8 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-7774
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outsid...
EUVD-2015-8785
Malware in sbrugna...
BIT-LIBPYTHON-2025-4517 Arbitrary writes via tarfile realpath overflow
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...
Debian DLA-2337-1 : python2.7 security update
Multiple vulnerabilities were discovered in Python2.7, an interactive high-level object-oriented language. CVE-2018-20852 By using a malicious server an attacker might steal cookies that are meant for other domains. CVE-2019-5010 NULL pointer dereference using a specially crafted X509 certificate...
EulerOS Virtualization for ARM 64 3.0.5.0 : cpio (EulerOS-SA-2020-1056)
According to the version of the cpio package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - cpio does not properly validate the values written in the header of a TAR file through the tooct function. When creating a T...
UBUNTU-CVE-2017-12378
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar Tape Archive files...
DEBIAN-CVE-2016-9888
An error within the "tardirectoryforfile" function gsf-infile-tar.c in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file...
CVE-2015-0857
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a 1 tar file or 2 file within a tar file...