Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tar project tar vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-38511
An issue exists in the tar crate prior to 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
Tar Project Tar
10
CVSSv2
CVE-2021-38197
unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.
Go-unarr Project Go-unarr 0.1.1
5.8
CVSSv2
CVE-2021-32803
The npm package "tar" (aka node-tar) prior to 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is no...
Tar Project Tar
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
5.8
CVSSv2
CVE-2021-32804
The npm package "tar" (aka node-tar) prior to 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into ...
Tar Project Tar
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
1 Github repository
7.1
CVSSv2
CVE-2021-20291
A deadlock vulnerability was found in 'github.com/containers/storage' in versions prior to 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected ...
Storage Project Storage
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.5
CVSSv2
CVE-2021-21251
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarU...
Onedev Project Onedev
6.4
CVSSv2
CVE-2018-20990
An issue exists in the tar crate prior to 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
Tar Project Tar
6.4
CVSSv2
CVE-2018-20835
A vulnerability was found in tar-fs prior to 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file co...
Tar-fs Project Tar-fs
27 Github repositories
6.4
CVSSv2
CVE-2018-20834
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as...
Node-tar Project Node-tar
4 Github repositories
7.5
CVSSv2
CVE-2018-1000517
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appear...
Busybox Busybox
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »