Lucene search
+L

39 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.17 views

Ubuntu 24.04 LTS : ONNX vulnerability (USN-8307-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8307-1 advisory. It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to...

8.8CVSS7.5AI score0.01168EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/15 4:4 p.m.60 views

CVE-2026-46383 Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

5.5CVSS0.0061EPSS
Exploits0References1
NVD
NVD
added 2026/04/10 5:17 p.m.6 views

CVE-2026-40157

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmdunpack in the recipe CLI extracts .praison tar archives using raw tar.extract without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who...

9.4CVSS0.00379EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.9 views

PT-2026-31994

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAI is a multi-agent teams system. The cmd unpack function in the recipe CLI extracts .praison tar archives using tar.extract without validating archive member paths. A malicious .praison...

9.4CVSS5.9AI score0.00379EPSS
Exploits1References11
NVD
NVD
added 2026/03/18 11:17 p.m.5 views

CVE-2025-15031

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

9.1CVSS0.00852EPSS
Exploits1References4
NVD
NVD
added 2026/03/05 10:16 p.m.6 views

CVE-2026-28453

OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, allowing path traversal sequences to write files outside the intended directory. Attackers can craft malicious archives with traversal sequences like ../../ to write files outside extraction boundarie...

9.8CVSS0.00409EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 9:20 p.m.22 views

CVE-2026-28406

CVE-2026-28406 affects kaniko up to 1.25.10. During tar extraction, build context archives were unpacked with filepath.Join(dest, cleanedName) without ensuring the final path stays inside dest, allowing a tar entry like ../outside.txt to escape the extraction root and write files outside the dest...

8.5CVSS6.3AI score0.00613EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.5 views

SUSE CVE-2026-24843

melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries...

8.4CVSS5.3AI score0.00167EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.5 views

CVE-2026-24843

melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries...

8.4CVSS5.3AI score0.00167EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/03 12:0 a.m.8 views

melange QEMU runner could write files outside workspace directory

An attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries without validating that paths stay within the workspace, allowing Path Traversal via ../ sequences...

8.4CVSS5.4AI score0.00167EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.7 views

CVE-2026-24909

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 12:31 a.m.3 views

GHSA-GF2C-JWCJ-X929 vlt Mishandles Path Sanitization for tar

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/27 10:14 p.m.5 views

CVE-2026-24909

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References5
OSV
OSV
added 2026/01/27 10:14 p.m.6 views

CVE-2026-24909

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : cpio-2.11-28.el7 (AXSA:2020-579:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-579:01 advisory. CVE-2019-14866 In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archiv...

7.3CVSS8.2AI score0.00686EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.7 views

AlmaLinux 9 : tar (ALSA-2026:0067)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:0067 advisory. tar: Tar path traversal CVE-2025-45582 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Nessus has no...

4.1CVSS6.7AI score0.00433EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/01/12 2:39 a.m.9 views

tar: Tar path traversal

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...

4.1CVSS5.8AI score0.00433EPSS
Exploits1References7
Rockylinux
Rockylinux
added 2026/01/06 9:4 a.m.8 views

tar security update

An update is available for tar. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The GNU tar program can save multiple files in an archive and restore files from ...

4.1CVSS6.9AI score0.00433EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.2 views

RockyLinux 10 : tar (RLSA-2026:0002)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0002 advisory. tar: Tar path traversal CVE-2025-45582 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Nessus has...

4.1CVSS6.7AI score0.00433EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.11 views

CVE-2025-66262

Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Tar extraction with -C / allow arbitrary file overwrite via crafted archive...

9.8CVSS7.4AI score0.01274EPSS
Exploits1References1
Rows per page
Query Builder