Lucene search
+L

12 matches found

nessus
nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-29509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12,...

5.4CVSS6.2AI score0.00285EPSS
Exploits0References3
osv
osv
added 2026/06/26 8:16 p.m.4 views

DEBIAN-CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
nvd
nvd
added 2026/06/26 8:16 p.m.6 views

CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS0.00285EPSS
Exploits0References3
osv
osv
added 2026/06/26 8:16 p.m.5 views

UBUNTU-CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/26 7:31 p.m.6 views

CVE-2026-29509 Patool < 4.0.5 Path Traversal via safe_extract() Function

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/26 7:31 p.m.6 views

CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References4
osv
osv
added 2026/06/26 7:31 p.m.4 views

CVE-2026-29509 Patool < 4.0.5 Path Traversal via safe_extract() Function

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.3CVSS6.1AI score0.00285EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/26 7:31 p.m.30 views

CVE-2026-29509 Patool < 4.0.5 Path Traversal via safe_extract() Function

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS0.00285EPSS
Exploits0References3
euvd
euvd
added 2026/06/26 7:31 p.m.8 views

EUVD-2026-39879

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References3
debiancve
debiancve
added 2026/06/26 7:31 p.m.6 views

CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0
cve
cve
added 2026/06/26 7:31 p.m.29 views

CVE-2026-29509

Patool before 4.0.5 is vulnerable to a path traversal in the safe_extract() function (patoolib/programs/py_tarfile.py). The is_within_directory() helper uses character-level comparison via os.path.commonprefix(), not path-level checks, allowing a crafted archive member path to bypass containment ...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.15 views

PT-2026-52897

Name of the Vulnerable Software and Affected Versions Patool versions prior to 4.0.5 Description A path traversal issue exists in the safe extract function within patoolib/programs/py tarfile.py when used with Python versions before 3.12. The is within directory helper function utilizes...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References5
Rows per page
Query Builder