Lucene search
K

7 matches found

OSV
OSV
added 2026/03/20 7:11 a.m.5 views

CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

5.1CVSS7AI score0.00379EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/07/31 12:0 a.m.14 views

SUSE SLES12 Security Update : devscripts (SUSE-SU-2024:2621-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2621-1 advisory. - CVE-2014-1833: Fixed symlink directory traversal in uupdate bsc861514 Tenable has extracted the preceding description block directly from...

5CVSS5.5AI score0.0373EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.2 views

SUSE CVE-2017-7500

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory ...

7.3CVSS8.3AI score0.00415EPSS
Exploits0References47
RedHat Linux
RedHat Linux
added 2022/06/28 7:58 a.m.6 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/05/06 12:0 a.m.41 views

RHEL 7 : rh-eclipse-jetty (RHSA-2021:1509)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1509 advisory. Jetty is a 100% Java HTTP Server and Servlet Container. The following packages have been upgraded to a later upstream version:...

7.8CVSS6.7AI score0.82371EPSS
Exploits9References10
Tenable Nessus
Tenable Nessus
added 2017/10/20 12:0 a.m.38 views

FreeBSD : arj -- multiple vulnerabilities (b95e5674-b4d6-11e7-b895-0cc47a494882)

Several vulnerabilities: symlink directory traversal, absolute path directory traversal and buffer overflow were discovered in the arj archiver. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML databa...

7.5CVSS5.6AI score0.05889EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2015/04/14 12:0 a.m.30 views

Fedora 20 : arj-3.10.22-22.fc20 (2015-5546)

Added patch from Debian to avoid free on invalid pointer due to a buffer overflow 1196751, 1207180 - Added patch from Debian for symlink directory traversal 1178824 - Added patch from Debian to fix the directory traversal via //multiple/leading/slash 1178824 Note that Tenable Network Security has...

7.5CVSS5.8AI score0.05889EPSS
Exploits2References7
Rows per page
Query Builder