Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.46 views

Python 3.10.x / 3.11.x / 3.12.x / 3.13.x < 3.13.14 / 3.14.x < 3.14.6 Path Traversal

The version of Python installed on the remote Windows host is affected by a path traversal vulnerability. tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction...

6.9CVSS5.3AI score0.00606EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/06 2:54 a.m.10 views

SUSE CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS5.4AI score0.00606EPSS
Exploits0References3
OSV
OSV
added 2026/06/04 4:16 p.m.13 views

UBUNTU-CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS5.3AI score0.00606EPSS
Exploits0References4
CVE
CVE
added 2026/06/04 2:21 p.m.51 views

CVE-2026-7774

The CVE-2026-7774 entry concerns tarfile.data_filter in Python's tarfile handling. Crafted link entries, including symlinks with empty or directory-like names, can bypass checks to cause tarfile.extractall() to write files outside the intended extraction directory, limited by the extractor's perm...

6.9CVSS5.8AI score0.00606EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:21 p.m.6 views

CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS5.8AI score0.00606EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/04 2:21 p.m.7 views

CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS5.8AI score0.00606EPSS
Exploits0References3
OSV
OSV
added 2026/06/04 2:21 p.m.8 views

PSF-2026-26

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS5.8AI score0.00606EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/04 2:21 p.m.8 views

CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS5.8AI score0.00606EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/04 2:21 p.m.59 views

CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS0.00606EPSS
Exploits0References8
Rows per page
Query Builder