Lucene search
K

26 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

Atlassian Confluence 7.19.0 < 8.5.10 / 8.6.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.5.1 / 10.0.x < 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101478)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101478 advisory. - An Improper Link Resolution Before File Access Link Following and Improper Limitation of a Pathname to a Restricted Directory Path Traversal. Thi...

7.5CVSS6.4AI score0.02186EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0987

Malware in sbrugna...

7.5CVSS7.5AI score0.0183EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-16687

Malicious code in bioql PyPI...

8.7CVSS4.8AI score0.00474EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-42163

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01239EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54315

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.02186EPSS
Exploits2References4
OSV
OSV
added 2025/08/11 1:53 p.m.9 views

BIT-LIBPYTHON-2025-4517 Arbitrary writes via tarfile realpath overflow

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS8AI score0.01184EPSS
Exploits11References13
OSV
OSV
added 2025/08/11 1:53 p.m.6 views

BIT-LIBPYTHON-2025-4435 Tarfile extracts filtered members when errorlevel=0

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

7.5CVSS7.1AI score0.00474EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2025/07/07 11:25 a.m.5 views

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

7.5CVSS6.6AI score0.01109EPSS
Exploits7References10
OSV
OSV
added 2025/06/03 1:15 p.m.9 views

ALPINE-CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS8AI score0.01184EPSS
Exploits11References1
OSV
OSV
added 2025/03/27 5:15 p.m.1 views

DEBIAN-CVE-2024-12905

An Improper Link Resolution Before File Access "Link Following" and Improper Limitation of a Pathname to a Restricted Directory "Path Traversal". This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intend...

7.5CVSS5.8AI score0.02186EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/03/27 4:25 p.m.8 views

CVE-2024-12905

An Improper Link Resolution Before File Access "Link Following" and Improper Limitation of a Pathname to a Restricted Directory "Path Traversal". This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intend...

7.5CVSS7.2AI score0.02186EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.10 views

GluonCV Arbitrary File Write via TarSlip

A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...

7.1CVSS6.9AI score0.00293EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/20 12:32 p.m.6 views

GHSA-M724-HQMC-GGPX GluonCV Arbitrary File Write via TarSlip

A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...

7.1CVSS7.2AI score0.00293EPSS
Exploits0References4
Veracode
Veracode
added 2025/01/14 3:47 a.m.18 views

Arbitrary File Write

keras is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of downloaded tar files in the getfile function. When the function extracts the tar file, it does not properly validate or sanitize the file paths, allowing attackers to write files to arbitrary locations o...

6.5CVSS6.8AI score0.00221EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/10/15 6:15 a.m.6 views

CVE-2024-0129

NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering...

7.8CVSS7.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/15 5:39 a.m.16 views

CVE-2024-0129

NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering...

6.3CVSS7.4AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/06 6:45 p.m.12 views

CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS7.7AI score0.01168EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/09/22 12:0 a.m.21 views

CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

8.8AI score0.01239EPSS
Exploits1References3
OSV
OSV
added 2022/01/26 9:15 p.m.15 views

CVE-2021-32840

SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3...

9.8CVSS7.6AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/01/26 9:15 p.m.24 views

CVE-2021-32840

SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3...

9.8CVSS7.2AI score0.01959EPSS
Exploits1References4
Rows per page
Query Builder