Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/18 7:54 p.m.17 views

CVE-2026-49248 OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...

8.3CVSS0.00382EPSS
Exploits0References2
NVD
NVD
added 2026/01/27 9:15 a.m.11 views

CVE-2026-1464

Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManager app/src/main/java/org/apache/commons/compress/archivers/tar modules. This vulnerability is associated with program files TarUtils.Java. This issue affects AppManager: before 4.0.4...

4.6CVSS0.00126EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/27 8:18 a.m.32 views

CVE-2026-1464 A possible integer overflow vulnerability in RawTherapee/RawTherapee

Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManager app/src/main/java/org/apache/commons/compress/archivers/tar modules. This vulnerability is associated with program files TarUtils.Java. This issue affects AppManager: before 4.0.4...

4.6CVSS0.00126EPSS
Exploits0References1
OSV
OSV
added 2026/01/27 8:18 a.m.6 views

CVE-2026-1464 A possible integer overflow vulnerability in RawTherapee/RawTherapee

Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManager app/src/main/java/org/apache/commons/compress/archivers/tar modules. This vulnerability is associated with program files TarUtils.Java. This issue affects AppManager: before 4.0.4...

4.6CVSS5.9AI score0.00126EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/03/21 5:49 p.m.1 views

Security update for libarchive

This update for libarchive fixes the following issues: CVE-2025-25724: Fixed buffer overflow vulnerability in function listitemverbose in tar/util.c bsc1238610. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

4CVSS4.7AI score0.00337EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.7 views

tar-utils 路径遍历漏洞

tar-utils is a set of tar utilities from the go-ipfs codebase by the individual developer Whyrusleeping. A path traversal vulnerability exists in tar-utils, which stems from an incorrect path, where an archive file containing a relative file path could result in a file being written or overwritte...

9.1CVSS8.2AI score0.01023EPSS
Exploits0References4
Rows per page
Query Builder