added 2025/06/02 7:20 p.m.312 views

CVE-2025-48387

Summary of CVE-2025-48387 (tar-fs) : A path-traversal risk in tar-fs bindings for tar-stream affects releases prior to 3.0.9, 2.1.3, and 1.16.5, where extracting certain tarballs can write outside the intended directory. The issue has been fixed in 3.0.9, 2.1.3, and 1.16.5. As a workaround, you c...

8.7CVSS6.5AI score0.00474EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.2 views

PT-2025-39311

Name of the Vulnerable Software and Affected Versions tar-fs versions prior to 3.1.1 tar-fs versions prior to 2.1.3 tar-fs version 1.16.5 Description tar-fs provides filesystem bindings for tar-stream. Affected versions are susceptible to a symlink validation bypass if the destination directory i...

8.7CVSS5.8AI score0.00516EPSS
Exploits0References37
ATTACKERKB
ATTACKERKB
added 2011/04/06 5:55 p.m.4 views

CVE-2011-1652

The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement RA, and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct...

5CVSS5.6AI score0.12329EPSS
Exploits1References4
Rows per page
Query Builder