Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36766

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

5.4AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.12 views

CVE-2026-49755

Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...

8.2CVSS0.00438EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.12 views

OpenBao 安全漏洞

OpenBao is an open-source sensitive data management software developed by OpenBao. Versions of OpenBao prior to 2.5.3 contained security vulnerabilities. These vulnerabilities stemmed from the ExtractPluginFromImage function in the OCI plugin downloader, which did not limit the number of bytes...

6.5CVSS5.8AI score0.00218EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/04 12:7 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

7.5CVSS5.6AI score0.00366EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/06/11 5:33 a.m.4 views

rubygems: Delete directory using symlink when decompressing tar

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files which now include path-checking code for symlinks, it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could...

8.8CVSS7.3AI score0.04212EPSS
Exploits1References4
Rows per page
Query Builder