Lucene search
K

10 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 5:21 p.m.9 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS5.8AI score0.00388EPSS
Exploits0References5
CVE
CVE
added 2026/06/04 2:26 a.m.28 views

CVE-2026-41011

The CVE affects BOSH: all versions prior to v282.1.12 (inclusive). PackagePersister.validate_tgz constructs a tar command (tar -tf #{tgz}) using a name derived from release.MF without Shellwords.escape, and passes it to Bosh::Common::Exec.sh (via /bin/sh -c). The Models::Package validation runs a...

8.7CVSS5.8AI score0.00116EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/04/13 12:35 p.m.7 views

USN-8168-1: Rust vulnerability

It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the...

6.5CVSS6AI score0.00379EPSS
Exploits1
OSV
OSV
added 2026/04/01 1:44 p.m.8 views

USN-8139-1 rust-cargo-c vulnerability

It was discovered that tar-rs embedded in cargo-c incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside th...

6.5CVSS6AI score0.00379EPSS
Exploits1References2
NVD
NVD
added 2026/02/11 9:16 p.m.6 views

CVE-2026-26158

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

7CVSS0.0016EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/11 8:27 p.m.4 views

CVE-2026-26158

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

7CVSS5.8AI score0.0016EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.2 views

EulerOS 2.0 SP12 : python-pip (EulerOS-SA-2026-1099)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiati...

6.1CVSS6.9AI score0.02974EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/10 3:4 p.m.14 views

Security Bulletin: IBM Storage Defender: Data Protect critical vulnerabilities resolved in release Defender 2.1.0/Data Protect 7.3

Summary IBM Storage Defender: Data Protect critical vulnerabilities resolved in release Defender 2.1.0/Data Protect 7.3. The vulnerabilities have been addressed in Data Protect 7.3, which is included in IBM Storage Defender 2.1.0 Vulnerability Details CVEID:CVE-2025-20260 DESCRIPTION: A...

9.8CVSS8.6AI score0.73495EPSS
Exploits15Affected Software1
RedHat Linux
RedHat Linux
added 2022/06/28 7:58 a.m.6 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2018/04/29 8:24 p.m.5 views

source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...

8.8CVSS5.7AI score0.02418EPSS
Exploits0References5
Rows per page
Query Builder