Lucene search
K

6 matches found

Ubuntu
Ubuntu
added 2026/06/02 1:0 p.m.12 views

USN-8367-1: tar-fs vulnerabilities

It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this issue to write or overwrite files outside the intended extraction directory. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-12905 It was...

8.7CVSS6.2AI score0.02186EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.7 views

EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2026-1640)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn'...

5.9CVSS7.1AI score0.00438EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20374

Name of the Vulnerable Software and Affected Versions node-tar versions 7.5.7 and below node-tar version 7.5.8 Description The node-tar package contains a flaw where an attacker-controlled archive, when extracted using default options, can create a hardlink inside the extraction directory that...

8.8CVSS5.6AI score0.0034EPSS
Exploits1References222
GithubExploit
GithubExploit
added 2026/02/15 8:28 a.m.912 views

Exploit for CVE-2025-4138

CVE-2025-4138 / CVE-2025-4517Python tarfile Filter Bypass via PA...

9.8CVSS8.2AI score0.27095EPSS
Exploits16
OSV
OSV
added 2025/09/23 8:0 p.m.2 views

CVE-2025-59825 astral-tokio-tar has a path traversal in tar extraction

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which...

8.6CVSS7.3AI score0.00202EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2025/06/20 12:42 p.m.5 views

Security update for python39

This update for python39 fixes the following issues: python39 was updated from version 3.9.21 to version 3.9.23: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...

8.4CVSS6.1AI score0.01227EPSS
Exploits14References24
Rows per page
Query Builder