Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tar project tar vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-32840
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in ve...
Sharpziplib Project Sharpziplib
9.8
CVSSv3
CVE-2021-38197
unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.
Go-unarr Project Go-unarr 0.1.1
9.8
CVSSv3
CVE-2018-1000517
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appear...
Busybox Busybox
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
9.8
CVSSv3
CVE-2015-0857
Cool Projects TarDiff allows remote malicious users to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
Tardiff Project Tardiff -
Debian Debian Linux 8.0
9.1
CVSSv3
CVE-2020-36566
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Tar-utils Project Tar-utils
8.8
CVSSv3
CVE-2021-21251
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarU...
Onedev Project Onedev
8.1
CVSSv3
CVE-2021-32803
The npm package "tar" (aka node-tar) prior to 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is no...
Tar Project Tar
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
8.1
CVSSv3
CVE-2021-32804
The npm package "tar" (aka node-tar) prior to 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into ...
Tar Project Tar
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
1 Github repository
8.1
CVSSv3
CVE-2016-3180
Tor Browser Launcher (aka torbrowser-launcher) prior to 0.2.4, during the initial run, allows man-in-the-middle malicious users to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signatur...
Tor Browser Launcher Project Tor Browser Launcher 0.2.3
7.8
CVSSv3
CVE-2023-37476
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all...
Openrefine Openrefine
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »