Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu tar vulnerabilities and exploits
(subscribe to this query)
892
VMScore
CVE-2005-2541
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote malicious users to gain privileges.
Gnu Tar 1.15.1
6 Github repositories
755
VMScore
CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Gnu Tar
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
1 EDB exploit
755
VMScore
CVE-1999-0997
wu-ftp with FTP conversion enabled allows an malicious user to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
Millenux Gmbh Anonftp 2.8.1
University Of Washington Wu-ftpd 2.5.0
University Of Washington Wu-ftpd 2.6.0
University Of Washington Wu-ftpd 2.4.2
Redhat Linux 6.1
Redhat Linux 5.2
Redhat Linux 6.0
1 EDB exploit
668
VMScore
CVE-2016-2148
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox prior to 1.25.0 allows remote malicious users to have unspecified impact via vectors involving OPTION_6RD parsing.
Busybox Busybox
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
668
VMScore
CVE-1999-0202
The GNU tar command, when used in FTP sessions, may allow an malicious user to execute arbitrary commands.
University Of Washington Wu-ftpd 2.4.1
614
VMScore
CVE-2019-14866
In all versions of cpio prior to 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths ...
Gnu Cpio
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
605
VMScore
CVE-2010-0624
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar prior to 1.23 and GNU cpio prior to 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending mor...
Gnu Tar 1.13.16
Gnu Tar 1.13.17
Gnu Tar 1.14.90
Gnu Tar 1.15
Gnu Tar 1.18
Gnu Tar 1.17
Gnu Cpio 2.5
Gnu Cpio 2.5.90
Gnu Tar 1.13.11
Gnu Tar 1.13.14
Gnu Tar 1.14
Gnu Tar 1.14.1
Gnu Tar 1.20
Gnu Tar 1.19
Gnu Cpio 1.3
Gnu Cpio 2.4-2
Gnu Tar
Gnu Cpio
Gnu Tar 1.13.18
Gnu Tar 1.13.19
Gnu Tar 1.15.1
Gnu Tar 1.15.90
1 Github repository
605
VMScore
CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote malicious users to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Gnu Tar 1.13.19
Gnu Tar 1.13.25
Gnu Tar 1.15.91
Gnu Tar 1.16
Gnu Tar 1.13
Gnu Tar 1.13.5
Gnu Tar 1.14
Gnu Tar 1.13.16
Gnu Tar 1.13.17
Gnu Tar 1.13.18
Gnu Tar 1.15.1
Gnu Tar 1.15.90
Gnu Tar 1.13.11
Gnu Tar 1.13.14
Gnu Tar 1.14.90
Gnu Tar 1.15
580
VMScore
CVE-2017-16544
In the add_match function in libbb/lineedit.c in BusyBox up to and including 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could pot...
Busybox Busybox
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Vmware Esxi 6.0
Vmware Esxi 6.5
Vmware Esxi 6.7
Redlion N-tron 702-w Firmware
Redlion N-tron 702m12-w Firmware
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
454
VMScore
CVE-2006-0300
Buffer overflow in tar 1.14 up to and including 1.15.90 allows user-assisted malicious users to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Gnu Tar 1.14.1
Gnu Tar 1.15
Gnu Tar 1.15.1
Gnu Tar 1.15.90
Gnu Tar 1.14
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »